March and April were our busiest months ever, with about 10 sites going live. We are also working on finishing up an additional 15 projects that will be launching in May. Hence the delay in updating the blog!

An important note concerning X-Cart this month - we recently learned that most hosts will be updating their servers to run PHP and MySQL 5, as the 4.x version are at the end of their life cycle. In addition, servers running 4.x will no longer be PCI compliant, which is a major problem for X-Cart owners accepting credit card payments. The bad news is that X-Cart 4.0 and earlier versions DO NOT WORK on MySQL 4, and upgrading to 4.1 is a major headache and expense, particularly for highly custom sites. Luckily, a patch was just released that addresses this issue. If you are one of our clients and your host is planning on upgrading, please contact us prior to the upgrade so that we can patch your cart. If you are hosted with us, we will be upgrading later this summer.

Now on to the new projects!

Marlo Beauty - we migrated Marlo from another cart system, and gave them a completely custom site with too many custom features to mention. This was a collaboration with their graphic design firm - designiko.

Dog Collar Boutique - a brand new site featuring a custom size and price filter.

War Game Store - a brand new site specializing in Warhammer.

Starring Fragrances - celebrity sisters Ashley and Courtney Peldon's perfume and jewelry store. We moved them over from another cart system and added a forum and blog.

Mango Madness - we moved Mango over from another store system and gave them a fresh look and feel.

Kashmir Company - it doesn't get much more custom than this! With extensive use of Flash and Thickbox, you can barely tell this was once X-Cart.

So much for keeping that New Year's resolution of posting once a month! Ah well, they are made to be broken right?

We've been extremely busy this year already, having launched more than 10 stores since Jan 1, with 20 more currently on the schedule for the next 2 months. Below is a sampling of new launches:

Salud Spa Bar - a completely new site featuring a 'build your own scent' module.

Wizard Coin Supply - a completely new site featuring SEO by Vector Computer Consulting

Grand Furniture Showcase - a highly customized site featuring a large number of enhancements and add-on modules.

Just Bird Stuff - redesign of an existing site with major SEO and customer usability enhancements.

Victory Canter - redesign of a standard X-Cart template, we also re-organized their navigation menu, added thickbox functionality and our streamlined checkout.

Flag Addict - a new site selling garden flags of all types.

One of the most common issues I find when working with a new client is that they have no idea what is happening with the credit card data from their customers. This is something that just can't happen in today's world of E-Commerce. As you may have read, there was a major 'hack' of a large company last year, in which hundreds of thousands of credit card numbers and personal information were stolen. This was because the company did not have the appropriate security in place to protect that data. After a long legal battle, the company was ultimately responsible for paying for the reissue of credit cards for all of the customers affected, and for the fraudulent charges made on some of those cards. The Credit Card companies are serious about protecting their customer's cards, and they will now go after you if your data is stolen. For a small business, this can mean the end of your business.

For those of you running X-Cart sites, the best advice I can give is to NOT store credit card data at all on your server, let your payment gateway folks handle that. Unfortunately, X-Cart by default is set to store credit card data in the database, even if you have a payment gateway. To fix this, open up config.php (in your root directory) and change this:

$store_cc = true;

to this:

$store_cc = false;

That will prevent credit card data from being stored in your database.

I have included an article below which was recently published on practicalecommerce.com which outlines the basics of PCI Compliance:

The major credit card issuers created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed using a payment card. All members of the payment card industry (financial institutions, credit card companies and merchants) must comply with these standards if they want to accept credit cards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.

There are six categories of PCI standards that must be met in order for a retailer to be deemed compliant.

1. Maintain a secure network.

This standard refers to the actual network that cardholder data is exposed to. In the case of an online business, the most obvious vulnerability for this standard is the web server. Luckily, most hosting companies take responsibility for ensuring the security of their networks. However, there is more to this standard than meets the eye. Do you keep cardholder data (even just names) on a laptop that you use on public networks? Does your office network have a firewall installed and reasonable security measures in place?

In short, whenever any personal information about a cardholder is stored on a computer (which is also connected to a network), that computer is behind a firewall and all reasonable measures have been taken to protect that particular network.

