Overview for Merchants Documentation: v1.2 WebSite: v7.0.2 Release: 16 Feb 2016
Copyright © 2016 RMP Protection Limited
1
Table of Contents 1 Introduction 2 CarrotPay – What is it? 3 CarrotPay – How it works 4 CarrotPay – What you get 5 Carrot–WebCoins 6 CarrotPurse WebPurse DesktopPurse GuestPurse 7 Carrot - DonateButton 8 share-n-earn (S-N-E) Major Points What does a Merchant need to do? What does an affiliate need to do? Summary 9 SiteCoins Introduction SiteCoin Offers Major Points for merchants Major Points for Individuals What does a merchant need to do? What does an individual need to do? Offers - management and review Offers - callback option Accounts 10 CarrotPay process overview 1 : Register Merchant 2 : Configure Website 2
3 : Add money to WebPurse 4 : Visit Website 5 : Pay with WebCoins 7 : Transfer to bank 11 Purchase Security Problems with Spoofing Other solutions to Spoofing 12 CarrotPay Security Protected Links - Simple Static URLs Dynamically Created URLs Protected Content Appendix A CarrotPay -WebCoins embedded in applications: CarrotMail Charge-backs Offering buyers short term Credit
1 Introduction This document provides a non technical overview of the CarrotPay payment service for merchants wishing to provide a low-cost, frictionless method of payment for web-based goods and services, in particular various forms of paid-for on-line content such as service subscriptions, premium documents and reports, video, music, games and images. For specific programming and technical issues see the CarrotPay-Flash Integration Guide and CarrotPay-Script Integration Guide. CarrotPay is particularly good for impulse and immersive payments where a shopping cart and check-out process is inappropriate.
2 CarrotPay – What is it? CarrotPay is a fast micro-payment service. It is more than a simple payment gateway as it enables new business methods due the speed and simplicity of making a payment. Merchant registration is extremely fast and easy taking just a few steps where registration requires only the most basic information. Optionally a Merchant may provide a web site address, icon and site category so that CarrotPay may promote the site to its users and enable additional services. When it comes time to withdraw funds from the service, CarrotPay will require additional information (such as bank and ownership details), in order to comply with international banking guidelines.
3 CarrotPay – How it works The CarrotPay service has been designed so that a payment can be made with a single click, or – at the user's option and typically for very small values – completely automatically. 3
Imagine web site visitors being able to buy digital or physical things by sending a very small payment in less than 10 seconds to pay for music, video, game play, information services, news and even auctions. No fuss, no passwords, just one click! The received value can then be used to either buy other on-line services or transferred to a bank or to the Bitcoin network at any time. For the online Merchant, our CarrotPay service provides several ways to integrate payments into everything from simple static HTML pages to fully transactional services utilising Digital Rights Management (DRM), and online flash games. What new business models will blossom now that website owners like you can add micro-payments for their content in a matter of a few minutes?
4 CarrotPay – What you get ● ● ● ● ● ● ● ● ● ● ● ● ● ●
Low flat fee of 3.9% No minimum charges and no annual or monthly fees Supports EUR, GBP, USD, HKD, CYN and Bitcoin. Transaction range - US $0.001 to $200 User currencies are automatically converted to the Merchant’s desired currency. Payments may be embedded into Flash as well as HTML pages (including social networks) Easy to integrate with DRM for extended time and device access Fast transaction authorisation – typically 5-10 seconds Super fast registration – typically less than 1 minute Super fast product set-up – can be less than 1 hour (depending on your ambition and security level) Withdraw funds anytime (after the initial identity documents has been provided) Very high transaction volumes supported Supports content protection Enables Merchants to offer short term credit when selling low value digital items
5 Carrot–WebCoins A Carrot-WebCoin is a “digital coin” which represents real monetary value either in one of the conventional currencies (USD, EUR, GBP, HKD, CYN) or one of a number of virtual currencies (e.g. Bitcoin or #CRT). WebCoins are issued by Carrot (and in the future, by other certified licensees of the technology), and can be obtained through bank transfer or the Bitcoin network and transferred back to a Bank, Bitcoin or to a PayPal account. WebCoins are by their nature anonymous and hence contain no record of their owner.
