Ecommerce Web Design Blog

You're creating a website for your business. Should you buy web hosting and build it yourself? Or an ecommerce package that is ready to go and includes hosting?

If you're thinking of setting up a website or refreshing an existing one, a question that you'll need to decide is about how the website will be managed. Will you purchase web hosting and build your own website, or purchase a hosted website where the provider takes care of the installation and management of the server and you take care of the content?

DIY solution with web hosting

If you're setting up a simple text-only website with a small number of pages and content that doesn't change and won't be added to, then a web hosting solution could be right for you. You start by purchasing the web hosting (which is your space on the Internet) and then build the pages on top of that. There are a number of ways you can do this:

• By purchasing pre-made website templates, installing them and writing your content into them using desktop HTML website packages like Frontpage or Dreamweaver.
• By doing it yourself and using an HTML website package to develop your content and publish it to your website
• Paying a website company to build your website template and install it for you.

The main benefit of a do-it-yourself website is usually cost. You also have the benefit of knowing that you are in control. But things can get tricky if you have a large number of pages you wish to maintain or if you wish to install more complex software like shopping carts.

If you install complex software like carts and are not a technical guru and graphic designer all rolled up into one, things can get very stressful, very quickly. For example, what modules do you install and in what order? How do you troubleshoot payment method issues? What if your customers are contacting you about receiving errors as they go through checkout? How do you set up gift vouchers? What if your order emails are not coming through? How do you set up the database to allow for bulk importing of products? What if your buttons don't display correctly or do not work?

While text-only DIY websites have little room for error, the complexity of the cart, checkout, payment and shipping components of shopping carts make them a huge troubleshooting challenge if things go wrong. How do you install security updates? If you have installed your own DIY cart you won't be able to get support from your hosting provider and could be left trawling the Internet for hours, posting on forums, or paying consultants to fix these bugs. Not a good situation to be in if you have angry customers hounding you to get your site working again.

Hosted solution

More than ever, more complex website and ecommerce applications like shopping cart software, directories, forums, booking sites, real estate sites and car listing sites are being offered as hosted-only solutions. The benefits are:

• You focus on what you do best: running your business
• You don't need to be a graphic designer and PHP programmer all in one
• The provider takes care of installing security updates, optimising the server, fixing application bugs, installing payment methods and configuring the graphics template.

If you're running a small business, you might save costs in installation and support by having your own DIY website, but if your competition is fierce do you really have time to use all your time installing and maintaining your website software as well? Would you do your own signwriting? security? electrical wiring? People who want to focus on their business and not on the technical aspects of their website are choosing hosted solutions for these very reasons.

Osc Works offers both web hosting packages and hosted web design or shopping cart software packages

Selling online can be an ideal way of breaking into the tough US market. You can even use US suppliers and distributors.

If you're an Australian looking to break into the US market, e-commerce could be the solution for you.

Americans are heavy Internet users and frequently look to the Internet for ideas and products to purchase. As at the end of December 2007, Nielsen/Net Ratings reports 212 million US Internet users which represents 70% of the US population. Other sites report even higher figures. A report published by Forrester Research in May 2007 predicted that total online sales (excluding travel) would break $259 billion for the year ($174 billion excluding travel). This represents a huge potential for any business looking to export online.

Australians can take advantage of the heavily developed logistics industry in America. Warehousing, merchandise storage and even dropshipping are very developed in the US market and in many cases more developed than in Australia. For example, the US have a number of fulfillment warehouses, which are large warehouses that store products from multiple suppliers and industries and allow you to outsource the distribution element of your logistics.

If you are selling online to the US, think carefully about the shopping cart software you purchase. Can it be reconfigured for multiple currencies, international tax, can it add American payment methods? ozCart is tailored for Australians but can be easily re-configured for the US market - just ask us about using ozCart to sell to America.

