Choosing the Right Shopping Cart – Our Top 3

plastic_shopping_cart_small_45_degree_nested_largeOne of the biggest decisions you have to make when starting an e-commerce site is which shopping cart to choose.  You need a cart that will grow with you, has all of the features you need, and won’t bankrupt you with monthly fees once you start making a good number of sales.

First, let’s talk about the different types of carts available.  There are two main types of shopping carts – hosted and self-hosted.  There are pros and cons of each approach.

Hosted Carts

Hosted carts, or Software as a Service (SaaS) carts, are companies that charge you a monthly fee to use the software on their server.  You don’t actually own the license, and they perform all of the upgrades and maintenance for you.  This is a fairly new type of cart, and there are new ones popping up all of the time.

Pros – easy to get started, no technical knowledge needed, secure, feature-rich, no need for PA-DSS compliance (click here to learn more about PA-DSS compliance)

Cons – can get EXTREMELY expensive the busier you get, as many of them charge a percentage fee on transactions.  If the company goes out of business you are out of luck.  You usually can’t get into the source code to perform complex changes and custom features, some don’t allow you to have your own SSL certificate.

Popular SaaS Carts:  Shopify, BigCommerce, Volusion

Self-Hosted

With self-hosted carts you purchase the license from the cart company then install the software on the server of your choice.  Even if the company goes out of business, you still own the license and continue to use the software for as long as you want.

Pros – the biggest benefit to this type of cart is that you own it and you can do anything you want with it.  The lifetime costs are also much lower.  They are much more flexible, as you can edit the code and manipulate it any way you want.  No need to wait for the cart company to develop a new feature when you can just build it yourself.

Cons – many of these carts require a higher technical knowledge, and may even require a professional to install and customize for you.  They also have to be PA-DSS compliant in order to accept credit cards online (click here to learn more about PA-DSS compliance).  Upgrades need to be done by you or your developer and are not automatic like the hosted carts.

Popular Self-Hosted Carts:  Pinnacle Cart, Magento

So, which cart?

There are more than 100 carts out there, so which one do you choose for your business?  The first thing you need to do is determine what features and functions you will need both for your customer and as the store owner.  Will you be selling to wholesale customers as well as retail?  Will you offer free shipping?  Do you need to integrate your cart with Quickbooks?  Do you want to send out abandoned cart email reminders?  Once you have a list of features, go through each of the carts and see which ones have everything you need.  Also pay attention to which ones are included and which ones cost extra.  Remember to plan ahead and think about what your business may need 5 years down the road.  Pick the cart that addresses 75% of your needs and don’t just pick one based on what your friend/family member recommends!

Below are the top three choices currently available, as well as some to avoid.

 

pinnacle-cart-logo

Our personal favorite, so it gets first billing.  We’ve built over 150 sites using this platform, and our clients love it.

Cart type: Self-Hosted

Cost: $1500 (included for free as part of sites we build) license, plus $25/month

Pros: Easy upgrades, search-engine friendly, always on top of the latest trends and technology, easily integrates with many of the third party applications such as Stamps.com, Mailchimp and Webgility.  One click upgrades ensure you are always on the latest version.

Cons: the default templates aren’t great so you’ll want a pro to design one for you. No reward points or complex promotions, and there really isn’t a template or developer market here, meaning if it doesn’t exist you have to have it customized. Luckily we have already made quite a few of those ourselves!

Best for: Customers who want full-control over their store, the ability to customize as much as they want, will scale with their business and have all of the latest bells and whistles.  In short, if you are a professional company and want a self-hosted cart to match, this one is for you.

 

Spark Pay is a rather unknown cart still, but they were acquired by Capital One not log ago, so expect that to change. Quite simply, this cart has the best features out of the box that I have seen.  Their system is well-coded, easy to understand and extremely robust.   This is by far our favorite as far as hosted carts go.

Cart type: Hosted

Cost: $24-$300/month

Pros: Features, features, features!  Spark Pay has a ton of them right out of the box.  Easily customizable templates, tons of support in the form of videos and how-tos. Their tech support is friendly and easy to use, and you won’t feel like just a number.

Cons: The only real con is that you can’t customize features.  If it doesn’t exist, you can’t have it without spending some big money with their developers.  Not a ton of free templates to choose from yet as they are still growing.  Not nearly as robust a community as Shopify.

Best for: If you prefer hosted carts vs self-hosted carts, this one is a great choice for anyone who wants to sell online.  It will scale with your business, has tons of features and the design can be customized however you like.

 

shopify-logo

The #1 cart out there, they have a lot of capital and a very robust ecosystem.