6 WebPurse End-users interact with your website through a simple yet sexy digital wallet (WebPurse), which automatically detects requests for payments through the user’s browser and prompts for user authorization. WebPurse is displayed via JavaScript of Flash, right on the html page where payment is requested so if the buyer’s WebPurse has funds they never need to leave our page. Individuals may obtain a WebPurse by authenticating with CarrotPay, Facebook, Google or Yahoo!. Once a user has a purse they can simply add money to it using their B ank account or any B itcoin Wallet. When an individual is already logged in through one of the supported authentication methods, the WebPurse will automatically display a payment request for goods or services, then the user need only click once to confirm. If ‘zero-click’ mode is enabled, the payment is instantly authorised without the need for further clicks. 4
Figure 6.1 The WebPurse
GuestPurse (Sales tool for merchants)
GuestPurse is a special version of a Merchant’s WebPurse that may be used as a tool to introduce and educate new customers to their service (including the use of CarrotPay), and to allow new customers to experience the buying process from start to finish without the need to obtain a WebPurse or to add money. CarrotPay provides this tool to minimise the effect of customers natural reluctance to try a new service before they know if it is truly useful. CarrotPay has a demonstration web page where you can experience the use of the GuestPurse. Using GuestPurse a merchant may offer certain items for free but at the same time demonstrate the ease with which those items may be purchased, thereby familiarising a visitor with the total process so that when it comes time to actually pay, they are more likely to follow through. A GuestPurse is only displayed to people who do not already have their own WebPurse, or more precisely to those people who are not currently logged into a WebPurse. The GuestPurse must first be enabled by ensuring there are some funds in the merchant’s own WebPurse and also by setting the key word ‘GuestPurseAllowed’ in the protected link of the item being offered. If the payment request does not contain a protected link the GuestPurse is automatically enabled as there is no payment protection in use. Using 5
these two mechanisms a merchant is able to dictate which items are offered and how many times they are offered. When a customer uses the merchant’s GuestPurse, the money that is paid is deducted from the purse and returned directly back to the merchant’s own account (with only the deduction of the normal transaction fee), and the transaction is recorded in the usual way.
Conditions for displaying a GuestPurse ● ● ●
The visitor is not currently be logged into their own WebPurse The GuestPurse has sufficient funds to pay for the item The item has included in its protected link the word ‘GuestPurseAllowed’
Figure 6.2 The GuestPurse when requesting payment confirmation
7 Carrot - DonateButton With CarrotPay it’s easy to create a donate button for a fixed amount. However, as donations are voluntary it’s nice to allow people to set the donation amount themselves. On the other hand, you want the donation process to be as easy as possible and so we created the DonateButton for small donations that can be completed right on your site and in just a couple of clicks! This is intended for many small donations rather than for a few larger donation and should be ideal for blogs and other sites that wish to transition their users from free to paying customers. DonateButton provides a slider so that people may easily set the amount without the need of a keyboard. You set the minimum and maximum amount of the donation and the currency. You may optionally change the text on the button as well. After the user has set the amount with the slider, they simply click the button and the CarrotPurse will display and request confirmation. The speed and convenience of this simple process will ensure many more donations than would otherwise be the case.
6
Figure 7.1 – The Carrot-DonateButton and WebPurse NOTE: For more technical details on how you can integrate the Carrot-DonateButton to your page please read the online instructions.
8 share-n-earn (S-N-E) share-n-earn (S-N-E), is a free micro-affiliate network service for web sites (merchants), who wish to promote selected sales items or their site as a whole. A merchant signifies their willingness to share sales revenue with a micro-affiliate by the inclusion of a S-N-E button →
Use of this button by a potential micro-affiliate creates a custom version of a URL supplied by the merchant (known as an 'affiliate URL'), to be posted on the affiliate's social network page, sent in an email or posted on the affiliate's own web site. If subsequent use of this URL results in a sale for the merchant, the merchant agrees to split the sales revenue with the affiliate.
