Les Jones

E-commerce > Tuesday E-commerce Report #3

Alex Wright at Salon looks at the future of deep search engines and who might want them.

Business Week reports that 59% of publicly-traded Web companies made a profit in Q4 2003.

New York state has fined PayPal $150,000 for mis-representing the protections it offers as being equivalent to those of a credit card. A long-standing criticism of PayPal is that it often acts like a credit card, and sometime acts like a bank, but is regulated like neither.

Wilson Web offers advice on finding e-commerce niches. It also has interesting data on U.S. online sales marketshare data from December, 2003. eBay had 26.2% of the market, followed by Amazon at 4.2%, Yahoo! Shopping and Wal-Mart at 1.8% each, and BestBuy at 1.6%.

International E-commerce

Statistics? We got 'em. Internet users in North America: 10 million in Mexico, 16 million in Canada, 199 million in the U.S. Internet users in all European countries combined: 203 million. There's more where that came from at Internet World Stats.

Everyone talks about multi-lingual Web sites, but almost no on ever does it. Knoxville-area e-tailer Smoky Mountain Knife Works has a Spanish language version of their site, La Navaja.

A Spanish language site for customers in the U.S. will make more sense for a lot of U.S. companies than an international site. As I've mentioned before, the Web solves some problems of interational commerce, but it's still not easy. Taxes and import duties are a mess. Customs delays shipping. Eastern Europe, Africa, and the former Soviet states are all hotbeds of fraud.

Payment is another complication. Some credit card merchant acounts (including ours) don't take international credit cards. In lieu of credit cards we use wire transfers, which works for us because most of our sales are rather large. Because of these and other difficulties, we limit international sales to initial orders of $2,500 or more.

Language can be a barrier, even in North America. I've had language problems with customers in Puerto Rico and Quebec. On the other hand, I have a regular customer in South Vietnam who speaks perfect English.

EZ Hacking - the Negative Quantity Hack

EZ Hacking is an occasional feature to note major flaws in shopping carts and Web servers, and what you can do about them.

One of the easiest hacks to check for in your shopping cart is the negative quantity hack. Add two different items to your shopping cart. Now change the quantity of one item to a negative number. So if one item costs $50 and the other $49, change the quantity of the second item to -1. If the shopping cart total in this example shows $1, then the shopping cart is vulnerable to this exploit.

This is especially dangerous if you're selling downloadable products that are delivered immediately in the Web browser or by email. If you're shipping physical items, your accounting or fulfillment department will probably catch the problem during the order review process.

This hack is relatively easy to prevent. If your shopping cart's programming language has an absolute value function, you can use that to ensure the quantity is always positive. You can also fix this on the database backend by specifying that the quantiity field is always positive.

Don't try to fix this problem by using JavaScript to enforce a positive number. JavaScript is a client-side programming language that can be disabled or modified in the browser. All security solutions and final form verification have to be implemented on the server side.

Les Jones is an e-commerce manager living in Knoxville, Tennessee. He offers consulting in Web design and site promotion, and programming in JavaScript, Web+ Markup Language, and the Web+Shop shopping cart system.