tvspec Posted August 23, 2005 Share Posted August 23, 2005 I've been reading a lot of posts about shopping carts and SSL and certificates. I just want to make sure I understand this alright. The basic things you need to do e-commerce are: 1)Shopping cart/catalog system (which you can do with OsCommerce that TCH offers) 2)SSL Certificate to use in conjunction with the shopping cart/catalog system - to make the transactions secure. Basically, I'm very concerned about doing an e-commerce site for someone else, because I don't have enough experience in doing it, and I'm afraid of credit card vulnerability issues, etc. Are those the two basic things you need to do e-commerce? Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted August 23, 2005 Share Posted August 23, 2005 I've never built an e-commerce site but yes, that is what you need. Quote Link to comment Share on other sites More sharing options...
tvspec Posted August 23, 2005 Author Share Posted August 23, 2005 And with the SSL certificate I shouldn't have to worry about other security vulnerabilities - correct? Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted August 23, 2005 Share Posted August 23, 2005 The SSL will provide a secure connection between the buyer and site. It is your responsibility to be sure that your site and databases don't get compromised. Quote Link to comment Share on other sites More sharing options...
stevesh Posted August 23, 2005 Share Posted August 23, 2005 I always worry about security vulnerabilities. I use Zencart with my own SSL certificate. I also use Verisign for credit card validation. Not that expensive, and I'm leery of the credit card acceptance methods built into some of the shopping carts which send half of the CC number with the order and the other half in a separate email. A lot of Zencart users only accept Paypal, but I wouldn't buy from a site which wouldn't accept my credit card directly, and I think there are a lot of people who feel the same way. Steve Quote Link to comment Share on other sites More sharing options...
stevevan Posted August 23, 2005 Share Posted August 23, 2005 Sometimes it's a good thing to be paranoid! Sounds like you have a pretty good plan put together. Quote Link to comment Share on other sites More sharing options...
tvspec Posted August 24, 2005 Author Share Posted August 24, 2005 From what I understand, the site that someone wants me to do only has about 7 products on it. I'm fairly certain there won't need to be an inventory-count database behind it. What vulnerability issues could there still be? With OsCommerce, it appears to me that the only thing I would be worried about is people getting into customer info. Do you know if OsCommerce keeps credit card info? Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted August 24, 2005 Share Posted August 24, 2005 No, it does not keep the entire cards number. At last time I used it, the database did not store all of it. Quote Link to comment Share on other sites More sharing options...
tvspec Posted August 24, 2005 Author Share Posted August 24, 2005 So then, if I understand, the only real vulnerability would be the customer name, address, etc? (not the credit info) Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted August 24, 2005 Share Posted August 24, 2005 Provided they can gain access to your admin interface of the shopping cart or your database, yes. Quote Link to comment Share on other sites More sharing options...
tvspec Posted August 24, 2005 Author Share Posted August 24, 2005 If I only enable Pay Pal on OsCommerce - that appears that it takes you to the Pay Pal website and they can then proceed to pay with or w/o a paypal account. If I give pay pal as the only option - then I shouldn't need SSL - correct? Quote Link to comment Share on other sites More sharing options...
stevesh Posted August 24, 2005 Share Posted August 24, 2005 Technically true, but... I don't want to get off on a rant here, but it looks to me like what you're trying to accomplish is an Internet sales website at the absolute minimum cost. I see this on a lot of ecommerce forums. My thinking goes like this: TCH Starter Plan - 4.00 /month - 48.00 / year Domain name --------------------- 10.95 / year SSL ----------------------------------150.00 / year Your time --------------------------- 0.00 / year Total -------------------------------- 208.95 / year or 17.41 per month If 17.41 a month is meaningful money to you, it seems to me that your time would be better spent getting a part time job and saving up a little capital to start your web business. I'm not trying to discourage you or anyone else from going into business - far from it. But you have to be realistic about what you're going to need to invest to do it right. I don't buy from websites which only accept Paypal because I don't want to do "business" with some guy working on less than a shoestring out of his spare bedroom, who will disappear when I need to return something defective. A merchant account and an SSL certificate tell me something about your commitment to what you're doing. Just my $.02 worth - comments appreciated. Steve Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted August 25, 2005 Share Posted August 25, 2005 I don't buy from websites which only accept Paypal because I don't want to do "business" with some guy working on less than a shoestring out of his spare bedroom, who will disappear when I need to return something defective. I thought that way as well, until I saw 90% of my business was from PayPal. I still kept the SSL and PayPal was transparent while using my cart so you never "left" my site. Often PayPal is a good starting point so you can gage how well your business may do after opening a shop. If your site does pretty well just using PayPal then you can expect some increase is possible if you add a merchant account, this might be the incentive needed to spend the extra money to start one up. Many new on-line merchants start on a shoestring budget providing a product they make or the like. Just because they do not have deep pockets does not mean they do not back up their product. Remember that some people do it as a hobby or because they love making what they make. It makes them no less dependable and often the smaller mom and pop on-line shops give much better service than some of the larger places. Quote Link to comment Share on other sites More sharing options...