Major Points
1. Sale must be completed through CarrotPay 2. Merchant only pays when sale is completed 3. Merchant determines the terms of the revenue split 4. Merchant need not know who the affiliate is (i.e. no sign-up is required) 5. Affiliate settlement is made automatically through CarrotPay 6. Fully compatible with SiteCoins as well as WebCoins.
What does a Merchant need to do?
1. Include two Javascript libraries on each sales pages. 2. Add the share-n-earn
b utton to each product or to the site as a whole.
3. Process an affiliate URL when activated by a buyer and construct a sales page with an appropriate CarrotPay buy button to split the revenue with the affiliate.
What does an affiliate need to do? ● ●
Once only-: Get a WebPurse (can be as a result of clicking the Each time they want to promote a product-: click on a
7
button).
button and post the affiliate URL.
SNE funds automatically accumulate in an affiliate’s CarrotPay account and the funds may be used to buy web services or to transfer the value to a bank or PayPal account. When an affiliate clicks the icon from a promotion like the one seen below, a widget will be displayed with the details as seen in Figure 8.1.
Figure 8.1 The share-n-earn widget
Summary A merchant may place a share-n-earn button next to any content they wish to be promoted through micro-affiliates. Affiliates may post a custom affiliate URL for the content anywhere on the web. When a buyer uses an affiliate URL, the originating merchant agrees to split any sales revenue with the affiliate who posted it. CarrotPay will settle the split with the affiliate automatically so the merchant does not need to do anything extra after the sale is completed. NOTE: For more technical information about how to integrate share-n-earn in your page please see the CarrotPay-share-n-earn guide.
9 SiteCoins (sales tool similar to coupons) Introduction CarrotPay provides a mechanism for merchants to issue their own digital money and to distribute this money to their customers. We call these SiteCoins because unlike WebCoins they may only be used on the site(s) permitted by the merchant. SiteCoins are distributed to users through a SiteCoin ‘Offer’ and CarrotPay ensures that each Offer is accepted at most once by each WebPurse. SiteCoins may be issues for any value and in any of our supported currencies (including our virtual currencies). Every SiteCoin has an expiry date (as determined by the merchant), and if not spent at the merchant’s site before expiry, the value of the SiteCoin will automatically be returned to the merchant’s account without charge. In this way 8
merchant’s may freely issue as many or as few SiteCoins as they wish without concern for the possibility of lost coins. However, when SiteCoins are actually spent, a transaction is recorded in the usual way and the normal fee is applied. Merchants may consider SiteCoins to be rather like managed ‘e-coupons’ in that they represent a promise to the customer to honour some kind of redemption on presentation at the site. How and when SiteCoins are used is entirely between the merchant and their customers as CarrotPay simply provides the tools to effectively manage the service. Two things set SiteCoins apart from regular e-coupons; ● ●
SiteCoins appear in a user’s spendable balance when visiting the issuer’s site SiteCoins may be split and spent in parts just like regular coins (the balance being returned to the WebPurse).
Because SiteCoins are managed by CarrotPay’s WebCoin platform, merchant’s need not be concerned about forged coins or detailed tracking and accounting.
SiteCoin Offers
Customers acquire SiteCoins through ‘Offers’ which are made by a merchant. Each offer must be accepted by a WebPurse user and the SiteCoin is then available for viewing and spending within the user’s WebPurse. Every accepted offer is recorded in the merchant’s control panel and optionally may trigger a callback to the merchant’s own site for fine grained control. Every time a SiteCoin is used to buy something or if it expires, the offer record is updated and may be viewed in the control panel.
Major Points for merchants
1. SiteCoins may only be spent at sites permitted by the issuing merchant. 2. The issue of SiteCoins is controlled through ‘Offers’ which have a unique ID and a specific currency. 3. Offers may be accepted at most once into any given WebPurse. 4. Offers may be for any value and in any supported currency. 5. SiteCoins have a merchant defined expiry date set as a fixed date or a period from issue date. 6. There are no fees for issuing or managing SiteCoins until they are actually spent. 7. The value of all spent and expired SiteCoins is returned to the merchant’s account (less any fees). 8. SiteCoins are handled appropriately when spent as part of the share-n-earn m icro-affiliate service.
