Starting A Small Ecommerce Site?

The Alternatives:

Buy your own server and shopping cart - inventory software with your own web merchant account: Good solution for outfits like Dell and Microsoft, not so great for a small business. You must set up your own server at your office, or co-locate it at another ISP to play at this level, then there's the internet connection, the software and the bank to deal with, not to mention a raft of personnel to run the show.

Locate website with providers that offer payment, inventory and accounting systems: Since it is expensive to set up secure servers, merchant accounts with a bank, and payment/inventory and accounting software, such major players as ibm (warning - popup spam!) offer these sorts of arrangements. You may get locked into expensive contractural maintenance and site-hosting obligations with this approach, although they usually handle many of the details. There are a number of competitors in this market, but it is never as cheap as it sounds, and you end up obligated before you get started. You may also find it's impossible to move your site elsewhere afterwards, or that you don't even own it!

Buying your own shopping cart - inventory software and using of a third party "clearinghouse" to process payments: More complex and expensive upfront, but clearinghouses are little cheaper per transaction than billing companies. This is not usually cost effective for a small startup, and requires custom programming to impliment the payment clearinghouse connection. You may not be able to use certain payment software with your current server, but may be able to use an existing merchant account to manually process your charges.

Using a shopping cart solution that is provided by a billing company, routing orders through their system: They also provide you with pricing control and inventory and accounting management interfaces. While you and your business retain complete freedom, the percentage they charge you must be considered, as well as the setup fees. This is much cheaper than buying and installing software of your own, and you can switch billing companies or hosting companies whenever you like. It also gives you access to their database of bad cards.

Simply taking orders by email, regular mail or phone: The most inexpensive solution, requires minimal programming on the website to generate and/or email order forms for your customers. You maintain freedom to accept any form of payment that you can process including cash, money orders, checks or even credit cards if you also have a bricks and mortar store.

The Solutions:

Due to the high rate of internet fraud and disputed transactions, the credit card companies new rules are basically forcing merchants to use Virtual Terminals with Real Time Processing.

Why? It guarantees the credit card info will be entered on a secure system, and ensures the customer is "on the line" so tracing the computer in use is easier. Credit card companies made light work of lobbying legislators, already hungry to impose new sales taxes on the internet, to allow them to use their monopoly powers to force the market onto a single system suitable for more easily tracking all ecommerce.

Mastercard is planning to charge $1,000 per month and Visa $5,000 per month by the third month or $25,000 per month after that for merchants who aren't in compliance.

Real Time processing uses a "Virtual Terminal". If a cardholder inputs info onto a form, or via an email to place an order and includes their card info, that's it. If you already have a cardholder's credit card info on record and they simply send you an order without the credit card info, via a form or email, that is NOT included. If they FAX you the info, that is a mail order/ telephone order and NOT included. You can still use your software, keypads, terminals, etc., to process recurring billing and mail/fax/phone orders. Just NOT fresh ecommerce transactions.

The annoying thing with credit cards is that banks can charge-back any transaction at anytime, leaving you stuck with the penalty fees and the loss! Other methods of payment are all vastly superior, especially where merchandise losses are involved, as opposed to access-payment for subscriptions.

Another less than wonderful alternative, are "Internet-Cash" schemes that allow users to purchase "virtual" currency that can only be spent at participating websites. This one bears watching...

Problems in Ecommerce Paradise?

Information has been circulating that renews consumer concerns about the quality of security employed, and serious shortcomings of some common local-software type of Ecommerce programs installed on hundreds of shopping cart type sales installations. Especially vulnerable, Microsoft's NT/2K Server (ASP-IIS) and Internet Explorer software have been shown to have continual, serious failings. Just recently, a Toronto, Ontario television station had it's Windows box hacked and discovered, to their horror, that hundreds of prize registrants were being notified by calls placed from pay phones to claim prizes they had not won!

The Los Angeles Times and other sources often report that they've managed to download pages of credit card numbers, travel reservations, e-mail and other information from Internet sites by simply searching for these files using common search engines like Alta Vista, Google and Hotbot.

IE 4 has been shown to store and keep local copies of sensitive one-time transaction data on your computer, that others (with access to your machine) may find. IE5-6 has a bug that allows anyone using your computer to enter a password protected resource you have previously visited! Even Netscape 6.1(still beta) are now offering these sorts of stupid, foolish "remember my password" nonsense!

More than ever before, potential vendors should consider only iron clad secure transaction solutions that are designed and maintained by professionals and certified to be Y2K, hacker proof and adaptable to newer standards and requirements as they become necessary.

As all should be aware, only a secure, encrypted browser connection with the sort of server defined by the secure https:// protocol, as opposed to the plain http:// connection made for 99% of most common web pages, guarantees the customer and seller that the data (credit card info, personal address etc.) being sent and received is "scrambled" to prevent eavesdropping by 3rd parties.

These parties include your administrators on a local network, the employees of your Internet Service Provider (ISP), and the employees of intervening service providers and possible hackers etc. But even this degree of protection is for naught if the system does not also first, encrypt the archival records (accounting info) it stores on it's server and/or (and far worse) those files are not secured properly from reading access by web surfers or search engine robots without both password protection and high quality decryption software, if they must exist on the web server at all.

Amateur Installs and Systems?

This may raise serious legal liability issues for sites that allow themselves and their customers to be taken advantage of in this way, with ruinous consequences. Buying and installing a version of Ecommerce software and installing it is a temporary solution at best, fraught with many difficulties and without much guarantee of future scale- or upgradability.

Furthermore, what about fraud? Large organizations that carry on large volumes of credit card transactions on the internet have established databases that can protect you from customers that have a record of charging-back their web payments, leaving vendors and billing companies high and dry and robbing you of goods and services! Will your measly local shopping cart payment processor be able to take advantage of such sensitive, and hard won data?

Do you know a cheap lawyer?

Also see: