Once product information is entered, simply click a button and Actinic Catalog uploads to the specified host provider server and builds the catalog on the web site in minutes. Actinic Catalog includes an electronic shopping cart and order-entry system, enabling visitors to search, select and purchase goods and services online. The software has its own, in-built 256-bit secure encryption and support of industry standard encryption, such as Secure Socket Layer (SSL). Credit card payments can be processed using existing merchant account or using one of many Payment Service Providers.
Actinic Catalog emails one of the specified networked PCs in DSS Ltd office when a new batch of orders is waiting for collection. Simply click a button and the orders are downloaded, decrypted and stored on the PC. Easy-to-use order-processing facilities, enables to display orders and adjust them if necessary. Orders and invoices can be printed or exported to a file, providing the opportunity to import them into the existing accounts package. An Actinic Catalog demonstration with more than 20 DSS Ltd items is provided on a Floppy disk with this report.
The demonstration provides an overview of the 5 steps described above. As mentioned earlier in the report Actinic Catalog uses Java Applet 256-bit encryption to safely encrypt credit card information. Encryption occurs on the buyer’s PC and decryption only occurs on the vendor’s PC. At no stage is the transaction decrypted whilst it travels over the Internet, or whilst it is stored before the specified PC in DSS Ltd office receives it. In addition, orders including credit card details are only stored until DSS Ltd downloads them to their PC.
There is no large store of orders available anywhere online to invite attack. The encryption is carried out by using a Java applet. The applet is subject to the standard security restrictions which prevents any general communication across the Internet. Decryption is carried out on the vendor’s PC after orders have been downloaded. The vendor can then process the credit card numbers in the normal way using a PDQ machine. High Street banks such as Barclays Bank, Middland and the Royal Bank of Scotland have all approved use of Actinic Catalog.
Alternatively, Actinic Catalog can be integrated with a secure server, Secure Socket Layer (SSL) or a number of Payment Service Providers, who take credit card numbers securely and carry out the transactions online. These include NetBanx, WorldPay, Datacash, Secure Trading and Secpay. Other processors are able to integrate their services with Actinic Catalog using plug-in technology. DSS will be using the Payment Service Provider, WorldPay for their credit card transactions. This is described in more details in Section 2. 3. 1 in this report. SSL is a method for hiding the information being transmitted between a web browser and a web server.
It is structured to use “certificates” of identity to authenticate web sites and web users. These certificates are “digitally signed” and issued by a trusted third party such as Thawte or VeriSign. Such trusted third parties are known as “Certification Authorities” or CAs. Once a web site has registered with a CA, the browser can ask the CA “Is this the correct public key for this company? “Since the built-in Java Applet encryption and the industry standard SSL encryption methods do not provide real-time transactions and are very time consuming, they have been ruled out as a transaction option.
The WorldPay Direct option is the most appropriate solution for a small and medium company such as DSS Ltd. There is no need for a merchant account and the monthly fee is set to zero. Assuming that DSS Ltd has an Internet Trading Account (ITA), the company can use the WorldPay BankDirect payment option to route Internet transactions to its existing bank for a small percentage fee per transaction. A detailed table illustrating the setup fee and the cost per transaction can be found in Appendix 2.