Microsoft Dynamics GP Advanced Customization – Autoposting

If you are developer or application consultant, who customizes and integrates Microsoft Great Plains with eCommerce applications, you probably already come across the problem of autoposting when you already fed in and created working batch in SOP, POP, Payroll, etc. Typical eCommerce example – you can create SOP Order or Invoice and even apply deposit or payment against this document, however it is not clear how to post the batch automatically – eConnect leaves it to the operator for verification and approval. You can have many different customization approaches to do the job – in this small article we would like to share with you very elegant method, using GP Dexterity process server to do the job:

o Dexterity Engine. Microsoft Dexterity or former Great Plains Dexterity is currently the engine for so-called fat client, it processes according to the dictionary (DYNAMICS.DIC) and this dictionary (plus few so-called third party dictionaries) plays all the business logic of Microsoft Dynamics GP.

o Dexterity Posting Logic. Instead of trying to replicate pretty complex posting logic of Dynamics GP in SQL Stored Procedures, it is better idea to deploy Dexterity Posting logic directly. You simply “provoke” Microsoft Dynamics GP workstation to post at the certain event firing, provoking in the sense that Dexterity thinks that operator pushes Post button on the batch or master posting forms.

o Scenario. You use eConnect to create work documents and place them into the batch, you do not do any posting, you just “signal” in one custom table that this specific batch in AP is ready to be posted. Customized Great Plains workstation, running permanently, say on the processing server, checks every few seconds this signaling table and finds that batch is ready to be posted. It calls Dexterity Posting chain of procedures in AP module to do the job.

o Upgrade Safe Customization. If you try to implement posting logic in SQL Stored Procedure, every new version will require fundamental revision for your SQL scripts. If you call Dexterity procedures, you just verify that the interface is still the same and upgrade is pretty simple.

o Smart Integration. The described logic allows you to deploy auto posting in any GP module, where posting is applicable. We know examples when customer deploys this smart logic for the integration. Imagine, you can advance GP Integration Manager data import with auto posting to provide automatic on-going data conversion and feeding from your legacy or third party accounting or MRP system.

o For Web Developer. All you need to do is deploy eConnect or relatively simple SQL Stored Procedure to feed order data into work tables: SOP10100, SOP10200, etc. You do your job in Visual Studio.Net C# or VB and then Dexterity posting engine does the rest of the job.

Give us a call 1-866-528-0577 or [email protected] if you need additional information or directions.

SaaS – Ecommerce Sites – Twitter Case Provides Critical Lessons in Administrative Security

In June, 2010, the Federal Trade Commission (FTC) settled charges that Twitter’s micro-blogging site had engaged in lax security practices that amounted to “unfair and deceptive trade practices”.

While previous cases brought by the FTC for lax security procedures focused on lax electronic controls, the Twitter case focused on lax administrative controls. Webmasters of SaaS and ecommerce sites who fail to learn and apply the critical lessons of the Twitter case do so at their peril.

Twitter Case Facts – Two Hacks

The FTC’s complaint against Twitter alleged that lax administrative controls for data security permitted at least two hackers to acquire administrative control of Twitter resulting in access to private personal information of users, private tweets, and most surprising – the ability to send out phony tweets.

Here’s how the hackers got access to Twitter. According to the FTC, hacker no. 1 was able to hack in by using an automated password guessing tool that sent thousands of guesses to Twitter’s login form. The hacker found an administrative password that was a weak, lowercase, common dictionary word, and with it the hacker was able to reset several user passwords which the hacker posted on a website that others could access and use to send phony tweets.

Hacker no. 2 compromised the personal email account of a Twitter employee and learned of the employee’s passwords that were stored in plain text. With these passwords, the hacker was then able to guess the similar Twitter administrative passwords of the same employee. Once into Twitter, the hacker reset a user’s password and was able to access the user information and tweets for any Twitter user.

Twitter Settlement Lessons

The FTC noted that Twitter’s website privacy policy promised: “We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.”