2. Protect Cardholder Data

This category focuses on how cardholder data is stored and transmitted. Business owners that choose to store cardholder information have an obligation to protect that data. Protecting information means that not everyone can access that it. Businesses that store actual credit card numbers will often store them as encrypted data, so that even if someone got access to the database they still could not decipher the information in it.

Ecommerce businesses need to be especially critical of the way that cardholder data is transmitted. When a customer makes a purchase on a website, his/her cardholder information is sent across the Internet. During that transmission, cardholder data must be encrypted with at least a 128 bit SSL certificate in order to meet this standard.

3. Maintain a Vulnerability Management Program

This one is relatively simple, and translates to keeping up to date with your systems. Vulnerability exposure can be minimized by regularly updating computer hardware, operating systems and software. Keeping up to date anti-virus software, as well as running regular virus scans, is another requirement to meet this standard if your systems are susceptible to such vulnerabilities.

4. Implement Strong Access Control Measures

The most exploited breach in security is the human element, which is harder to protect. Part of meeting PCI compliance means limiting access to cardholder data to only those persons that need to use it. In addition to restricting physical access to cardholder information, business owners are also responsible for assigning a unique identification to each person that does have access.

5. Regularly Monitor and Test Networks

Networks that store cardholder data be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard. Consider signing up for a security testing and auditing service, such as ScanAlert's Hacker Safe program, which can help you to identify and fix potential security problems as they arise.
Advertisement

6. Maintain an Information Security Policy

Considering that humans are generally the easiest part of a system to hack, and also that ignorance does not relieve liability, it's important to draft and implement a company-wide information security policy. Make sure that your employees know and understand their responsibilities with regards to cardholder data before it becomes an issue.

The first step in PCI compliance is to meet the above standards. Credit card companies and financial institutions validate that vendors are abiding by the regulations, giving them ratings based on their volume of transactions. The rating that a company receives determines the process that they must go through in order to be validated. Next month, we’ll take a look at the four validation ratings, and what each rating means to a company.

It has been a great year for us here at Ryan Design Studio. We have successfully transitioned to the 4.1 branch of X-Cart and have also been working closely with a Search Engine Optimization firm to come up with an installation package and 'skin' for X-Cart that does extremely well in the search engines. We implemented over 50 custom designs into X-Cart this year, some completely new sites and some makeovers. Our Streamlined Checkout module has been a great success for the clients we have installed it for, with conversion percentages increasing in the double digits. All of our custom designs now include this module, as well as the Thickbox dynamic resize function for product images.

As it is the time of year for resolutions, I have a few that I hope to keep:

- I will be posting some comprehensive 'guides' for e-commerce and search engine optimization. Many of our clients come to us not knowing a thing about selling on the web, and with over 200 e-commerce sites under our belt we now know a thing or two about how to create and maintain a successful store.

- We will soon have a full demo of our modified X-Cart system available.

- We have developed a number of partnerships in the past year in various markets from Search Engine Optimization to hosting, and will soon have a 'Partner' page that list all of these firms.

And finally, my biggest resolution will be to update this blog more than once a month! Just about every day I come across a tip, trick or mod for X-Cart that is worth sharing here, and I will do my best to take 10 minutes each week to post them. We are currently in the process of hiring some additional help, which will hopefully give me some more time to focus on things like this instead of coding and designing all day! Speaking of which, if you are a graphic designer or PHP programmer and are looking for some freelance work, please feel free to drop me a line with your resume and work experience.

In closing, I would like to sincerely thank everyone who allowed us the opportunity to work with them this year. There is nothing more satisfying than transitioning a site from that lovely default X-Cart skin into something that truly reflects the client's business and tastes. Each site is a unique challenge, and I consider myself extremely fortunate to be able to enjoy what I do each and every day of the year. I hope you all have a great Holiday, and a successful 2008!

It has been an unbelievably fun year for X-Cart projects, and we have never been this busy. Apparently people are finally realizing that a standard out of the box X-Cart template just doesn't cut it. In addition, many of our clients have found a huge improvement in both sales and conversion rates in the cart after hiring us to re-design their site. This is both due to the clean, search engine friendly code we use in our templates, and the extremely easy-to-use checkout system we have built.

