Welcome to WebmasterWorld!

That's a near impossibility to locate them all - far too many differences and there's no tool to do it with other than the SEs themselves. May I ask what the purpose of your quest is?

I want to find websites that are ecommerce enabled (specifically ones that allow credit card payments)

Hm, unfortunately that raises a rad flag with me when you mention ones that allow credit card payments. I think of the users that go to some of the smaller merchant websites to do a small transaction - to see if the credit card number is valid.

What are you planning on doing with the data itself? You could look at directory sites - some have an e-commerce section that might have some sites.

To somewhat answer the question (hesistantly), you might look through sites to see if certain words are on there (cart, shipping, shop, paypal, visa, mastercard). Some might ask why I am answering when I think something bad, I am answering because you might want to set up some kind of directory to help those e-commerce website promote their products. (There are still some people out there that like to help people.)

Hi! Thanks for your replies. To allay your hesitation and to answer your questions why I'm looking for this type of crawler:

I represent a new company that has a solution to add another layer of security when using your credit card online. We need to interface with the credit card input fields of the ecommerce site and the more sites we can partner with the more beneficial and ubiquitous our solution will be. Since we are a new company we have not gone wide yet with our promotion.

Any suggestions/comments as to how we can reach the widest possible audience are welcome (whether ecommerce website owners or even end users who will ultimately be using our solution to make their credit card purchases more secure).

We need to interface with the credit card input fields of the ecommerce site and the more sites we can partner with the more beneficial and ubiquitous our solution will be.

Then it sounds like you should try to be partnering with AuthorizeNet and the other big processing companies (and perhaps even PayPal, Google Checkout, ProPay, etc.) that e-com sites use.

Even if you found a spider that generated a big list of e-com sites, how are you going to contact those sites? I hope you're not planning to SPAM them with the contact information the crawler finds on the site!

Good suggestions. We do not intend to spam anyone - it would erode our credibility as a secure online solution provider. We would contact sites directly - yes - based on the contact info the crawler captures from the site.

The upstream solution you suggested is probably a much more efficient solution in the long run.

Thanks!

Well depending on when you want to add this feature would also help. For example, there are some companies that help with the transaction, adding the VBV / MSC, etc and if so many points are there, it might initiate a call to the consumer to help vet the transaction.

It might be the gateways you want to look at, or it might be the transaction processors (platforms) like First Data or Elavon. However, before this to happen, if you are handling any part of the cardholder data, you need to look at PCI DSS and comply with those regulations.

Adding another component into this transaction could be messy - already a lot of players involved in this. You would probably want to contact the card associations as well to get their approval. Having this will make you reputable. Being PCI DSS compliant will make you reputable. Spidering websites though for emails will not.

I don't have much to add to this conversation in regards to spiders, etc. However, I would target one of the big boys (Walmart, Amazon, Ebay, Zapatos, etc.) and try and get them on board. All you have to do is sell one of them and allow the rest to fall like bowling pins. My method may take more work and a greater initial input of capital, but you only have to make one single sale. News media, word of mouth, and follow the leader should bring you all the business you can handle after that. Besides, if you can save me $1,000 worth of fraud, you could save them $10,000,000 -- you'd have a hard time getting $500 out of me to save $1,000 when I can simply be more diligent in my fraud scrubbing whereas they might be willing to invest large amounts of cash without question if your technology works.

Thanks folks - all excellent suggestions!

I think HugeNerd has the right idea. Get the concept worked out with someone who has a modest to large customer base. Then offer it to others that might find it useful.

The part I question is the business model here.

Why do we need another layer of security? What would it add that 128 or 256 byte encryption does not add?

Unless this is going to add something new, such as between the users keyboard and remote site, I don't see what is gained and why I would buy it.

>> why I would buy it
What if orders were tied to a database that gave you a "security rating" based on country of origin, history of IP activity, history of CC# activity, etc? If the formula were right, would this be of use to you?

It might be in some instances.

But it already exists. I have run across at least two other applications that track fraud IP's, known scam drop ship addresses, and similar. I did not pay much attention to them at the time because we have tightened so much lately on our out of country card acceptance anyway, to the point where we simply block about 3/4 of Africa for instance.

Now, if all this was tied into a central database - some kind of fraud clearing house, then it might be useful.

I would like to see a PITA Customer database- one that associates customers with their chargeback activity. I would love the ability to avoid habitual chargebackers.

What if orders were tied to a database that gave you a "security rating" based on country of origin, history of IP activity, history of CC# activity, etc? If the formula were right, would this be of use to you?

Actually this is available to merchants. LinkPoint created something called LinkShield that was incorporated into the First Data platform. This was fantastic since scores of gateways (Quantum, Authorize.net / Cybersource, Payflow, etc) use the First Data platform as a transaction processor.

This data is able to to let the merchant know if the consumer has a probability of doing a chargeback. It relies on neural net technology along with real-time information on millions of transactions occurring everywhere in the world.

Unfortunately, when the model was built they forgot to include a way to charge merchants. So the data is just sitting there, unused but building every minute as hundreds of transactions go through the platform daily.

I would like to see a PITA Customer database

me too!

Maybe the other large transaction providers like Elavon or Paymentech has been compiling this data and will make it available to the merchants at some point. I would imagine there are some privacy issues as well when giving out this information.

But these transaction processors would be the best bet at compiling this information - better than the card associations (like VisaNet). The transaction processors would have data from over a hundred gateways and on all the card brands, not just one.

Sure the gateways could start to gather this data as well but it would not be as good as the transaction processor.

Actually, LinkShield used to be free years ago when it was owned by Cardservice but as First Data bought the company, LinkShield was not offered any longer, but still there - and if you knew someone who had access to the system, the merchant could still get it.

Then when KKR bought the company, the product basically vanished over night - mainly because most of the employees who had worked 10-20 years at the company were let go. It is rumored that KKR realizes the value of such information but if they ever offer it again, who knows.

*** history of CC# activity ***

How do you get that data? Lots of privacy concerns for card holders.