Focusing on Twitter’s administrative controls (more accurately on the lack thereof), the FTC alleged that Twitter failed to take reasonable steps to:

* require employees to use hard-to-guess administrative passwords that they did not use for other programs, websites, or networks; * prohibit employees from storing administrative passwords in plain text within their personal e-mail accounts;

* suspend or disable administrative passwords after a reasonable number of unsuccessful login attempts;

* provide an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;

* enforce periodic changes of administrative passwords, for example, by setting them to expire every 90 days;

* restrict access to administrative controls to employees whose jobs required it; and impose other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.

* The FTC settlement included (among other things) the requirement that Twitter set up and manage a comprehensive data security policy that will be reviewed by an independent auditor periodically for ten years.

Conclusion

The FTC represents consumer interests to prevent fraudulent, deceptive, and unfair business practices. Privacy and data security have been high-priority issues for the FTC, as evidenced by the 30 cases brought over the last few years for lax data security practices.

In its investigations of data security cases, the FTC looks at 2 standards:

* what the FTC considers as “standard, reasonable” security procedures, and

* what a website’s privacy policy promises to consumers regarding data security.

If the website’s actual data security practices do not measure up to either of these standards (a worst-case scenario would be the failure to measure up to both), the FTC concludes that the website has engaged in lax security practices that amount to “unfair and deceptive trade practices”. A complaint and costly lawsuit may follow.

The reason that the FTC publishes the results of its settlements is to provide lessons to others regarding what the FTC regards as an “unfair and deceptive trade practice”.

Do you know if your site measures up to the two standards?

Copyright: 2010 Chip Cooper

The eCommerce Solution Guide – Easy UK eCommerce on a Budget

Unless you’re an experience-hardened entrepreneur, fear of the unknown is always going to be one of the most stressful things about starting up any new business. And with the wealth of up-to-date information readily available over the internet these days you’d be pretty daft to look anywhere else. So when I set out on the road to eCommerce fame and fortune for the first time I thought it would be plain sailing, followed by canapés and caviar, alas not quite. However, this account of my own journey to accepting online credit card payments should allow you to avoid the many pitfalls and quickly point you in the right direction.

My initial searches proved to be quite fruitful. If you’re based in the UK and want to set up your own eCommerce website the general theory behind this is (sort of) straight forward. Here’s the list of the essential processes broken down, in simple terms, to explain what’s happening at each stage…

Shopping Cart eCommerce Software/3rd Party Service

This handles the various ‘Buy’ buttons on a site, and places items into the customer’s shopping cart. When at the ‘checkout’ area of an online store, this is also used to gather the customer’s name, billing address and credit card details etc, along with any items they’ve placed in the cart. The card details are then securely passed on to a payment services provider (see below). This can also be used to set up and automatically send out your company receipt to the customer, upon payment approval.

Payment Service Provider (also known as a ‘Payment Gateway’)

These people act as a middleman between the shopping cart software (see above) the customer’s credit card issuer and the store owners Merchant Account (see below). Card details are checked for validity, encrypted and sent back and forth. If the transaction is approved the customer’s shipping details and ‘bought item’ details are then decrypted and sent to the store owner for shipping to take place, and the customer will receive an automated receipt from the payment service provider.

Internet Merchant Account from an ‘Acquiring Bank’

This is the service (offered by most high street banks) that actually carries out the customer’s credit card processing and puts the money in your pocket. Simple in theory, but the longest and most expensive part to set up.

If you already have a ‘Merchant Account’ with an Acquiring Bank this will need to be changed over to an ‘Internet Merchant Account’ for any online transactions to take place, regardless of who the service provider is.

Okay that’s all the theory out of the way. Of course you could avoid all this nonsense and save a lot of time and money by simply setting up a Paypal merchant accoun. Afterall, they now accept credit and debit cards without making your customers set up any sort of account with them. Unfortunately, Paypal still has a bit of an image problem (mainly due to it’s eBay roots). If you’re selling home made mittens I’m sure this won’t be a problem. But if like me, your potential customers are from other businesses, and you want to convey as professional an image as possible, it can send out the wrong sort of message. Also, in my experience, many businesses are notorious for regarding any ‘new’ payment methods with great suspicion, and many still find it hard to stop using chequebooks. However, I’m sure Paypal will be viewed differently in time, so to cover all eventualities, I chose to implement it on my own site in addition to the more traditional ‘merchant account’ method for accepting cards.