Here are some sites we launched in the last couple of months:

Treo Modern - a completely new contemporary furniture site. This was one of the first sites we built with X-Cart 4.1, and features our streamlined checkout and the Thickbox/dynamic image combo which has become part of our standard installation now.

Natures Parlour - The first site of it's kind selling natural/organic/handmade skin and hair care products for all races, all ages and both sexes.

Peak Sports Nutrition - supplements for competitive and recreational sports, bodybuilding, weight loss, general health and fitness.

Monster Makers - a complete re-design for one of the premier mask making supply companies in the industry.

Electronix Discounters - we completely remade this site from scratch, incorporating a new look and feel, our streamlined checkout, improved customer navigation and product display and a vastly improved code base.

Mohea Beauty - a new site which really expresses the client's taste - as well as showcasing her beautiful soaps and beauty products!

Dry Stack Cellars - a new site for a California winery.

The big news for August is that we are officially using X-Cart 4.1.8 for all new projects. We spent about 20 hours over the last week cleaning up the core code and adding various enhancements including:

- Streamlined one page checkout
- My Account area
- Cerdmann dynamic image resize with Thickbox pop-ups
- Mostly table-less layout (still used for product display and forms for now)
- W3C compliant code throughout
- Subcategories in columns with icons
- Pre-Login shipping calculator
- Improved registration form
- Enhanced SEO (META data, H1 tags where appropriate, etc)
- Clearly organized admin area

We have uncovered a few bugs here and there, but nothing major and we are confident that this platform is stable and ready for use on live sites.

Lots of new sites to announce this month, but I will post those all together in a new entry later this week.

We recently decided to upgrade to a new hosting server (available to our X-Cart clients) as the old one was getting a little slow and there wasn't much we could do to upgrade it. So, after weighing the options, we decided to go with a brand new, top of the line server at Rackspace. They have been nothing short of phenomenal as a server management company for the past 3 years, so there was no doubt we would be going with them for the new server. In addition, having the server on the same network made the migration much easier.

For those of you who are technically inclined, here are the specs:

- Dual Core AMD Opteron 1212
- 4GB DDR2 RAM
- 3x146 SCSI Drives in a RAID 5 array
- Cisco PIX 501-50 Firewall
- Daily incremental backup to offline backup server

This setup allows us to run the databases off from one drive, and the RAID array with SCSI drives makes things run twice as fast. The improvement from our old single drive ATA server is stunning, and the newest version of Plesk comes with much improved e-mail filtering options.

I would like to personally thank Matt Service from Service Internet Solutions who did the migration for us. The service was fantastic, he completed it in the early morning hours of a Sunday, and there were NO issues. This is why you should pay a professional for these types of things, the headaches we could have encountered....well...let's not go there :)

In any event, our X-Cart clients' sites are now loading almost instantly, even the ones with heavy traffic and thousands of products. We now have some more slots available on the server, and will be offering them along with our design packages. Contact us for more information.

Have a great July!

We have been doing some extensive work with the 4.1 branch of X-Cart (currently release 4.1.7) and it appears it is almost ready for prime time. We still aren't using it for sites that will go live in the next month, but we are hoping that by July 1 we will be able to transition from the 4.0 branch to the 4.1 branch. There are still some bugs that will hopefully be worked out with 4.1.8, but for the most part it seems to benchmark better than 4.0, and the code is much cleaner. Still some remaining font tags, but the Qualiteam folks seem to have realized that W3C compliant code is the way to go.

New sites launched in the past month include:

Organised Mum - a UK based store featuring calendars, diaries and schedules for families. This store features Thickbox image display paired with the Cerdman dynamic image resize tool. We have also used our Streamlined Checkout module here.

Anycake.com - This was a complete re-design of an existing store based in Northern Ireland, also featuring our Streamlined Checkout modification.

