One of the most important dilemmas facing e-commerce merchants today is which shopping-cart solution to choose for their web stores. The sheer number of options can be daunting—a recent Google search on “online shopping cart” turned up 12.7 million hits, many of them offering shopping-cart products of their own. No wonder it’s a tough decision.

A good way to narrow the field is deciding what kind of cart is most appropriate for your needs: open source (available at no cost) or proprietary (available for a fee). There was a time when many in the e-commerce world frowned on open source products. Some said they were difficult to install and configure, while others bemoaned their lack of available features and technical support. Fortunately for online entrepreneurs on a budget, those days are all but gone.

The latest open source shopping carts offer pretty much everything you’d find in a proprietary solution, provided you have the basic technical expertise to install and configure them. Most have become much easier to install than previous offerings and include numerous developer contributions for increased features and customization. Technical support tends to come in the form of user forums, which at least for the most popular products, are heavily trafficked and often yield answers in a matter of minutes.

The grandfather of open source shopping carts and still among the most popular is osCommerce. In operation for more than eight years, it now claims 176,100 storeowners and offers 4,700 free add-ons. osCommerce is compatible with all PHP 4 versions and features automatic browser-based installation and an object oriented backend.

Another popular choice is ZenCart, which was initially based on osCommerce code but has developed dramatically and is a fully independent product. Known for its long list of added features, ZenCart is PHP-based and uses a MySQL database and HTML components. Its frequently praised gift certificate module allows merchants to create, distribute and manage digital coupons.

An alternative to these two somewhat similar options is Ubercart, a shopping cart product built on top of the leading open source content management system, Drupal. Designed to take advantage of Drupal’s core and other contributed systems, Ubercart gets high marks for its flexibility and intuitive layout.

These are just a few of the open source shopping carts available today. All three are free under the GNU General Public License.

Which of these (or other) open source products would be best for a particular merchant’s online store? That depends on individual business needs. Factors like design flexibility, search engine friendliness, reporting and backend functionality are important to weigh when choosing between products. Most product sites include demos and lists of live sites running the software, which can also help differentiate between competitors.

Are you uncomfortable with the technical requirements of setting up a shopping-cart application? It’s possible that open source solutions are not for you. Proprietary programs cost money, but generally offer configuration, design and support services that can take the headache out of launching a store for the less technically inclined. For others—especially smaller merchants with limited startup budgets—open source solutions can provide precious cost savings at a crucial stage of store development.

Erin Kroll is the PR/VAR marketing coordinator e-onlinedata.

Bookmark It

Hide Sites

Everybody’s talking about Payment Card Industry (PCI) compliance and, if you’re an e-commerce merchant, you probably know by now that you have to bring your online store into compliance with the PCI Data Security Standard (DSS). But what does that mean to you? There’s a lot of confusion about what, exactly, you have to do to achieve full compliance.

One big myth that’s spreading among merchants is that payment gateway, shopping cart or web host compliance alone is all it takes. Get that established and you’re all set. Wrong! That’s a common misconception—and a potentially expensive one once PCI starts issuing fines and penalties against the noncompliant.

Think of it this way: if your house has four doors and only three of them are locked, is it secure against intruders? Of course it’s not. Any one of those locks is a great start, but no more than that. Until all four doors are locked up tight, that house will never be secure. The same goes for your e-commerce site. A compliant payment gateway, shopping cart or web host by itself is good to have but, without compliance in all areas, you’ve got a virtual unlocked door. With a great big welcome mat for intruders just outside.

The good news is that there are companies out there that can help. Just as there are websites that can guide you through completing and filing your taxes, there are many—like those of qualified security assessors (QSAs) and approved scanning vendors (ASVs)—that can walk you through the necessary steps to certified PCI compliance. It’s a complex but ultimately understandable process.

The Road to Compliance—All Gain, Little Pain
The PCI standards are pretty clear. Here’s what they are and some actions you’ll have to take to meet them:

• Build and maintain a secure network: take steps like installation and maintenance of firewalls, and ensure that vendor-supplied default passwords are changed.
• Protect cardholder data: be able to show that you’re protecting stored cardholder data and properly encrypting it for any transmission through networks.
• Maintain a vulnerability management program: use and update anti-virus software and ensure that all systems and applications are secure.
• Implement strong access control measures: take steps to definitively restrict internal access to cardholder data to need-to-know areas/personnel, establishing unique passwords and other identifiers.
• Regularly monitor and test networks: establish a program for testing all security systems and processes; monitor and keep records of all tests run and all access to networks and cardholder data.
• Maintain an information security policy: develop a policy and keep it updated as business conditions change.

Easy, right? Okay, it may seem like anything but. No worries—just take a breath and do what it takes to assess where you stand.

Here’s What You Have to Do (more…)

Bookmark It

Hide Sites

Thinking about adding electronic processing capabilities?
There’s a lot you should know.

There are countless reasons why a business should add credit card and electronic payment processing capabilities: transactional speed, convenience, increased customer satisfaction, improved cash flow, views into sales data and more. But perhaps the most important consideration is the sheer volume of consumers who use non-cash methods as their primary form of payment.

In 2005, credit card and electronic transactions accounted for an overwhelming $3.4 trillion of total U.S. payments, according to The Nilson Report. That’s 50 percent of all transactions nationwide for that year. More recently, Visa USA estimated that nearly 60 percent of U.S. consumers aged 18 to 25 use cards as their primary payment method.

So while the reasons for adding payment processing are clear, understanding all your options and which are right for your business is far more complex. This article will give you the information you need to get started in setting up payment capabilities for your business, and it will provide some of the essential details you need to consider when selecting a provider.

How Payment Processing Works
Some form of the modern credit card has been in use since the late 19th century, mostly as department store charge cards representing lines of credit. Things have changed and today, the step a merchant needs to take in order to accept credit card payments is to establish a merchant account with a bank or third-party payment provider. Once your account is live, the transaction process generally works as follows:

1. A customer presents a credit card for payment.

2. By swiping the credit card through an electronic point-of-sale (POS) transaction terminal, typically provided by the bank or payment provider, an electronic request is submitted to the processing network for authorization.

3. The processing network receives your electronic request and determines if the cardholder’s account is valid and if the funds are available. If so, a response called an “authorization code” is transmitted, guaranteeing your access to the funds.

4. A receipt is then printed for the customer using the POS terminal or your computer. The customer then signs the receipt and, for their part, the transaction is complete.

5. At the end of the business day, a merchant will electronically submit a final request to the processing network to “capture the funds” for all authorized transactions in a given day. This process is referred to as settlement. Once approved, a response is generated to your electronic terminal or computer.

6. From there, the funds associated with the batch you settled are deposited electronically into your business bank account, usually within 48 to 72 hours. Typically, the rate and any fees paid to your merchant account provider are deducted from your account at the end of the month.

7. At the end of the month, your merchant account provider will send a statement to you, detailing the credit card activity for the month and the associated fees you’ve been charged.

This process describes what happens in a traditional retail, or “brick and mortar” sales environment. For Internet and e-commerce merchants, the set-up process requires a few additional steps. (more…)

Bookmark It

Hide Sites