Cart type: Hosted
Cost: $29-$2500/month plus a transaction fee of up to 2%

Pros: Extremely easy to set up.  Clean and well-designed templates, with thousands of paid templates to choose from.  Lots of add-on modules and features available from hundreds of active mod developers.  CDN to help speed up page load times.

Cons: The biggest issue with Shopify is the monthly cost (see our Why Not Shopify post).  The busier you get, the more expensive your monthly plan gets.  When you get REALLY busy, they not only charge you over $2000/month, but they also take a portion of your sales.  That can wind up costing you tens of thousands of dollars a year.  Wholesale functionality is extremely limited, although they are apparently working on that.  The built-in blog is weak compared to WordPress.

Best for: A great place for makers or creatives who are looking to get started quickly or move away from Etsy and don’t plan on a large monthly sales volume.

 

Still on the fence about recommending…..

 

This used to be a cart I would recommend avoiding like the plague, but a lot has changed in a year.  First, the company that owns WordPress now owns Woo as well, so it looks like they will eventually combine into one platform.  Currently Woo exists as a plug-in to WordPress.

Cart type: Self-Hosted
Cost: Free

Pros: Free and easy to install.  If you already have a WordPress site, you just need to install the free plug-in.  Many hosting platforms come with WordPress as a one-click install, so setup couldn’t be easier.  Hundreds of thousands of free and paid themes available.

Cons: Requires a hosting account and a developer to maintain WordPress and the plug-ins.  Security is a huge issue, as WordPress is the most hacked platform on the planet.  Plugin updates can break other plugins, or the cart all together.  Not PA-DSS compliant, so your choices of credit card gateways are limited.  Support is weak, they ‘may respond in 24 hours’, but that is what you get with a free cart.

Best for: Right now I wouldn’t recommend this cart unless you have a full-time developer or are very tech savvy yourself.  Even then I would advise caution, as credit card security is no joke. A great cart to watch in the coming months/year.  See our Why Not WooCommerce post for more info.

 

Carts to Avoid

There are some carts you should just avoid all together, either because they are not PA-DSS compliant (meaning you can’t accept credit cards on your site), or they are just dated and lack core features.  As a general rule, avoid any free cart as they just won’t have the support or security you need and won’t be able to grow with your business. The ‘avoid’ list:

  • X-Cart – dated, buggy, lack of tech support and features, they don’t keep up with the latest technology and trends
  • osCommerce – dated, not PA-DSS compliant, insecure, difficult to edit
  • BigCommerce – awful customer service, a habit of increasing fees exponentially without notice
  • Volusion – Haven’t kept up with the times and it appears very dated
  • Zen Cart – a relic
  • Magento – requires a PHD in computer science to edit, their Enterprise version costs more than a new Tesla
  • Magento GO – discontinued
  • PrestaShop – Not PA-DSS compliant
  • Yahoo Stores – just not suited for a professional e-commerce site, no mobile support
  • CS-Cart – basically just X-Cart with another name
  • OpenCart – not PA-DSS compliant
  • CubeCart – a nightmare
  • Weebly – not a professional platform, not PA-DSS compliant, not a lot of features
  • Wix – see Weebly

Of course this list will change regularly as carts come and go all of the time.  As an example, osCommerce use to be ‘it’ for e-commerce sites, and now I have it on my ‘avoid’ list.  No one really  knows what the future will bring in e-commerce, but hopefully if you chose the right cart to start, it will grow and adapt with your business and the ever-changing landscape.

Is your cart not on the list or do you have questions about a particular cart?  Drop me an email and let me know, I’ll let you know!

Sitewide HTTPS – The Time Has Come to Switch

Back in 2014, Google announced that their Chrome browser would start showing regular ‘http’ sites as ‘insecure’.  Google has been pushing site-wide https for a while now, as they also started giving sites running in full https mode a little boost in their ranking algorithm as well.  With the release of Chrome version 53, you will now see this on a site that is called in normal http:

american-apparel-insecure

Obviously this is not what you want your customers to see, as many of them don’t even understand the difference between http and https.  All they will see is ‘not private’ and they will either abandon the site, or hesitate to purchase. This will get even worse in January, as this is how an insecure page will look:

blog-image-1

Eventually, Google will be displaying this for http, although the exact dates haven’t been given yet:

blog-image-2

As much as I have been resistant to this change due to the fact that https slows down the site (which Google also factors into its algorithm), but this change to Chrome has pretty much forced our hand.