If you are looking to use ecommerce to export to the US, think about the following:

• Once you have gained purchases from US based customers, you could use permission-based email marketing to continue to keep them informed about your products and services and come back to buy more. Encourage trial, as in many industries the US market is nervous about new products until they are proven
• Try contact the Australian Trade Commission (Austrade). They have a section on their website devoted to helping people exporting online.
• Research the US market you are selling to. You'll usually find plenty of information by searching for your product market and adding the words "online sales", "statistics", "market size", "market information" or combinations of these words. Look out for 2008 versions of the reports referred to in this article and visit the Internet World Statistics website for up-to-date statistics on worldwide Internet usage and patterns.
• Give it time. Exporting case studies often report it takes three years for the American market to build sufficient trust in your products to generate enough regular repeat buyers.

There are many success stories about online exporting to the US market. Is it time for you to take advantage of this business opportunity?

What are the PCI DSS standards and how could they affect your business if you are accepting credit cards?

To protect against credit card fraud online, in October 2007, new Payment Card Industry Data Security Standards (PCI DSS) were introduced. These new standards applied for merchants handling credit card data. These standards affect anyone who is storing, processing or transmitting credit card information. How could it affect you?

The standards include a number of mandatory requirements and procedures that need to be followed if you are collecting, storing or transmitting credit card details online. These credit card details are called PANs in industry-jargon which stands for Primary Account Numbers. The standards also apply to the network components (your computers, servers, and applications that process the credit card details).

They were developed PCI Security Standards Council, which includes companies like Visa, MasterCard, American Express and JCB. The purpose of the standards is to encourage the takeup of consistent data security procedures all around the world.

PCI DSS standards are not specific laws in most countries, but are enforceable because of the contract you sign when you get your merchant account. Processing transactions via Visa or MasterCard forms a contract with those organisations under the terms and conditions of your merchant account. Those terms and conditions allow Visa and MasterCard to impose heavy fines for failure to comply, so it is important that you make sure you understand the requirements.

Read on to find out how PCI DSS affects you and some simple steps you can take to make sure you stay compliant.

If you are using a bank or third party payment provider's website to collect and process credit card details
The good news for you is that you don't need to do anything else because customer credit card details are being collected on another website to yours. You and your website are not in possession of or responsible for the customer's credit card data at any time. This means the new standards apply to the third party provider - it services like Paypal, Paymex, NAB's Payment Gateway Service and Paymate who are subject to the new standards, not you. Payment providers like e-path are subject to the rules too, as they collect credit card details as if they were a third party processor but do not actually process the card transactions. You log in and process them manually. This means that you will need to treat the credit card details you receive from them in the same way you would if you were processing them manually in a physical store.

If you are using manual credit card processing in your ozCart store
The manual credit card processing application takes half of the card information collected and emails it to you, so only half is saved in your store. This means that a hacker would have to penetrate both your email and your store in order to engage in a fraudulent transaction. This level of security complies with PCI DSS if you are using SSL on your store and a firewall on your email application because credit card details are not being stored in one place.

If you are using a payment gateway provider like eWay or DirectOne with SSL
As in many cases accepting credit cards in your store directly improves conversation rates from fewer clicks, being compliant without shifting to a third party payment solution is something definitely worth striving for. How easy is it to do? The good news is that answer to this is that with ozCart, compliance can be an easy process. Compliance covers the software used to collect credit cards and transmit them to a gateway like eWay, and the transmission system themselves. The rules also extend to the servers your store is housed on, which are managed by us.

There are 12 specific rules that apply under the standards:

• Install and maintain a firewall (Our servers are heavily firewalled and this is monitored 24/7. We regularly track potential exploits and tweak our firewall rules to protect against them.)
• Do not use vendor default passwords (Every customer receives their own randomly generated password to access the secure section of their site)
• Protect stored data (Behind the scenes all customer passwords are encrypted in the database, and credit card details are not saved)
• Encrypt transmission of cardholder data (Customers using payment gateways are required to use SSL Certificates for this purpose. The payment providers make this a mandatory requirement. Platinum customers get SSL included for free for the first 12 months)
• Use and regularly update anti-virus software or programs (You should ensure your computers have anti-virus whenever you do anything online)
• Develop and maintain secure systems and applications (We actively manage the security of our servers and install new updates and patches as required. Our servers are managed 24/7)
• Restrict access to cardholder data by business need-to-know (full credit card information is not saved in your store and cookies are not used to save sensitive data)
• Assign a unique ID to each person with computer access (Each customer has their own username and password)
• Restrict physical access to cardholder data (Full card information is not saved in your store)
• Track and monitor access to cardholder data (Your server logs the IP address of every visitor and the time of their visit and what pages they accessed. Full cardholder data is not saved by your store)
• Regularly test security policies and procedures (The server your site is housed on is actively managed and tested.)
• Maintain a policy of information security for employees and contractors (Our datacenter requires a two part physical badge process for all access to the DC and has 24/7/365 video monitoring of all entry/exist points and common areas. We have information security policies in place for support staff and suppliers, you should ensure you have these for your employees too.)

