Ecommerce - help needed

ringo747

ringo747

ringo747

Soldato
Joined
1 Feb 2006
Posts
8,188
Hi guys,

Looking at the possibilities for 3rd party software for setting up an online shop. I am looking something that is guaranteed to be secure, easy integration for paypal and credit cards, intuitive for the end user, and something that is very easy to theme or skin. Ideally looking for something open source if possible. Is there a set standard of what is acceptable for e-shops and what isn't?

Another question is in relation to security. Is it essential to have some dedicated hosting for this? Shared hosting would suggest to me that it isn't too safe for online shops but maybe I'm wrong. Is there a requirement for any security certificates to ensure safe processing of transactions?

Any help would be much appreciated as I haven't done the ecommerce side of things before now. Thanks
 
If you're going to be doing your own credit card transations, and want to be PCI DSS compliant (which a lot of processors are requesting now) then you will need at least 2 dedicated servers and a hardware firewall since you will come under PCI DSS SAQ D, which requires you to implement one primary function per server.

It's a lot easier now to offload the processing to a third party payment provider (Google Checkout etc).
 
Sounds like the 3rd party provider will be much less hassle! Thanks for the info though. Seems like magento is a good option but the speed issues are a bit of a concern.
 
ringo747 said:
Sounds like the 3rd party provider will be much less hassle! Thanks for the info though. Seems like magento is a good option but the speed issues are a bit of a concern.
Click to expand...

Magneto is absolutely vast and overkill for smaller shops. I tried installing it on a tsohost account anf thought it was quite slow. However, I found a tip on their forum that changed the way pages are cached and this speeded up things a lot.
 
ringo747 said:
What would you suggest as an alternative for smaller shops?
Click to expand...

It sort of depends on what type of goods you're selling and the level of gateway integration you need. I used http://www.cubecart.com/ and http://www.clickcartpro.co.uk/ a few times and found them fairly lightweight.

However, for small shops I usually end up making my own :)

As another alernative you could use the paypal shopping cart (E.g. your shopping cart is handled by Paypal) or Google checkout.
 
Personally, I recommend Big Commerce. One of the easiest to use ecommerce software.

Drag & drop store design, 46 ready template, optimized by SEO experts, online HTML/CSS Editor, W3C compliant themes just to name a few features.

Try it FREE for 15 days and see for yourself.
 
Thanks - that big commerce appears to use the interspire software which gets good reviews. Will have a play with that and see how it goes.
 
daz said:
If you're going to be doing your own credit card transations, and want to be PCI DSS compliant (which a lot of processors are requesting now) then you will need at least 2 dedicated servers and a hardware firewall since you will come under PCI DSS SAQ D, which requires you to implement one primary function per server.

It's a lot easier now to offload the processing to a third party payment provider (Google Checkout etc).
Click to expand...

What level of PCI DSS compliancy is that for? We will have a low transaction number and I havn't seen anything about having two dedicated servers. I was planning on using PayPal website payments pro..
 
gord said:
What level of PCI DSS compliancy is that for? We will have a low transaction number and I havn't seen anything about having two dedicated servers. I was planning on using PayPal website payments pro..
Click to expand...

https://www.pcisecuritystandards.org/saq/index.shtml

PCI DSS SAQ D - if you're taking card details on your website (rather than sending someone off to a third party hosted page, e.g. Google Checkout, which would only require SAQ A)

Self Assessment Questionnaire is the lowest level of compliance.
 
daz said:
https://www.pcisecuritystandards.org/saq/index.shtml

PCI DSS SAQ D - if you're taking card details on your website (rather than sending someone off to a third party hosted page, e.g. Google Checkout, which would only require SAQ A)

Self Assessment Questionnaire is the lowest level of compliance.
Click to expand...

Hmm, I might have to contact PayPal and see where this falls with them. We only have 1 dedicated server. I assume that the card details are sent to PayPal's servers after ours for authorisation and that we don't need 2.

PCI DSS is such a grey area most of the time.
 
You must log in or register to reply here.
Back
Top Bottom