Online Shoppers’ Confidence Act affects recurring billing

S. 3386: Restore Online Shoppers’ Confidence Act targets two ecommerce problems. One problem is sending consumer card data to third parties after the sale, for the purpose of an additional sale from another company, typically for a recurring billing item. The second issue addresses opting out of recurring billing purchases made online. This article addresses the second part.

Excerpt from Text of S. 3386: Restore Online Shoppers’ Confidence Act

(c) Limitations on Use of Negative Option Feature in Internet-Based Sales Transactions- It shall be unlawful for any person to charge or attempt to charge any consumer for any goods or services sold in a transaction effected on the Internet through a negative option feature, unless–

(1) before obtaining the purchaser’s initial agreement to participate in the negative option plan, the seller has clearly and conspicuously disclosed all material terms of the transaction, including–

(A) the name of the entity offering the goods or services;

(B) a description of the goods or services being offered;

(C) the cost of such goods or services;

(D) notice of when billing will begin and at what intervals the charges will occur; and

(E) the length of any trial period, including a statement that the consumer’s account will be charged unless the consumer takes affirmative action and the steps the consumer must take to the avoid the charge;

(2) the seller has obtained the express informed consent described in subsection (a)(2) from the purchaser before charging or attempting to charge the purchaser’s credit card, debit card, bank account, or other financial account on a recurring basis;

(3) the seller enables the purchaser to stop recurring charges from being made to the purchaser’s credit card, debit card, bank account, or other financial account through a simple process that is available via–

(A) the Internet; and

(B) telephone; and

(4) not less than 10 days prior to the initiation of each charge to a purchaser’s credit card, debit card, bank account, or other financial account, the seller has sent the purchaser an e-mail (at an e-mail account provided by the consumer) that clearly and conspicuously discloses–

(A) that a charge will be made to the consumer’s credit card, debit card, bank account, or other financial account;

(B) the amount of the charge and a description of the goods and services for which the consumer will be charged; and

(C) instructions for stopping recurring charges in accordance with the requirements of paragraph (3).

END EXCERPT

In my opinion, some form of this legislation is likely to be approved and merchants should prepare for it.

Here’s an example of a common business recurring billing charge:

Thank you for your payment. Here is your receipt as requested for YOURDOMAIN.com.

Please note that a payment made by credit card will show as paid to  ISP HOST COMPANY on your credit card statement.
Billing Address

YOUR NAME AND ADDRESS
Payment Information
Total Payment Amount: $8.57

Payment Method: MasterCard – CC#5XXXXXXXXXXX1234
Payment Date: 6/10/2010 Paid Through: 7/10/2010.
Plan Fee – 6/10/2010 to 7/10/2010 – $7.95
Domain [mydomain.com]
Account Billing can be accessed from www.ispdummyhost.com
Click on “Billing Admin” from the “Customer Admin/Billing” menu.

If you have any questions regarding this receipt or have billing questions in general, please send an email to service@ispdummyhostingcompany.com.

ISP HOST COMPANY

1234 holiday lane.
Anywhere USA AZ 12345
1-888*123-1234

If legislation is approved:

The biller will need to notify the customer 10 days in advance instead of just sending a receipt for the purchase. This means TWO emails will need to be generated. One before the sale and one after with the receipt.

Additionally, some language changes may be needed to be perfectly clear:

BILLING CYCLE: MONTHLY
BILLING DATE: 10th of month
CANCELLATION: To cancel your service, please login to your account or call 888*888*8888.
Account Billing can be accessed from www.isphost.com
Click on “Billing Admin” from the “Customer Admin/Billing” menu.

If you have any questions regarding this receipt or have billing questions in general, please send an email to customerservice@isphostingcompany.com.

Article reference:

Rockefeller Introduces Bill to Ban Misleading Internet Sales Practices Uncovered By E-Commerce Investigation

Restore Online Shoppers Confidence Act

Bigcommerce Vs Volusion shopping cart review

Bigcommerce is really not much of a comparison with Volusion shopping cart. They’ve gone to great lengths to market their cart with online buzz as being better, however, if you dig in, Bigcommerce doesn’t even come close. I’m writing this article because someone, maybe their PR team, has flooded the internet with this supposedly ‘better’ shopping cart.

