E-Comerce Web Design
POSTED by: on 01/24/2012
If you are a small or medium business looking to add an online storefront or shopping cart to your website, finding the right eCommerce solution can be a time consuming task. Below is our eCommerce overview to help make the process of little easier.
SMB eCommerce Solutions
In these days of credit card fraud and identity theft the watchword for eCommerce is Security, Security, Security.
The need to exchange money securely online has become increasingly important. A recent PayPal survey on Shopping Cart Abandonment found that 21 percent of respondents expressed concerns about the security of their credit card data.
In addition, businesses may be held liable for breaches in security. The Payment Card Industry has established the Payment Card Industry Data Security Standard (PCI DSS), a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Penalties for PCI DSS noncompliance can range from $5,000 to $100,000 per month. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.
So how do you, the business owner, determine the best eCommerce solution to protect your customers and yourself as well? For SMBs, “outsourcing” the checkout process with a payment service such as PayPal, or hosting your web store on a PCI certified eCommerce hosting service are probably the best options. For those who wish to “self host”, make sure your shopping cart is PA-DSS certified. Here are some recommendations for “PCI compliant” eCommerce solutions…
Host Your Store with Amazon
Amazon WebStore is powered by online retail leader Amazon, the most trusted name in eCommerce. Amazon WebStore is one of the easiest ways to get a shopping cart up and running. This is a “hosted” eCommerce solution, you will not have to process or manage shopping cart or server software upgrades. The downside is that it is not as customizable as other solutions. If you are trying to maintain the same look and feel as an existing website you have fewer options with Amazon Webstores. Also the fees are higher than other solutions.
Pricing: $24.99 per month + transaction fees
| Transaction | Fee |
|---|---|
| less than $10 | 7% + $0.05 |
| greater than $10 and less than $3000 | 4.9% + $0.30 |
More Info
PayPal Website Payments Standard
PayPal is one of the most popular ways to pay for something online. Consumers recognize PayPal, putting them more at ease when making a purchase at your online store.
PayPal offers many different payment options. The best option for SMBs is to “outsource” the payments procedure using Website Payments Standard. With Website Payments Standard, PayPal handles the payment card information for you. So your business doesn’t have to worry about PCI Compliance.
There are three basic ways your e-store can interface to Website Payments Standard:
- PayPal Payment Buttons – The easiest solution to get up and running. Best for a limited number of products that don’t change very often. The look and feel of your e-store is identical to your website.
- Third-Party Shopping Cart – Virtually all popular shopping carts (Such as Magento, Zen cart, Opencart, PrestaShop and OSCommerce, to name a few.) work with PayPal Website Payments Standard. Getting the shopping cart up and running is much more complicated than using PayPal Payment Buttons. Getting the look and feel of the e-store to match your current website is more difficult as well.
- Advanced Integration (HTML/API) – For advanced users, how to make your own customized buttons.
With Website Payments Standard when the customer clicks “check out” or “buy now” they are taken from your website to PayPal’s secure website to complete the credit card payment transaction. The look and feel of your e-store is identical to your existing website (when using PayPal buttons), however the checkout portion on PayPal’s website has limited customization.
One problem with PayPal Website Payments Standard is that historically there has been a significant percentage of shopping cart abandonment. Customers get confused by the jump from the e-store to PayPal’s website. This has led businesses to try other solutions such as “Hosted Shopping Carts” or “Self Hosting” (see below), where the credit card transactions take place at your e-store. The downside of these solutions is having to deal with PCI-Compliance.
PayPal Website Payments Standard Pricing: $0.00 per month + transaction fees
| Transaction | Fee |
|---|---|
| $0 to $3,000 | 2.9% + $0.30 |
| $3,000 to $10,000 | 2.5% + $0.30 |
More Info
- Website Payments Standard
- The PayPal Shopping Cart – Add to Cart and View Cart Buttons
- Buttons for shopping cart purchases
- Mandatory PCI Compliance: With PayPal, it’s easy
Other Outsourcing Options
- Google Checkout
- Google Checkout overview: Compliance with Payment Card Industry (PCI) standards
- Checkout by Amazon. But is the new version of CBA PCI compliant?