Major Points for Individuals
1. SiteCoins are automatically added to the spendable balance when visiting the issuers site. 2. SiteCoins are automatically used in preference to WebCoins whenever possible. 3. SiteCoins are displayed and selected for spending according to their expiry date.
What does a merchant need to do? 1. Include the standard JavaScript library on each page that contains an O ffer. 2. Add an Offer buttons to a page(s). Each Offer button will need a unique Offer ID, a currency and 9
value and an expiry date. 3. (Optional) Add a callback if you wish to have fine-grained control over the number of times an Offer is issued. NOTE: For more technical details see the CarrotPay-API Specification document.
What does an individual need to do?
Each time an individual wishes to receive a SiteCoin Offer, they should click the O ffer Button which will display details of the Offer. They must then click Confirm in the WebPurse to actually accept the Offer. Once accepted, the new SiteCoin will be displayed in the user’s WebPurse in expiry order..
10
Figure 9.1 - A SiteCoin Offer waiting for acceptance Figure 9.2 - The new SiteCoin listed in the WebPurse
Offers - management and review
Merchants may make as many Offers as they wish but only accepted offers are recorded in the Offers history. The Offers history table is accessible through the control panel and may be viewed at any time. The table records the following columns:
Offer ID
A unique value representing this specific Offer. Once an Offer with a given ID has been accepted by a customer, that ID may only be used for offers with the same currency although the value may vary if you wish.
Number of accepted offers
The integer count of the number of times this Offer has been accepted.
Currency
The ISO currency code
The total accepted value
The decimal value of the sum of all accepted offers
The total amount spent
The decimal value of the sum of all spent coins for this Offer
The total amount expired
The decimal value of the sum of all expired coins for this Offer
Last expiry date
The date when the oldest SiteCoin issued under this Offer will expire
Offers - callback option
The Offer history table automatically keeps an up-to-date record of your accepted offers and how they are being used. This may be useful for reviewing how well your marketing is going but is limited if you wish to track Offers in real-time. Suppose you wish to make a special Offer to the first 100 customer on your site. In this case you will want to know as soon as the 100th user has accepted the Offer so that the Offer may be removed from the site. To do this you should add a callback to the Offer so that CarrotPay can inform you each time an Offer has been accepted. Technical details for how this is done are provided in CarrotPay-API Specification, but for now it’s probably enough to know that it can be done.
Accounts Whenever an Offer is accepted, your merchant balance is debited and the customer’s WebPurse is credited. In this way it is possible for your merchant balance to be come negative. This is acceptable because eventually the money will be returned (less fees), to your account. However, Carrot does not offer its customers credit and therefore every account balance must be positive before you may withdraw funds from your merchant account to your Bank.
10 CarrotPay process overview The overall CarrotPay process is illustrated in Figure 7.1 and is described in more detail in the following section.
11
Figure 7.1 – The overall CarrotPay process
1 : Register Merchant (Seller)
To accept CarrotPay payments, you need to register as a CarrotPay Merchant. This generates a new account with a unique identifier and other security information. Registration requires only a working e-mail address with no need for personal or company information. However, if you wish to be included in CarrotPay's promotional activities or some of the more advanced services, you may also provide your website URL and a short description of your products and services. 1. Register for a new CarrotPay Merchant account by providing an e-mail and password or use an existing WebPurse account. (In practice every WebPurse account automatically gets a free Merchant account as well). NOTE: The operation of the Merchant account is the same in both cases but when you use your WebPurse to login, it will be linked to your Merchant account and you will also be able to receive share-n-earn payments in addition to regular payments through buy buttons etc. 2. Once your Merchant account has been created CarrotPay will allocate you with three important credentials. 12
Merchant ID
(e.g. KPPW-KBCD-GDZD-JWMW)
Secret
(e.g. csswlwclzgchcwch)
Hash seed
(e.g. jwwvkgkdksmskqcl)
NOTE: For more information about the Hash seed and Secret, see chapter C arrotPay Security. 3. You may now start receiving payments right away. Check out our technical documentation for more details on how to creatively use CarrotPay payments to your website, blog or software products.