How to Implement site-wide HTTPS

First, you need to make sure you have an SSL certificate installed on your server.  If you are running an e-commerce site, this should already be in place.  If not, get one ASAP as there is absolutely no way you should be collecting private info (especially credit card data) over an insecure connection.  Your host will be able to help you with this.

Next, you need to configure your shopping cart software to run in https.  On some carts there is a checkbox, on others you need to change a configuration in the settings, and on some you need to actually change a value in the database.  Contact your shopping cart provider or developer to find out which one applies to your site.

After you switch to https, you need to tell Google that your site is running in https and to ignore the http version.  This is to prevent duplicate content penalties – you don’t want two copies of your site indexed by Google.  Again, some shopping carts will do this for you, while others will require you to edit your .htaccess file.  This is not something you should attempt yourself, as you could cause irreparable harm if done correctly.

You will also need to update your Google Analytics account to use the https version of the site, and submit your https site to Google Webmaster tools. Unfortunately you can’t change your existing webmaster tools account to use https, you have to submit a new site and a new sitemap.  Your developer may handle this for you as well.

Once you do switch to https, make sure all pages are actually being called in https.  You will see the ‘insecure’ icon if there are any items on the page being called insecurely.  You can view those by clicking on the insecure icon, which will show you any problems:

8411i

Sound a bit too complicated to do yourself?  Not to worry, we’ll handle this for all of our clients.  Please feel free to drop me a line to schedule the transition for your site.  If I don’t hear from you before mid-December, I’ll be contacting you to update your site.  Questions?  Feel free to Contact Us!

 

Why Not WooCommerce?

Why Not WooCommerce?Next to Shopify, WooCommerce is the cart that we get the most questions about.  Many store owners start out with a simple WordPress site, and when it comes time to get into E-Commerce, adding WooCommerce looks like a simple solution.  Just click a button and it is installed, and hey, it’s FREE!  Sounds too good to be true doesn’t it? Well, it is and here’s why.

Security

WordPress is the most hacked platform on the planet, mainly because it is one of the most popular platforms on the planet.  Even a lousy hacker knows exactly how the login system works in WordPress, and how to exploit known security holes in the platform.   All it takes is one missed upgrade or one insecure password and a hacker has full control over your entire site, as WooCommerce resides in the same database.  The more add-ons you have in WordPress and WooCommerce, the more potential security holes you have.  Hosting also plays into this, which I’ll cover more below.

The big problem with a hacked e-commerce site is that  you most likely won’t know you have been hacked until your customers start calling and complaining that their credit cards have been stolen.  A hacker typically installs some malicious code that cc’s them on all credit card transactions, and then collects credit cards for weeks or even months.  When they have a nice collection of cards, they either sell them on the dark web, or start racking up charges themselves.  By the time you are aware that there is a problem, it is way too late.

PCI Compliance

One of the ways the credit card companies protect both themselves and their customers from hackers is by requiring that e-commerce sites be PCI Compliant.  Essentially this means that you are operating your site according to a strict set of guidelines, from how the server is configured to how the cart itself is built.  Since WooCommerce is a self-hosted cart as opposed to an SaaS cart like Shopify, it falls into the scope of PA-DSS compliance, the strictest component of the PCI Compliance guidelines.  To save some time, I’m not going to explain all of the ins and outs of PA-DSS compliance, but you can read more about it in our article here.

The problem with WooCommerce is that the core software is NOT PA-DSS compliant. This means that you can not collect credit card data ON your site in Woo, at least not without risking heavy fines (up to $50k) and penalties if you are hacked.  There are of course workarounds – you can send the customer off-site to pay (never a good choice), or you can use one of the PA-DSS compliant gateways like Braintree or Stripe.  If you want to use a gateway of your choice like Authorize.net or PayPal Pro, you are out of luck.

Updating/Conflicts

For those of you who have worked with WordPress before, you know one of the biggest headaches is keeping the site and various plugins up to date.  With each upgrade of WordPress you run the risk of crashing your entire site if the various plugins you have installed aren’t also upgraded by their respective developers.  I can’t tell you how many times I have run into conflicts and have had to manually disable the plugin directly in the database.  When you add WooCommerce, you are adding yet another level of complexity, and that isn’t even counting the numerous plugins you need for WooCommerce!  As you can see, this requires quite a bit of your time each month to ensure that your site is up to date and everything plays nice together.

Hosting

Unlike carts like Shopify and Spark Pay, the hosting isn’t included with WooCommerce.  You need to pick your own hosting account, and with that comes quite a bit of responsibility.  First, you have to ensure that the host you choose is PCI-Compliant.  Are they running the correct version of PHP?  Is the firewall configured properly?  Is SSH access disabled?  Is the core software being updated regularly?  Will it pass quarterly PCI-Compliance scans?