Merchants that need to comply with the standards are divided into four categories. The categories are:

• Level 1 - Visa and MasterCard global transactions totalling $6 million and up, per year, and any merchants who experienced a data breach.
• Level 2 - Visa and MasterCard transactions totalling $1-$6 million per year.
• Level 3 - Visa and MasterCard e-commerce transactions totalling $20,000-$1 million per year.
• Level 4 - Visa and MasterCard e-commerce transactions totalling 1-$20,000 per year.

Most Internet merchants processing transactions through payment gateways fit into level 4.

What does it take to comply?

• Ensure you have developed a privacy policy, returns policy
• If you are accepting credit cards, ensure you have SSL on your site. Platinum customers get this for free for the first 12 months, Advanced package customers can purchase this additional ecommerce feature for $99
• Complete a self assessment questionnaire. Some elements of the questionnaire relate to your own office computer network so you will need to complete an on-site audit to answer everything.
• Provide a PCI Compliance Statement on your website (optional)
• Pass network scans (quarterly) through an approved vendor such as ScanAlert™ (who offer the Hacker Safe TrustMark). Level 1 merchants must also pass penetration tests.

Completing the questionnaire is easy and can help you identify potential security vulnerabilities - protecting yourself against potential hackers and security breaches online and offline as well.

For more information
Visit http://www.pcisecuritystandards.org

The growth in online shopping is only set to continue in Australia and worldwide.

In Australia and worldwide, Online shopping is growing massively. Retailers that wish to stay ahead of their competition are well advised to start thinking about starting an online store today.

In the next five years, US$1 trillion will be purchased online or influenced by information found about products and services online, according to Forrester Research. As at the end of December 2007 there were 15 million Internet users in Australia representing 75% of Australia's population. Not all of them are shopping online yet, but Hitwise Australia reported that last July, 28,000 classifieds and shopping sites were visited by Australian Internet users and accounted for almost 6% of all Australian Internet traffic. The potential is huge.

Some of the trends Hitwise Australia have reported are:

• Huge growth in the online House and Garden sector (consumers browse online and buy in store).
• Growth in the electronics sector - with car audio, games, LCD TVs, DVDs, XBox 360s and CDs all commonly searched
• Continued growth in traffic to shopping and classifieds websites

Security remains a key factor for both buyers and sellers. Buyers want to know they can trust the site to get their goods and that the privacy of their credit card details will be preserved. Sellers want to know that they are not being defrauded.

Trends such as these create opportunities for businesses to sell their products online and take advantage of store-pick-up methods of shipping. Or simply to showcase them and publish stock levels. Either option grows business revenue and cuts down on postage costs which are a huge deterrent for both buyers and sellers online.

Providing your customers with an easy-to-use shopping experience, good selection of payment options and a strong security policy to build trust can help online businesses be a success. Australia is poised for an online shopping explosion. As a business, how well are you placed to take advantage of it?

Payment gateways help make it easy to pay for goods and services using their credit card online. How do they work and how do you choose one?

If you want your customers to be able to pay for goods and services with their credit card in your online store, you can:

1. Use a payment service like Paypal IPN, Paymex or Paymate
2. Set up a merchant account and process credit card transactions manually (over the phone or by a service like e-path) or automatically through your site (using a payment gateway like eWay, DPS, Payment Express, Paystation, DirectOne)

For more information see our Payment Gateways page

See our Ecommerce Features & Pricing page for more information about the Payment Gateways ozCart accepts.