2 : Configure Website (Seller)
As a CarrotPay merchant you need to configure your site to accept Carrot-WebCoin payments. Payments may be triggered with a simple JavaScript function call which should then lead to the immediate delivery of a digital product (perhaps the download of a file in the most simple case). The system is specifically designed to work without needing scripting or back-end web development, and hence can be used on very basic (or free) web hosts and services such as flickr. However, it is also possible (and more likely), to integrate CarrotPay into new or existing websites for impulse selling - without the need for a shopping carts of check-out process. Equally, CarrotPay may be used at the end of a more conventional shopping cart process but this often results in a less desirable user experience (i.e. extra time and complexity), when compared to impulse sales. The CarrotPay-Script Integration Guide gives more details and examples of this.
3 : Add money to WebPurse (Buyer)
This is a process that a buyer must go through in order to be able pay for your goods and services. Buyers typically add money to their WebPurse in blocks of US$10-20 (much like visiting an ATM and holding a little cash in their pocket or wallet), and then spend that money across the web a few cents or dollars at a time. Carrot provides users with a number of ‘add money’ options including transferring funds from their bank and Bitcoin. In the future CarrotPay will strive to add more non-reversible methods of adding money to their account.
4 : Visit Website (Buyer)
What the customer sees on the website is entirely under your control. To pay with WebCoins, the customer simply clicks on a “Pay with CarrotPay” button or link which has been configured with your Merchant ID, the price required and a return URL for the content to be delivered.
5 : Pay with WebCoins (Buyer)
When the customer clicks on a “Pay with CarrotPay” button, the CarrotPay service requests the required value of WebCoins from the customer's WebPurse. If the amount is below a user configurable limit, the CarrotPurse may engage zero-click mode and make the payment automatically, simply notifying the customer that a payment has been made. By default though, the customer will be asked to authorise or reject the payment with a single-click.
6 : Payment is authorised (Carrot) Once payment has been authorised by the Buyer, Carrot credits your Merchant account. Finally, the CarrotPay service redirects the customer’s browser back to your website through the configured return URL, which is modified for security as discussed in chapter CarrotPay Security. On return to your site you will normally immediately release the product to the customer. 13
NOTE: CarrotPay will NOT send the buyer a purchase confirmation e-mail and will only send you an email if you include the ‘alert’ attribute in the payment parameters. It is a Merchant's responsibility to collect buyer details and to send a confirmation e-mail if you feel this is appropriate. However, for many small-valued transactions with no physical delivery, such data collection will not be welcomed by the buyer or justified for the seller.
7 : Transfer to bank (Seller)
Once you have received a number of payments through CarrotPay, you may simply use the WebCoins to buy other on-line services in the manner described above or you may transfer the value of those WebCoins to your own bank account or external Bitcoin wallet. You can transfer your WebCoins to a bank account via the Carrot website by logging into the control panel and selecting ‘Send funds’. There is a minimum transfer amount (depending on country, currency and bank), so as to minimise bank fees. You may receive payments in any of our supported currencies and remit funds to your bank in the same or any other supported currency (including Bitcoin).
11 Purchase Security (Seller) One of the major issues integrating simple HTML pages with web-based payment systems is providing proof against attempts to obtain the content or goods without paying, by 'spoofing' the URL which leads to the content or authorises delivery, without going through the genuine payment process. Payment services such as PayPal have a number of ways of dealing with this, including encrypted buttons, IPN, PDT and full back-end integration. CarrotPay has a single, much simpler mechanism which provides security all the way from simple HTML pages to full e-commerce back-ends. The details of the system are given in the Integration Guides, but we can give an overview here.
