Published on May 17, 2012 10 ticking timebombs in a DIY shopping cart
Hosted ecommerce solutions can help you avoid a number of ticking time bombs that you can find yourself with when you sign up for a free, DIY shopping cart.
Unless you have a high level of technical and design expertise, are experienced in the ins and outs of the market and willing to put in a large number of hours maintaining your shopping cart software and installing the functionality that your customers want, running a DIY shopping cart can be challenging and time consuming.
1. Third party components not working
Free DIY shopping carts usually have extra components that you can download or purchase to download. If they don’t work, the creators of the components may or may not support them. If it’s a free component, you might have to wait months or even years for a fix or update – or have to pay a freelance contractor to repair the problem. Your “free” shopping cart package suddenly got a lot more expensive.
When server environments change due to new updates from the server operating system or security updates, these may have implications for the way your website collects and uses data – and may require new components be added or edited on your website. The software vendor will usually provide updates for their core components pretty quickly, but who is going to fix the third party components?
Also, if one new feature breaks another one (and you are out of the “warranty period” of the original third party software) what do you do? If the development work was done offshore in another country, you will find you have little recourse under fair trading laws in Australia to demand a fix as the ACCC has little power or resource to pursue a dodgy sole trader in an Eastern European or Asian country, who may not even speak proper English. And PayPal doesn’t have a buyer protection policy in place for software components as it is too hard to dispute an “item not described” claim when it comes to software.
2. Features that don’t exist or don’t work for your country
What if something you really want for your website just doesn’t work – for example, what if you found out that your website doesn’t support a particular payment or shipping method that you want to use, or won’t allow you to offer gift certificates, or you can’t run a special across an entire category or you can’t update your stock levels by colour and size combination? What if you find that a component that is designed just doesn’t work for example, for Australia and is set up to exclude GST, doesn’t produce Australian ATO complaint invoices, doesn’t work with Australian currencies or shipping and payment methods?
How long will it take you to set up invoices, currency, language definitions and tax to work with Australia?
Who is going to add that functionality for you? How much will it cost? Can it be done without being broken by a future update to the core software?
3. Calculations that don’t work
If you are applying a discount code and find it doesn’t correctly calculate GST/Tax, or the shipping in your site doesn’t calculate correctly, how will you fix that? You’re going to need a lot of time to trawl through websites offering software solutions – but the solutions offered might not work on your version of the software, or be compatible with certain extra components that you have installed/had installed.
4. The hit and miss of help via a public forum
Most DIY shopping carts offer support via a forum. The benefit of a forum is that you can connect with other users of your shopping cart, but the downside is that who is available and willing to help you depends on who is reading the forum at the time and whether they are willing and able to help. You often have to post a url to your website on the forum so that others can take a look at your website – so you’re publishing an announcement to your competitors that you are having problems, and specifically what they are. When you get help, you often have to interpret the help yourself, or make changes
5. Security maintenance
When a major vulnerability is found in a piece of software, an update is usually published on the website of the creator of that software. But unless you are looking, you won’t know it’s there. This means you need to pay constant attention to new vulnerabilities (“0 day vulnerabilities” are ones that have just been discovered and are currently unpatched by the software vendor/creator) and be prepared to deal with them yourself if you don’t have a fix. Do you have the time to do this yourself, or the money to pay someone to maintain your website?
Security consultants don’t come cheap and even small amounts of work can cost you considerable amounts of money if you don’t have the skills or funds to manage this aspect of running an ecommerce website.
6. New features – can you merge code?
If you want a new feature, how do you integrate it into the design you have chosen? Or a new upgrade to a version of a component that changes the database structure of the site or the way checkout works? If you get a “blank page” after installing a PHP component, your hosting company will not help you if your problem is related to the PHP software – they are only there to help with problems that are caused by the server.
7. Is your hosting environment set up for ecommerce?
If your site is too demanding for the resources on your hosting plan, you may find your customers start seeing errors on the front end – such as database connection errors, blank pages or other error messages. Or the site might just time out. Not a good look for an online shop where trust is extremely important. When you ask your hosting company about making certain changes they might not be able to make them for you, because they have to maintain an environment that supports a wide range of different types of software applications and cannot set up an environment just for a shopping website environment. If something breaks you might find yourself having to move up to a Virtual Private Server (VPS) or Dedicated Server and then you will be faced with a whole new set of challenges, the least of which includes moving your site from the old environment to the new.
8. Non-compliance with PCI DSS security standards
The credit card industry (namely Visa and MasterCard) have created a set of mandatory security standards that must be adhered to by every business accepting credit cards online. These mandatory standards relate to both the business model that you are using (how you store passwords, how frequently you change them, what you do with credit card information you receive over the phone, the security of your desktop PC, etc.) as well as the security of your website itself. All places where personal data is transmitted over the Internet for example requires that data to be sent in an encrypted data format.
Web hosting companies that are compliant with the standard are required to pass (at a minimum) a quarterly software audit of their website security – where an automated bot run by the recognised authority “test hacks” tens of thousands of known and potential security vulnerabilities and confirms that your site passes those things. This includes a test for cross browser scripting (“called XSS”) which is a nasty software related issue where software does not check input fields before they are used – allowing malicious software to attack a site by putting commands into input fields so they run other commands on the database than what was intended.
Non compliance opens a potential security hole for a business, but it gets very messy if their website is hacked. A non compliant website that is hacked can lead to fines for the end merchant by Visa and MasterCard. Ensuring your website is hosted in a PCI DSS compliant environment is like insurance against this ticking time bomb.
9. Non compliance with privacy standards
Australia’s new privacy laws will place the onus on businesses to ensure that wherever customer data is stored that it meets very strict rules about how that data is accessed and used. This is in response to companies using insecure offshore companies mainly in Asia to process data for them with little thought about what happens to that data once it is outside of Australia.
Companies will need to ensure that they have their online shop website hosted in a world-class data centre that meets these strict privacy requirements that will need to be met to stay within the law. This does not mean that you only have to look to Australian hosting to keep the data in Australia – it does mean that you have to look to a business with strict privacy standards itself, who hosts data in world-class data standards that meet the highest quality tests.
Failure to meet these standards could lead to heavy fines to those who did not consider these things when setting up their online business.
10. Your software vendor discontinues new versions
You may have had a website for years, but what if the version of the software you are using is discontinued and you are asked to move to a commercial version of the software or migrate to a different platform? Finding support contractors for your existing version might be easy in the short run, but what about in six months or a year when the software needs a security fix and there’s nobody to do it.
Quality hosted ecommerce solutions don’t have theses ticking time bombs because they are maintained from month to month by the provider and are always on the look out for new things they need to address and ways they can help their customers succeed. After all, that’s what you’re paying for!
No Comments