tvspec Posted August 25, 2005 Author Share Posted August 25, 2005 Thanks for both of your inputs. Personally, I would spend the extra money for the SSL and certificate - but I'm trying to give the person whom I'm proposing a design to - the different options. And yes, they are on a shoe string budget. Quote Link to comment Share on other sites More sharing options...
vengavenga Posted August 25, 2005 Share Posted August 25, 2005 I'm a big fan of Paypal ... we've tried offering other payment methods, however the majority of our clients either prefer to pay by Paypal or aren't bothered how they pay as long as they can pay somehow. We had a merchant account at one time, but ended up cancelling it as it was so rarely used. There are a lot of scare stories about Paypal, and I've no doubt some people have had problems, but speaking from personal experience we've not had a single problem with Paypal in around 4 years of using them ... that's processing fairly high value transactions on an almost daily basis. I think some customers do still think that they need to become a Paypal member in order to send payments, but this is no longer the case so long as they go to the Paypal site via a shopping cart of some sort (which osCommerce stores do). The situation is even better for US vendors (it doesn't apply here in Europe yet) whereby sites can accept Paypal payments without the customer having to visit the Paypal site at all (not looked into this as it doesn't apply to us, but I'm assuming you'd need SSL for that). Also, as the clients that we design ecommerce stores for tend to pay us in Paypal, I tend to shop online using some of our Paypal balance - can't remember the last time I used a credit card online ... sure I'm not the only one. Just another 0.02 to add to the story Ali. Quote Link to comment Share on other sites More sharing options...
msohns Posted October 6, 2005 Share Posted October 6, 2005 I'm a big fan of Paypal ... we've tried offering other payment methods, however the majority of our clients either prefer to pay by Paypal or aren't bothered how they pay as long as they can pay somehow. We had a merchant account at one time, but ended up cancelling it as it was so rarely used. There are a lot of scare stories about Paypal, and I've no doubt some people have had problems, but speaking from personal experience we've not had a single problem with Paypal in around 4 years of using them ... that's processing fairly high value transactions on an almost daily basis. I think some customers do still think that they need to become a Paypal member in order to send payments, but this is no longer the case so long as they go to the Paypal site via a shopping cart of some sort (which osCommerce stores do). The situation is even better for US vendors (it doesn't apply here in Europe yet) whereby sites can accept Paypal payments without the customer having to visit the Paypal site at all (not looked into this as it doesn't apply to us, but I'm assuming you'd need SSL for that). Also, as the clients that we design ecommerce stores for tend to pay us in Paypal, I tend to shop online using some of our Paypal balance - can't remember the last time I used a credit card online ... sure I'm not the only one. Just another 0.02 to add to the story Ali. The organization for whom (for which?) I'm maintaining the web site (on TCH) already has a merchant account for accepting credit card payments for membership dues and meeting fees, but we'd also like the ability to do so online. According to the first post that started this discussion, one needs: a shopping cart system an SSL certificate So, where does one get the SSL certificate, and how does it get implemented? Thanks. Quote Link to comment Share on other sites More sharing options...
stevevan Posted October 6, 2005 Share Posted October 6, 2005 A ticket to the help desk should provide your answer - link above. (The techs would be the ones to install it anyway.) They can also provide you the latest cost for your certificate. Quote Link to comment Share on other sites More sharing options...
MikeLaz Posted December 9, 2005 Share Posted December 9, 2005 Technically true, but... I don't want to get off on a rant here, but it looks to me like what you're trying to accomplish is an Internet sales website at the absolute minimum cost. I see this on a lot of ecommerce forums. My thinking goes like this: TCH Starter Plan - 4.00 /month - 48.00 / year Domain name --------------------- 10.95 / year SSL ----------------------------------150.00 / year Your time --------------------------- 0.00 / year Total -------------------------------- 208.95 / year or 17.41 per month If 17.41 a month is meaningful money to you, it seems to me that your time would be better spent getting a part time job and saving up a little capital to start your web business. I'm not trying to discourage you or anyone else from going into business - far from it. But you have to be realistic about what you're going to need to invest to do it right. I don't buy from websites which only accept Paypal because I don't want to do "business" with some guy working on less than a shoestring out of his spare bedroom, who will disappear when I need to return something defective. A merchant account and an SSL certificate tell me something about your commitment to what you're doing. Just my $.02 worth - comments appreciated. Steve ================================================= Steve... Thanks for the high-level costs on running an e-commerce. I would like to adsd a few more pennies.... You forget one major piece of information, i.e., a vendor to process the credit card transations and the associated processing fees. For the uninitiated, these can quickly eat up any profits and turn e-commerce into a loss center. Based on my own real experiences, I have a few suggestions: 1. Unless one already has a good, accurate history of purchases, always select a plan with the lowest sales "minimums". This value/plan can always be increased at little or no additional charge. 2. Choosing a plan which expects More sales than you generate results in add-on fees for not meeting your "minimums". These fees can be VERY costly and can amount to more than the base monthly agreement and per-transaction charges. 3. There are Tons of vendors who will process your transactions. Be careful, do research, compare total costs (monthly access, per-transaction and interchange fees) and be very selective. 4 Outside of PayPal, Visa/MC are the normally accepted forms of payment. Accepting Discover or American Express may be an additional charge, so check on ANY and ALL possible add-on fees before you enter into a contract. 5. If you are just starting, never enter into an agreement for more than 1 year. I have found that by talking to the sales group, one can get contracts for a little as 3 months. From my own personal experiences, I would not recommend FirstData or any company associated with them (GlobalServices, etc). Quote Link to comment Share on other sites More sharing options...