Hosted Shopping Carts
In addition to Amazon WebStore, here are some other PCI-DSS Compliant Shopping Cart hosting services. See the following list of “validated service providers” (maintained by Visa) for the latest up-to-date information: Global List of PCI DSS Validated Service Providers, (pdf, 60 pages)
| Service Provider | Pricing | Webpage Customization | Payment Processing |
|---|---|---|---|
| 3dCart | $19.99 – $199 per month | Free templates, Premium templates ($199), Custom templates ($999-$3999) | 3rd party, (List of 3rd-party payment providers) |
| CoreCommerce | $19.99 – $199 per month | CoreCommerce Customization Guide, Free templates, Custom templates ($1499-$1999) | 3rd party, (List of Payment Processors) |
| Volusion | $29.99 – $179 per month | Free Templates, Premium Templates, Custom Design ($1995-$5995) | 2.17% transaction fee, (Credit Card Processing) |
| Go Daddy Quick Shopping Cart | $9.99 – $49.99 per month (+ hosting $4.99 – $14.99 per month) | 800 design and color combinations, some customization: logo, colors, fonts, images, navigation | Go Daddy Merchant Account: $59.99 application fee, 2.1% + $0.20 per transaction |
3rd Party Payment Processing Providers
Once you’ve selected your PCI-DSS certified Hosted Shopping Cart solution you’re still not done because most Hosted Shopping Carts will need to interface to a backend third-party payment processing provider, which have additional setup and transaction fees. The payment provider, or Payment Gateway, authorizes payments for the hosted shopping cart. The Payment Processing Provider will usually require an internet merchant account with an acquiring financial institution. In addition, you will need a valid Secure Socket Layer (SSL) certificate.
Below is a comparison of several popular Payment Processing Providers:
| Product | Setup Fee | Monthly Fee | Transaction Fees |
|---|---|---|---|
| Payflow (Pro) Payment Gateway | $179.00 – $249.00 | $19.95 – $59.95 | $0.10 |
| Authorize.net | None | $20 – $50 | $0.10 |
| Intuit InnovativeGateway | None | $17.95 | $0.23 |
Self Hosting: Should SMBs Avoid It?
PCI compliance involves not only shopping cart software, but also web server hardware and software and security policies.
PCI compliance is a continuous process. With a “self-hosted” solution, you will be responsible for keeping your shopping cart and content management software updated to the newest version to protect from SQL Injection hacks, and other security breaches. You will also need to make quarterly PCI Security Compliance Scans.
Unless you are a “computer person” or have a IT person/department that can keep your online store up to date, you should probably avoid self-hosting.
However, if you do decide to self-host, make sure your shopping cart is PA-DSS certified. As of this date, there are 20 PA-DSS certified shopping carts. One such cart, that we recommend, is PDG Software.
As well as being a PA-DSS certified shopping cart, PDG is one of the few shopping cart companies that is an Intuit QuickBooks Gold developer. If you are looking for a QuickBooks integrated shopping cart that is PA-DSS certified, PDG is the best, if not only, solution. For more information on PDG, including approved hosts and Quickbooks integration…
- PDG and Quickbooks Integration.
- More on PDG and Quickbooks.
- Quickbooks POS and PDG Integration.
- Quickbooks Merchant Services and PDG.
- Some PDG recommended hosts. (including inmotion)
- Intuit Software Solutions – PDG is an Intuit “Gold” Developer.
- PDG Forum
Some things to avoid when self hosting:
- Self-hosted shopping carts that aren’t PA-DSS certified. (such as Magento, Zen cart, Opencart, PrestaShop and OSCommerce, to name a few.)
- Self-hosted shopping cart solutions that use content management systems such as: Joomla, WordPress or Drupal.
External Links
[Right] A Video by Authorize.net with an introductory explanation of PCI-DSS.
The links below offer more information about eCommerce, shopping carts and online credit card security…
PCI-DSS and PA-DSS References/Resources
- PciGuru – A PCI standards blog. The latest news and thoughts on PCI-DSS and PA-DSS.
- PCI DSS Wikipedia
- Payment Application Data Security Standard (PA-DSS) Wikipedia
- PA-DSS July 1, 2010 Deadline
- PciSecurityStandards.org
- Information for Merchants
- PCI SSC Data Security Standards Overview
- PCI SSC Data Security Standards Overview
- Navigating PCI DSS Understanding the Intent of the Requirements (pdf. 55 pages)
- Ten Common Myths of PCI DSS (pdf)
- PCI DSS Self-Assessment Questionnaire (pdf)
- Payment Application Data Security Standard Version 1.2.1
- Payment Application Data Security Standard
- PCI FAQ pcicomplianceguide.org
- Not PCI Compliant? No Problem. To date, there’s been no enforcement of the PCI standards…
- Global List of PCI DSS Validated Service Providers, Visa (pdf, 60 pages)
- Qualified Security Assessor List PciSecurityStandards.org (pdf)
- Anitian.com Qualified Security Assessor (QSA) for PCI compliance.
Located in Beaverton Oregon. 1-888-ANITIAN (264-8426)
- Anitian.com Qualified Security Assessor (QSA) for PCI compliance.
Glossary of Terms
- Qualified Security Assessor Wikipedia
- Acquirer Wikipedia
- Penetration Test Wikipedia
- Credit Card Industry Terms ISO, Acquirer…
- Acquirer
Like My Post? Please Leave a Comment!
We would love to hear your thoughts! Please share below....comments are moderated and may not appear right away...