We have been working on a new checkout system over the past year based on client feedback as well as conversion testing. The obvious solution to any checkout system is simplicity. The easier it is for the customer to checkout, the more likely the sale will go through. So, we have managed to get the process down to two steps:

1. The customer either logs in with an existing user/pass, or they supply billing/shipping information. To make this process even cleaner, we have used expanding div tags to hide the shipping/create account portions of the form unless a customer wants them. When they click the checkbox that portion of the form becomes visible. See a screenshot of the login/register page here.

2. Once the customer has provided the billing/shipping info, they are taken to a one page checkout. This page includes radio button selections for both shipping and payment method selection. The cart totals on the right update when you change shipping methods, and the payment area changes based on the payment selection. This keeps the user on the same screen and keeps them from having to take another 'action' step, as studies have found that the more clicks, the fewer conversions. We have kept the screen as clutter-free as possible, and have made the 'submit order' button prominent so that they cannot miss what the next step should be. See a screenshot here.

Please note that these are 'skeletons' of the pages only, we apply the design style of the rest of the site to these pages so that they look even better.

We have also modified and cleaned up the cart page, which you can see here.

This checkout 'mod' is not available as a stand-alone add-on, but is included with every custom design/design integration project free of charge.

In other news, X-Cart just released version 4.1.7, which looks to be just about ready for prime time. We are going to start using it with a couple of clients who are willing to be guinea pigs, so I will report back here as to our experience shortly. It sounds like the major bugs are worked out, and they have also added some nice features such as an updated default skin (finally) as well as a Google Analytics module which makes adding the tracking code MUCH easier.

As far as new projects go, we are working on some great bath and body product sites, a redesign for a hollywood costume site, a california winery and a vintage shop. We also have some sites that are just about ready to launch, we will post them in the blog when they are ready to go.

One of the questions we often get is "How do you come up with the designs for my site?" or "How do I know you will design something that I will like?". Well, I'll try to clarify that here by going through the design process.

The first thing we do when contracted to come up with a new site design is to send the client a questionnaire with a number of detailed questions. These questions range from "Do you have an existing site/logo/marketing material?" to "What is your target market?". Essentially we are looking for not only an idea of what the client pictures in their mind for the new site, but also what their store is selling and to whom. The more information the client provides up front, the closer our initial concepts are to what they envision.

One of the advantages of hiring a professional designer, whether it be for a web site or a new home, is that we are trained to take someone's vision and turn it into something tangible. Once we receive the information from the client, we look at their existing graphics, their target market, their competition, their products and their thoughts on what they want the site to look like. We then take that information and translate it in to some initial design concepts in image format, usually just the 'home' page of the site. This gives the client the overall feel for what the site could look like. The initial two concepts we provide are usually pretty different, with one concept being exactly what the client asks for, but also one that is 'outside the box' so that they won't get tunnel vision and see only one possible solution.

We always ask that the client be brutally honest with their feedback, as it is much easier to revise a concept if we know exactly what they love/hate about it. About 90% of the time we are pretty close to what the client wants with the first concepts, but sometimes it take a few rounds to get to the point where they are 100% happy. We simply adjust the concepts based on the client's feedback, or if we are completely off base, we start from scratch. We don't actually start the implementation of the design until the client fully approves the design concept, as it is much easier (and less expensive) to change the concept in image format as opposed to changing code on a working site.

Once the design is approved, we start implementing the design into X-Cart. This is where we will also work with the client on the 'interior' pages of the site - category, product detail, cart, checkout and static pages all use the same basic framework of the design, but are arranged differently depending on the client's preferences. We use a highly modified version of X-Cart, so the checkout and category pages in particular are completely different than the default X-Cart templates.

When hiring a designer (even if it isn't us!) there is never such a thing as too much information. Here is a simple checklist of things that are helpful for a designer when creating a new image for your site:

- Existing site/logo/marketing material
- Color palates you prefer
- Other web sites you like/dislike and why
- Navigation structure you would like to use, both for products and non-product pages
- Who your closes competitors are
- Who your target market is
- An idea of what kinds of products you are selling
- The 'feeling' you are trying to convey to your customers
- Your company philosophy/story/personality
- What features you want to use on the site (bestsellers, newsletters, featured products, etc)
- Any other details that make your company unique

Hopefully this will help you with your next design project!