Problems with Spoofing
The problem with 'spoofing' arises because in simple integrations there is no direct communication between the merchant's website and the payment service – everything happens through pages being fetched by the customer's browser. Hence a typical payment button contains information which makes the customer's browser go to the payment service website, saying something like “Please take payment of $X, for product Y, credited to merchant account Z, and return the user the page at URL U”. The payment service then goes through its normal login procedure to identify the customer, takes the payment, and tells the customer's browser to return to URL U. The web page then takes the request for U to allow delivery of the content directly, or authorise the physical delivery of goods. The problem which arises is that with a little knowledge of the payment system and HTML, a fraudster can go through the purchase up to the point where they have to pay, but then just skip that and point their browser at URL U, making the merchant's website think that payment has been made when it has not.
Other solutions to Spoofing
Some of the solutions to the spoofing problem provided by other payment services include: ●
Encrypted buttons: You need to have the HTML for the button specially created by the payment service website, in such a way that only they can decrypt it and work out the return URL. This only works for fixed prices and products, but it does work without any scripting.
●
IPN: The payment service will fetch a special page from your website telling you that a payment has 14
been authorised. You need to have some script and database on the site to tie this together with the purchase process. ●
PDT: The payment service provides a way of checking whether a payment has been made properly or not before you deliver the goods. Again, this requires scripting.
●
EWP: Like with Encrypted Buttons, but the buttons are created dynamically. requires a lot of cryptographic knowledge and scripting to work.
Very powerful, but it
●
Email alert: The payment processor sends you an email containing sales information on completion of each sale. This is not secure on its own, but as an alter for the merchant to then view the online statement, it can be a useful low-tech solution for managing physical goods or subscriptions.
●
Secure hashes: The payment service adds an additional 'hash' parameter to the return URL created using a secret shared between the payment service and the merchant's website (but not revealing it), which proves the request has been through the proper payment system and hasn't been modified. This requires scripting on the merchant's website to verify the hash.
NOTE: The CarrotPay system is most like the last one, secure hashes, but simplified so it can be used without any scripting, as with encrypted buttons. CarrotPay also supports email alerts for those merchants that find this useful.
12 CarrotPay Security The CarrotPay solution to the 'spoofing' problem is very simple, yet secure and powerful. When a merchant registers with CarrotPay, in addition to their merchant ID they are also given a secret 'seed' value which is known only to CarrotPay and the merchant. This is automatically stored in the Merchant’s control Panel and may be changed from time to time if the Merchant desires.. When a customer pays with Carrot-WebCoins, the CarrotPay service modifies the return URL that is encoded in the button by replacing any parts in square brackets “[xxx]” with a group of letters, or 'hash'. This hash represents a combination of the original contents of the square brackets, the price quoted and the secret seed value, in such a way that changing any of them changes the hash, but which does not reveal what the secret is1.
Protected Links - Simple Static URLs In the simplest case, if the URL configured into the payment button was originally:
http://www.example-image-library.com/images/[butterfly].jpg
The processed version might become: 1
Technically, the hash is a safe encoding of the lowest 32 bits of an MD5 digest. The exact algorithm is given in the Script Integration Guide. 15
http://www.example-image-library.com/images/bzcmpwxj.jpg
Hence to hide the content from people who haven't paid, you simply rename “butterfly.jpg” as “bzcmpwxj.jpg”. Someone trying to fetch the content without paying cannot guess this, because they don't know the secret seed. Neither can they modify the payment button to pay less, because changing the price changes the text. How does the merchant know what group of letters to rename each file to? CarrotPay (which knows the secret seed), provides an on-line “Button Wizard” where you can enter a URL or a single word and have it translated for you. Hence at this level all you need to do is add some square brackets to the return URL in the payment button, and rename a file. The only disadvantage of this mechanism (which it shares with encrypted buttons and is really unavoidable unless some scripting is used), is that the return URLs will be the same for everyone. Hence if they become public knowledge (for example, if someone posts them to an on-line forum), the security is lost for those who can obtain the link. If you become aware of this, all you have to do is generate a different file-name and change the payment button, but in general we only recommend this mechanism for relatively low-value content which might easily be duplicated anyway (i.e. text, images or audio files etc).