If you have a small business and your own inventory, yes, it just might work for you with the built in SEO. I opened a test account and quickly realized how much is missing from the Bigcommerce features. As always, every cart has it’s pros and cons. There’s too much missing from Bigcommerce for me to spend all the time writing it up. I could barely get past the first section- customers.

bigcommerce vs volusion

To be fair, Bigcommerce does have some of these fields. The difference is Volusion has a single screen where you can record all your customer information and notes. The image below is only a portion of that screen:

volusion customers

Big commerce customer screen:
bigcommerce customers

What else is missing in Bigcommerce?
– NO option to drop ship.
– NO place to list your vendors ( since no drop shipping, they probably saw no reason to have this along with warehouses and receiving inventory from the PO’s)
– NO place to issue purchase orders. I guess they assume everyone is using an offline program. Bigcommerce does have low level inventory alert option.

Less critical missing items:
– no affiliate program built in
– the forum has tons of unanswered questions. In Volusion’s forum, most will have replies same day, if not minutes or hours.
– I didn’t see a way to enable free shipping over a certain dollar amount
– I think it’s more cumbersome to add and modify products. Bigc uses many tabs, Volusion uses a long page. I think it’s easier and more intuitive to get around Volusion admin than BigC. With BigC, you click on product name in admin and it takes you to the live page. You have to click on a teeny EDIT text in the far right of your screen to get to edit it. In Volusion the linked text to edit is on the left where you naturally have your mouse.

What does bigcommerce and Interspire do better?
Much easier to create the design you want, including easy to modify templates.
Statistics- Which products are selling best? Who are the best customers. This is simple with Bigcommerce, but not readily available with Volusion. Maybe you can see if you use custom options, but again, not easily.
– built in banner program for the store
– SEO tools. Volusion has good SEO set up, but Bigc has more.
The product page layout is far better right out of the box, including reviews.

PAYMENTS

In addition to the usual, Volusion has recurring billing and users can easily change their payment method. Merchants can easily collect more money right on the order page if the order is modified later (with customer permission and card details). Either site has the same needs to accept payments for an online store.
Bigcommerce states “We expect to have our compliance this coming May 2010”.

“Harper says BigCommerce’s main competitor is Yahoo Inc.’s Yahoo Merchant Solutions, also known as Yahoo Store, an e-commerce platform popular among small or start up e-retailers. He predicts that his company will grow from 3,000 to 13,000 clients by the end of the year and that they’ll mostly be e-retailers with fewer than 20 employees. He expects about 25% will have switched from a competitor.”

I could go on. Bigcommerce is a big solution for small niche companies. It does have some great features. But you need to know what’s missing before you start. Does it really have what your business needs. And check for PCI Compliance.

Chase Paymentech and Kount Join Forces to Combat Fraud for ECommerce Merchants

DALLAS and BOISE, Idaho (March 15, 2010) — Chase Paymentech, a leading merchant acquirer and payment processor, and Kount, a Boise, Idaho-based company that specializes in card-not-present (CNP) fraud prevention, today announced an agreement to offer a comprehensive suite of fraud detection, management and prevention tools for merchants.

Chase Paymentech processes a significant share of global CNP payments, in a wide variety of payment methods, and authorizes transactions in more than 130 currencies. Its expertise and fault tolerant infrastructure, paired with Kount’s advanced fraud prevention technology, will introduce a new class of fraud management tools that will significantly improve the reliability and security of card-not-present transactions.

The ability to provide merchants with a real-time fraud score at the time of bank authorization will deliver unparalleled value. This benefit coupled with dynamic order linking, device fingerprinting, proxy piercing and other Kount capabilities will allow merchants to accurately detect and reject a significantly higher percentage of fraudulent orders, saving merchants costly chargeback fees and fines associated with fraud.

“This alliance underscores our commitment to provide merchants with the tools they need to significantly improve and sustain financial performance. Our partnership with Kount offers merchants the first truly integrated fraud-monitoring tool at the point of transaction authorization. This is a significant step toward a global effort to reduce CNP fraud,” said Chase Paymentech president Mike Duffy.

“The result of our partnership with Chase Paymentech will be a new class of tools and utilities for controlling card-not-present fraud,” said Kount CEO Brad Wiskirchen. “The comprehensive suite of products will give merchants a new level of certainty that current and future forms of fraud can be controlled.”