soundweaver Posted December 16, 2005 Share Posted December 16, 2005 I'm researching how to set up online donations and sales of crafts for a church outreach program, and have found the prior posts here helpful, thanks. What would be the most cost effective way of doing this, that would allow people to use Visa and Mastercard for purchases? Do I understand correctly that if we go with OSCommerce and Paypal, people will still be able to pay by credit card? It also wasn't clear to me from the preceding posts whether we would need SSL or if Paypal handles that. Any advice appreciated. Caryn Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted December 16, 2005 Share Posted December 16, 2005 Paypal handles that aspect and I believe you can use it even if the customer does not have an account with PayPal. Quote Link to comment Share on other sites More sharing options...
duffs Posted February 2, 2006 Share Posted February 2, 2006 I still kept the SSL and PayPal was transparent while using my cart so you never "left" my site. Hi, How do you do that exactly? Is that using Paypal's Website Payment Pro? Thanks. Quote Link to comment Share on other sites More sharing options...
TCH-Tim Posted February 2, 2006 Share Posted February 2, 2006 Website Payment Pro will allow customers to use credit cards on your site without leaving. There is a $20 monthly fee in addition to the transaction fees. Quote Link to comment Share on other sites More sharing options...
Pendragon Posted February 14, 2006 Share Posted February 14, 2006 The organization for whom (for which?) I'm maintaining the web site (on TCH) already has a merchant account for accepting credit card payments for membership dues and meeting fees, but we'd also like the ability to do so online. According to the first post that started this discussion, one needs:a shopping cart system an SSL certificate So, where does one get the SSL certificate, and how does it get implemented? Thanks. If you already have a merchant account, find a cart that can use authorize.net, which will let you accept CC payments (and even echecks) associated with your existing merchant account (and make sure your merchant account accept authorize.net). Just keep in mind that the fees for having both can add up pretty quick. Unless you are doing a lot of online transactions (or are hoping to), it would be cheaper to just call the customer to obtain their info, or get an 800# for them to call you. That being said, I found that people will give their CC info to a website, but won't call you in person to do so, but will pay with paypal just about any day. Quote Link to comment Share on other sites More sharing options...
duffs Posted February 14, 2006 Share Posted February 14, 2006 Hi, As for an SSL, I believe: 1. You can buy one from Total Choice for 115.00 2. You can buy one elsewhere for cheaper. Some of the cheap ones, like 50.00, will only work for a single domain. There's one called InstantSSL http://www.securessl.co.uk/products/comparison.html 3. I think you can use a shared SSL from Total Choice for free, but I don't know how this works or how it dffers from one you purchase. Quote Link to comment Share on other sites More sharing options...
duffs Posted February 14, 2006 Share Posted February 14, 2006 Also, if you use Paypal's free shopping cart, you don't need an SSL because all the credit card info is entered on Paypal's site. If you use Paypal's Website Payment Pro, however, which costs 20.00/month, you do need an SSL because the customer would never leave your site. Quote Link to comment Share on other sites More sharing options...
crippen Posted February 15, 2006 Share Posted February 15, 2006 (edited) Also, if you use Paypal's free shopping cart, you don't need an SSL because all the credit card info is entered on Paypal's site. If you use Paypal's Website Payment Pro, however, which costs 20.00/month, you do need an SSL because the customer would never leave your site. Hey duffs, I really need to start learning more about the PayPal options - do you have any quick link to information about that PayPal free cart? edit ... nvm I found it (google is my friend) Edited February 15, 2006 by crippen Quote Link to comment Share on other sites More sharing options...
duffs Posted February 15, 2006 Share Posted February 15, 2006 Hi, Yeah, what was life before Google even like? Besides the info on the Paypal help pages, another good source is the Paypal forum: http://www.paypaldev.org/ For instance, I remember a thread from last year that talked about the IPN having a bug. The IPN is a way to tell your website that someone ordered, but occasionally it wasn't doing this. I think they've fixed this, but the forum is a great way to see if there are similar problems. Quote Link to comment Share on other sites More sharing options...
dpkyte Posted February 22, 2006 Share Posted February 22, 2006 SSL is not Annual Fee correct ??? I thought it was a 1 time fee of Say $$150 @ TCH. Quote Link to comment Share on other sites More sharing options...
TCH-RobertM Posted February 22, 2006 Share Posted February 22, 2006 Hello, SSL's are an annual renewal purchase. Certificates are only good for 1 year from date of purchase. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.