Dynamically Created URLs To avoid the problem of URLs being copied, and avoid the small amount of manual processing required with static URLs, you need to use an element of scripting (e.g. PHP, Java) and a database or files to record each transaction individually, as is common with most shopping carts and e-commerce solutions. In this case, the script and database back-end will most likely generate a unique transaction ID for each purchase. The payment button is then dynamically generated to include the transaction ID in the return URL – e.g.:
http://www.example-ecommerce.com/scripts/payment-return?tx=12345
This payment return URL then checks the transaction hasn't already been completed, and completes it – for example, by delivering the content, or authorising physical delivery of the goods. Of course, as we saw before this return URL can be spoofed, so we need to prove that it has been passed through the payment system with the right price. The same system of URL modification can provide this as well. All we need to do is include the same transaction ID in another parameter, but this time in square brackets:
http://www.example-ecommerce.com/scripts/payment-return?tx=12345&hash=[12345]
The CarrotPay service will then turn this into something like:
http://www.example-ecommerce.com/scripts/payment-return?tx=12345&hash=gbjwzcbz
The payment return script then needs to recalculate the hash word using the original transaction ID, the price quoted and the secret seed (which it will need to have configured into it in some secure way). It can then compare this with the hash quoted in the return URL to verify that payment has completed properly 16
and complete the purchase. If the site doesn't have a transaction database, there are also some other clever tricks that can be done either by generating simple stored 'tickets' or at the simplest, just preventing reuse of a URL after a given time or from a different IP address. More details are in the Script Integration Guide.
Protected Content One final technique supported by CarrotPay is called Protected Content. This technique is a client-side only process that encrypts the content itself for better protection. See Script Integration Guide for further details.
Appendix A CarrotPay - WebCoins embedded in applications: CarrotMail One early use for Carrot-WebCoins was the prevention of email spam. The CarrotMail system provided a number of anti-spam features based around a “whitelist” of known contacts, but allowed e-mail to be received from anyone if a Carrot-WebCoin was attached. The received WebCoin could then be reused on further e-mails that the receiver sends out. The aim was to allow free interchange of e-mail between people who sent about as many e-mails as they received, but to made it economically non-viable for spammers to send millions of broadcast e-mails. Any merchant who thinks they may have an application that could benefit for this or a similar system are encouraged to contact
[email protected] to discuss.
Charge-backs CarrotPay will not normally reverse a transaction without the agreement of the Seller. The only time when CarrotPay will forcibly refund a Buyer is when the Buyer can show good cause and the Seller is persistently non-responsive to requests by Carrot to rectify the issue. Merchants are always encouraged to work with Buyers and to issue voluntary refunds if the situation warrants it.
If you are an honest merchant who does their best to support their customers, you may assume that all sales are final once you receive confirmation from carrotPay! Offering buyers short term credit CarrotPay provides a facility for Merchants to offer their customers short term credit when buying small valued items. The purpose of this facility is to minimise the effort required for buyers when they do NOT currently have sufficient funds in their WebPurse to pay for an item. Without this facility a buyer would be forced to first add money to their WebPurse (which can be inconvenient), and when faced with this level of effort, a buyer may simply choose not to buy. However, if the buyer accepts credit they will be able to receive your product right away and pay at a future time. This facility is best when a product’s sale price is low (say under $1.00), and is particularly good if it’s a digital product with little or no per-unit cost. In keeping with our core micro-payment offering, CarrotPay limits the total amount of credit offer to any one buyer (USD10 as of Jan 2016), so credit is NOT available for products priced above this limit.
Repayment of credit CarrotPay will ensure that whenever a buyer adds money to their WebPurse, the buyer’s creditors are first repaid (in strict date order), before the incoming funds are made available to be spent on new purchases. This process of providing Credit and the repayment of Creditors is completely automatic and there is no 17
interest applied or extra charges made to either the buyer or the seller.
NOTE: Credit is sales tool for merchants and is provided entirely at the merchant’s own risk. When credit is accepted by a Buyer and a product delivered by a Merchant, there is no guarantee that the Buyer will ever repay the Merchant. CarrotPay can only guarantee that a Merchant creditor will be repaid at the time when a Buyer adds sufficient funds to their account, b ut they may never actually do this. CarrotPay will make reasonable efforts (in line with the value of credit accepted), to encourage buyers repay their creditors.
18