Welcome to WebmasterWorld Guest from 184.108.40.206
Forum Moderators: buckworks
I have read the Shopping Cart 101 thread and had a look at the OS Commerce site which looks very good. However, I am not sure if this is the sort of solution for her. Although I am happy with PHP/MySQL, etc, my total knowledge of secure e-commerce is very small. Any advice would be gratefully received. Thanks!
I know that we need a secured payment solution - I am not sure if SSL is the only way to achieve this - the OS Commerce site was a bit vague. Can anyone answer this for me? Thanks for your help so far!
And you can try using PayPal (it's basically free), and i haven't used them since they started accepting £ and € [webmasterworld.com], the big thing is that you still have to sign up for an account.
Another helpful thread might be:
How do I pick an e-commerce service provider and e-commerce software [webmasterworld.com]
That's sounds like just the ticket. I wasn't aware that most systems did that - I thought they were in the minority. I'll look further into those.
>> And you can try using PayPal
I considered that but the lack of safeguards and the reported problems for some merchants have put me off. Messing this part of my wife's business up would be bad for my health ;-), so I'm going to propose a paid for solution. She's willing to invest in it for peace of mind.
Thanks for the link - I missed that one before. Thanks!
Worldpay and Netbanx will do the trick.
alternatively you can get your own direct merchant account with Barclaycard Merchant Service and then use a 3rd party gateway for processing/security purposes.
as for PayPal, I am not too impressed with it, and only recommend it as a last resort.
Also, if you need a catalog script, take a look at OptionCart - it is designed to be used with Mal's.
This may be the best starter approach for [2checkout.com...]
You dont have to worry about setting up all the technical stuff..they handle all of that..
The fees are actually much less than trying to hook up a merchant account..
The have a plug and play cart and as you grow you can hookup more sophisticated carts to their system.
Because I went through my credit union and I have a relationship
with them, they go to bat for me and stand up for me if there
are problems. This seems to work for me. However, I also
signed up for PayPal for those diehard paypal fans if they want
to use it.
Not really. The orders will take at least a week to make so we can collect the details (say daily) and check them. If there's a problem with a wrong number, then we've got the week to contact the customer and get it sorted. I'm guessing that to check we'd have to ring up our merchant account provider - not sure about that.
>> Shakil - alternatively you can get your own direct merchant account with Barclaycard Merchant Service and then use a 3rd party gateway for processing/security purposes.
I've looked at the Barclay EPDQ site (secure payment gateway) and it looks reasonable - the charges look ok too although I've got to contact Barclays to find out how much extra the merchant charges are on top of that.
Sun 818 and Dauction - thanks for the suggestions. I'll check them out.
>> Jmendenhall - However, I also signed up for PayPal for those diehard paypal fans if they want to use it.
Doing Paypal for free as well as a Merchant account is a good idea. I wouldn't use solely Paypal, but if it gets an order...
quiet_man - thanks. I'll be checking them out. I remember them from a few years back so that's a good start. :)
I've found out that my existing web host - although supporting PHP4/MySQL/CGI/Chilisoft ASP - doesn't support SSL. Hmmmm.... Sorry to ask the same dumb question again but no-one's really answered it yet (I think?). Is server supported SSL (with a certificate) the only way to secure web pages for taking CC details? I.e. do all CGI solutions need SSL as well?
Thanks for all the help - it really is great!
I believe there are other methods for secure transmission, but SSL (Secure Socket Layer), I think, is the most popular. Mal's is a remote shopping cart that host their own secure servers. I also know of at least two webhosts that offer Miva Merchant with a shared SSL server you process your credit card transactions through. This saves you from having to buy a security certificate for your web site and maintain it each year.
if you use a payment processor (worldpay, netbanx etc etc) then you do not need your own SSL as you will use the payment processor's SSL pages. the only time you need SSL is when you use a bank merchant account and collect the card details via SSL and process them manually.
if you use worldpay / netbanx etc, you do not need a bank merchant account as well - worldpay / netbanx etc provide "internet merchant accounts" instead. with worldpay and some other systems, you can also have what is known as a "virtual terminal" allowing you to process orders taken by phone, fax, mail order etc. you probably have no need for a bank merchant account at all.
worldpay and others use AVS (address verification) to compare the given cardholder details with those held by the card issuer. you are normally sent the results of AVS checks when the customer completes the purchase. they also ask for the security code number printed (not embossed) on the card to check that the customer is in posession of the card and is not a fraudster. (there are other security measures as well).
from your first message in this thread, it sounds like stationery items will be customised and the customer will need to wait for printing. therefore, you probably won't find an off-the-shelf shopping cart. you could write one yourself or ask a web designer or developer to build one for you - don't be afraid to employ a developer as they can save you a lot of time, effort and hassle.
as you can't ship for a week or so following the order, you'll need to say so on your site. most customers will understand the need to wait for the printing and delivery, especially for customised goods, so you shouldn't have any problems there.
some systems like worldpays also include "deferred payments" whereby the customer makes the purchase as normal and the card is authorised as normal, but no payment is taken (and no transaction charges occur) until you manually complete the transaction. you can simply ignore fraudulent orders. for genuine orders, you complete the transaction when you're ready to ship the goods or before the transaction "expires", whichever comes first.
if you need any more info about this (shopping cart / payment processing etc), sticky mail me.
There's two other benefits of using a PSP you might want to consider:
1. Trust - Using a well-known and reputable PSP may help reassure your customers that they can pay safely and securely. A custom-built payment mechanism, no matter how secure it is in reality, may not offer the same *perception* of security among customers. (For the same reason, it probably is a good idea to offer PayPal as well as other mechanisms, as PayPal users already trust that system).
2. Back Office Facility - depending on your needs/abilities, you may appreciate the back office systems offered by a PSP. I can't speak for other providers, but I know that WorldPay allows you to produce all sorts of reports.
One other suggestion for you if you are considering getting your own merchant account and processing orders offline as 'cardholder not present' - you could have a look at Hushmail's secure forms as a mechanism for your customers to securely transfer their CC details to you. Its far from perfect - only works on IE/Win - but as a quick and dirty method it works, and its cheap.
One question, I get maybe 5-6 requests a month from US potential customers who don't have CC'c. Can anyone recommend payment alternative that is viable for average order size of $25-$50? Please not PAYPAL as this sounds just a little too fraught.
PS When is next Pub Conference, I have missed the others by being away!
Believe it or not, for items in that range I often tell people to just send (US) cash. It's available anywhere for considerably less than a foreign currency money order or bank check, and easy to use once you get it.
In five years of doing so we have never had any lost or stolen, if we did we'd just send the product anyhow.