Finding a Shopping Cart

Beyond this first bit of research I was hoping to find forums full of real life accounts and experiences of the above mentioned services which would quickly point me in the direction of the best software available. On the subject of ‘shopping carts’ the problem seems to be one of volume. There are a lot of people recommending a lot of different products, so you end up not seeing the wood for the trees, and they range wildly in price. All the big names in this area are PC based, so if you own a mac you may need to also consider the extra cost of either buying a cheap PC for the job or, if you’re pushed for space, Virtual PC emulation software.

I read a few times that ecommerce is in it’s infancy, but after 2 weeks of studying these “easy” software solutions I was frankly shocked at how dismal these offerings are for normal people like me. Most of them expect you to know some sort of programming language, PHP scripting and spreadsheet inputting. Now I regard myself as being above average when it comes to most things technical, but in this particular area I was quickly left feeling like the school dunce. My personal feeling is that if I’ve just spent £300 on a piece of eCommerce software why on earth do I need to know anything about any of these areas, surely that’s what the shopping cart software is for? In addition to this my personal experience showed that many are firmly aimed at the US market and are often incompatible with UK payment service providers. Not surprisingly, I had to grudgingly give up on this area of research and spent a week worrying about the future of my site.

All was not lost however. There is an alternative to becoming one of the heavy-metal t-shirt wearing brigade and emerging yourself in the joys of Perl scripting. Third party providers offer ‘Remotely Hosted Shopping Cart Software’ which again varies enormously in price and also in how the costs are structured. To cut a long story short I found http://www.mals-e.com recommended enough times to catch my eye which has an easy to use ‘admin page’ system. After you sign up you get issued with a small personalised line of code which you add to the HTML of all your ‘buy’ buttons (which can be either text hyperlinks or images of your choosing). Log in, and start customising the comprehensive list of admin settings (accepted currencies, taxes, postage etc, etc) that’s about it really. It’s simply priced too at £13.60 ($24) for 3 months or £49 ($86.40) for 12 months service. Apart from the reasonable price, the ability to also use the service for free if you only want to implement Paypal on your site is a great way of testing the service first before you pay for the credit card accepting ‘Premium’ service. And so far I have to say I’ve been very happy with the way it works.


Finding a Payment Service Provider

If I want to find the cheapest electricity supplier, the cheapest mobile phone contract, or buy the cheapest pair of tartan slippers for Father Day there are loads of websites that will compare these things at the touch of a button. And it’s pretty simple business sense that in order to remain competitive your overheads should be kept as low as possible without quality of service suffering. With this in mind my first port of call was the Business Link’s ‘product and cost comparison service’ at http://www.electronic-payments.co.uk (click on the ‘Use The Tool’ button) which aims to compare the services and costs of various Payment Service Providers.

Initially you’re put through the annoying and totally unnecessary hassle of registering with the site. After this dodgy start you are presented with a simple form asking you to put in 3 figures, ‘annual turnover’ (actual or estimated), ‘average online transaction value’, and your ‘business borrowing/overdraft rate’. All sensible stuff. From there another 4 pages of forms come up ‘Transaction Bands’, ‘Acquiring Costs’, ‘Payment Method Split’ and ‘Compatibility’ where you can enter more detailed information as you feel necessary before finally being presented with your personalised results. Overall the experience is a bit clunky in places but if you bear with it you find it’s a fairly invaluable service.

The cheapest/best ‘Payment Service Provider’ I found at the time was http://www.secpay.com. They deal with 10 of the 13 available Acquiring Banks in the UK and (most importantly) their system is compatible with mals-e.com mentioned above. Charges are as follows: an initial £50 set-up fee (£58.75 with VAT) and £10 per month thereafter (£11.75 with VAT). Each transaction is charged at either 1.9% or 39p of the sale price (the choice is yours), and the money from the customer will generally take 2-3 days to appear in your business bank account (which is a lot quicker than some). Apparently they also offer an online ‘virtual’ swipe card facility for telephone orders at no extra charge, but I have yet to test this out myself.

I should also point out that there are a small number of operators such as Netbanx who don’t require you to have a merchant account so set-up costs are kept to a minimum, but their individual transaction costs are higher, so for me at least, this was a false economy. I also chose not to accept American Express and Diners Club cards yet, as they need a separate merchant account to handle each of them.

