Auditing transactions in an eCommerce add-on

Question

Hi

I'm puzzling over how I might achieve the following:

We deal with a number of customers that have various eCommerce implementations, some using paypal, eBay store, .net cart and various others.

We want to provide the customers with some simple code that they can add to their checkout process that will track the transaction and provide us with some basic data, like price, item, date time. It needs to be very simple, similar to adding the paypal cart code, or google analytics, as it may be someone with very limited knowledge who is tasked with this.

We'll then store this data and allow the customer to track the items that their customers have been buying and provide their customers with a 'points' type reward scheme.

I'm struggling to see how we can do this securely and ensure at the same time that the system can't be cheated or hacked even by the person that may be implementing the code.

Would appreciate anyones suggestions on how this could be done.

All the best

Answer 1

I think the only hope you've got is to piggyback on one of the existing trust-based mechanisms.

First, you won't be able to design anything nearly as secure as what PayPal, Microsoft, eBay, etc. have spent decades evolving.

Second, you'll need the iron-clad trust of your partners. Which is most easily addressed by hitching a ride on an existing trusted entity.

Third, your customers' customers (the consumers) are the key to everything. They need to trust it. And your partners will require that you prove they can trust it and won't threaten their customer base.

Which probably means working with say Microsoft or PayPal and give them the cut they'll require. (Which will probably be cheaper in the short term anyway - and do you really want to build it yourself? It's only a risk to your primary value proposition.)

Don't ignore the fact that you offer value to the trust provider as well - it bulks up their user base if it catches on. And their incentives match yours pretty nicely (rock-solid security, scalability (horizontal and vertical), visibility in the consumer space, etc.)

Just make sure there's no opportunity for someone somewhere in the pipeline to mess with it for profit, and that the audit trail is quickly and ubiquitously accessible to all the stakeholders, especially your partners and the consumers, because they will be 100% responsible for fraudulent transactions (if you write the legal paperwork properly).