About Chase Paymentech
Chase Paymentech, a subsidiary of JPMorgan Chase (JPMC), is a global leader in payment processing and merchant acquiring, capable of authorizing transactions in more than 130 currencies. The company’s proprietary platforms provide access to a wide variety of payment methods, such as credit cards, debit cards, prepaid stored value cards and electronic check processing. In 2009, Chase Paymentech processed more than 18 billion transactions with a value exceeding $409.7 billion, including an estimated half of all global Internet transactions. The company also provides a full set of solutions aimed at accelerating cash flow and managing transaction data. On the Internet or at the point of sale, Chase Paymentech’s unique combination of outstanding service, innovative solutions and financial strength offers solid benefits to companies both large and small. More information can be found at http://www.chasepaymentech.com.

Contact: Mia Shernoff
mia.shernoff@chasepaymentech.com
1.646-460-4069

About Kount

Kount® is the most advanced fraud-fighting technology available today. Developed with online and catalog merchant needs in mind, Kount defends against both traditional and emerging fraud threats. Kount defeats botnets and other organized crime using a formidable array of tools including two patented technologies — device fingerprinting, and Proxy Piercer® — along with Dynamic Scoring™, Geolocation techniques, and real-time data streams from websites all across the globe.
Kount provides merchants with maximum risk management control and flexibility, while automating costly manual review processes to improve the bottom line. For more information about Kount, please visit www.kount.com.

Contact: Kristen Meador, Clickbank
kristen.meador@clickbank.com
1 303.807.8073

What do I need to accept payments for an online store?

The essential elements of an ecommerce store are the shopping cart, payment gateway, security certificate and merchant account. All payment processors that we work with now require a certified PCI Compliant shopping cart.

The store or shopping cart components include order and content adminstration, inventory managment, product management, customer management and search engine optimization among other elements.

The payment gateway is just that- a gateway that allows the secure transmission of credit card and debit card payments from the shopping cart to a merchant processor. The gateway is a standard security mechanism for the internet.

The security certificate is issued to a business. Digital security certificates provide two essential security functions: authentication and encryption.
The business is verified to be legimate. It also enables the SSL protocol,or secure socket layer for encrytion, which includes displaying HTTPS and the little lock symbol that appears in browsers.

The last element is the payment processor. Merchants accept credit and debit cards by opening a merchant account with a payment processor. Just like you can’t go to the federal reserve to do your personal banking, you can’t go to Visa and Mastercard to do your credit card processing. Payment processing is offered through banks, payment processing companies and independent service organizations (ISO). Sometimes the same company offers their services through all channels. For example, First Data offers payment processing  directly and also through banks they have partnerships with, and through registered ISO’s. Because of the complexities of the industry, the best prices and value are not necessarily achieved by going direct. In fact, indirect service thrives because of value added and volume partnership pricing.

In the past, processors required a secure gateway, however this has now been extended to the actual shopping cart software as well in some cases. One reason is that some carts allowed for storing card data unencrypted somewhere on a server. For some shopping carts, getting certified is a formality. For others, there are security issues somewhere within the process- whether front end or back end, and work is needed before the cart can be certified.

The quick solution for those carts that are not compliant has been to disallow credit card processing except for paypal and google payments.

Virtually every cart accepts authorize.net as a gateway and it’s one of the most popular. I recommend it, when appropriate. The Orbital Gateway may be a cheaper solution for those processing on the Paymentech platform, however not as many carts have Orbital integration.
Orbital Gateway Integration & Certification Program- Orbital is a Chase Paymentech gateway and only works with those processing on the Chase Paymentech platform. Merchants must complete either the shopping cart certification, or use a hosted payments solution such as CenPOS or CRE Secure.

Will my store be shut down if there is a data breach?

Ecommerce stores may be forced to shut down if there is a data breach related to credit card processing, but it all depends on the circumstances. Why did the data breach occur? Where did the breach occur? What steps have been taken to prevent a reoccurance? Did the company meet PCI Security Compliance standards at the time of the breach? Who do you think will force you to shut down your site?

If your company was in PCI compliance, and preventative measures have been taken, it’s doubtful you’d be forced to shut your site down. You’d be protected by Safe Harbor from financial liability.

Who can force you to shut down your site? The card associations or your payment processor are the most likely. The actual site doesn’t need to be closed, but you may not be able to accept credit cards online. You may still be able to accept Paypal, Google, or other payment types, again, depending on the nature of the breach. For example, Paypal etc would take the transaction off your site for secure payment.