Finding an Internet Merchant Account

This is no easy task, currently there’s a serious lack of any specific hard facts and figures on the internet on this subject. There are also no up-to-date comparison tools or lists that I could find, this may well be because a bank’s charges can often depend upon how much they’re already making from you for other services. For instance, if you already have a loan from the same bank they may charge you less for each online transaction cost. Ecommerce forums were equally disappointing, I found scant accounts from individuals with any personal experience there. Even on the individual banks’ websites finding costs and set-up fees is often impossible. In fact I resorted to phoning various departments of HSBC Bank over the course of a whole afternoon where none of the staff could tell me anything about their own merchant banking fees! Merchant banking it would seem is deeply stuck in the dark ages, so they’re all more than keen to waste time and paper by sending you their glossy 200-page merchant account ‘joining pack’ in the post. On the last page in small type you will invariably find these illusively secret figures finally revealed. However, even this was a partial waste of time, as by the time the last ‘pack’ (of six) arrived two of the banks had already restructured their fees. I was still none the wiser.

So I took a step back, and started again from a slightly different angle. I phoned Secpay asking if they recommended any particular acquiring banks, and they helpfully suggested using either EuroConex (which is the Bank of Ireland/Alliance & Leicester) or Lloydstsbcardnet (Lloyds/TSB) if I want to keep cost to a minimum. From there I called EuroConex (based in Ireland) and had to tell them my predicted annual turnover, and average transaction amount. Based on this, they would charge me a one-off set-up fee and a percentage cost per transaction on credit cards (they had a sliding scale from 1.9% to 2.5% at the time), and 24p per transaction on debit cards. They also have to see your website in order to check that what you’re selling is ‘ethical’.

A month later, after further research, I finally decided to go with EuroConex, so phoned them up before filling in the forms. Their prices had soared, now there was a £150 set-up fee (instead of £100) and 3.46% per transaction on personal credit cards (instead of 2.4%). This basically meant that their prices were roughly the same as all the other merchant bankers, and was beginning to see how they’d earned their entry in the dictionary of Cockney rhyming slang. There were two more blows to follow though, this hike in costs meant that I would have to wait for them to send me a new ‘joining pack’ with the new figures, and (and this was my oversight) that I would need to already have my own ‘Business Account’ set up before being considered for an internet merchant account, grrr! Being entirely new to this, I had naively assumed that because a ‘Merchant Account’ is just a different type of ‘Business Account’ that alone would be fine, and hadn’t allowed for this level of banking pedantry.

After further research, and much gnashing of teeth I finally chose to set up my very first business account with the Alliance & Leicester Commercial Bank, due to their offer of a permanently free business current account with internet banking, and also because of their connection with EuroConex (which I thought might help to speed things up a bit). There was a fairly straight forward form to fill in and two types of photographic identification along with verified signatures were required (authorised by two separate officials, e.g. police, teachers, postmasters etc), before finally being accepted 2 weeks later.

Once the business account was sorted, the merchant account joining pack could finally be filled in. Even though this account was essentially with the same bank as my newly granted business account (Alliance & Leicester), yet more identification and verified signatures were required by them. Two weeks passed before Euroconex emailed me saying that their underwriters additionally needed 3 consecutive months of statements from Paypal. Never having used my Paypal account for anything other than buying stuff from eBay I was very concerned that, at this last hurdle, I was going to be refused an account.

Three long weeks passed before I could take no more. I phoned up Euroconex to find that my fears were unfounded. After 3 months of research and form-filling I was now officially ready to accept credit cards over the internet. Who would have thought that such a prospect could be such a relief!

Conclusion Well it’s no easy ride and the caviar is still on ice, but if I’d found an article like this in the first place it would certainly have saved me a great deal of time and stress. Essentially I ended up with the following services which work well together and represent great value for money:

Having read this article it’s my hope that you’ll have a better understanding of the process, even if some of the information may become out-dated over time you’ll still have a good starting point to base your own research upon. Best of luck in creating your own eCommerce site, and consider sending me some canapés in the post when you’ve made your fortune.