Next, what happens if the server crashes?  Do they have an automated backup system? 24/7 support?

Maintaining you own hosting account is yet another thing that an e-commerce store owner shouldn’t have to deal with, as it just takes time away from what really matters, selling your products!

Support

Let’s face it, E-Commerce is not a simple business, and problems happen.  Do you really want to rely on a company that only provides support through a ticket system that ‘may respond in 24 hours’?  You get what you pay for here for sure.  You need 24/7 support if you are in the e-commerce business.

Summary

You’ll notice that I didn’t talk about the actual features and functions of the cart at all.  That’s because out of the box, WooCommerce is just a basic shopping cart.  It does some things better than other carts, and some things worse than other carts.  Some functionality is built-in, some will require third party add-ons to get it to do what you need.   The reason so many people use WooCommerce is because it is free, and because it can be installed in a WordPress site with the click of a button.  But that is also the biggest reason NOT to use WooCommerce.  It would be like building your high end boutique on the bad side of town.  Sure it is cheap, but you run the risk every day of someone walking in and stealing all of your stuff.  Yes there are police available, but they might not show up for 24 hours.

WooCommerce is a great cart if you have a dedicated developer on staff to set it up and maintain it for you, but it just isn’t worth the headache if you plan on running it yourself.

 

 

Why Not Shopify?

shopify-green

Shopify is a fantastic platform, and it seems like everyone is talking about it these days. They have beautiful templates, tons of apps, a huge amount of cash to invest into the platform, and a robust community of developers and designers. So why don’t you see it as a supported cart here at Ryan Design Studio? Quite simply, it just isn’t a good fit for most of our clients. Here’s why.

 

Shopify Pricing

While it may seem like a great deal at $29/month, that number can be deceiving as it doesn’t include everything. There are some very basic and important e-commerce functions missing in the base version including:

  • Real-time USPS, FedEx and UPS shipping rates. If you want those, you need to go with the Advanced plan at $299/month
  • Abandoned Cart reminders – you need to upgrade to the Shopify plan at $79/month to get those
  • Gift Cards – also only in the Shopify plan and above
  • Sales reports – no reporting until you get to the Advanced plan

You also have to factor in the cost of credit card processing. If you want to use your own processor like Authorize.net or PayPal Pro for example, Shopify will take up to 2% of your sales as a ‘transaction fee’. That is in ADDITION to the actual credit card processing fees, which are typically 2.9% or so. If you are selling $100,000 worth of goods a year, that’s an additional $2000/year just to use the processor of your choice.

Shopify has a TON of apps you can add to your store, everything from reward points and third party shipping vendors.  But many of those can cost over $100/month to use. Notice a trend here? The monthly costs of the site can easily go over $1000 before you even start selling anything.  Here’s a quick cost comparison of Shopify vs Pinnacle Cart assuming $100,000 in yearly sales:

 

Pinnacle Cart

Initial cost: +/- $4000 (includes a custom design, not a template)

Monthly Hosting Cost: $35

Monthly License Fee: $25

SSL Certificate: $75/year

Payment Gateway: $30/month

Transaction fees (other than what your gateway charges): $0

First Year cost: $5155

Recurring Yearly cost after the first year: $1155


Shopify

Initial Cost: $150 (a premium template from their store)

Monthly Cost: $299 (to get all the base functionality Pinnacle has such as real-time shipping, reporting, abandoned cart reminders)

SSL Certificate: $0

Payment Gateway: $30/month

Transaction fees: $500

First Year Cost: $4598

Recurring Yearly Cost after the first year: $4448

 

While Pinnacle Cart may seem more expensive, just look at those recurring costs after year one.  By year three you are saving over $3000/year. You also get a custom design with Pinnacle, whereas you are using a stock template with Shopify.  Adding a custom design to Shopify would add $1000 to $5000 in initial cost depending on who you hire.

 

Shopify and Wholesale

The biggest hurdle for most of our clients though is the lack of wholesale functionality in Shopify. Want to offer different payment methods for your wholesale customers like PO or Net 30? Sorry, can’t do that. Want to offer free shipping to retail but not wholesale? No can do. Want to offer freight or LTL shipping methods for your large wholesale orders?  Nope.  Want to have different order minimums for your wholesale customers? Can’t do that either.  Need quantity break pricing or tiered pricing for your wholesale members?  You’ll need an app for that.

If wholesale is a big part of your business, your only option with Shopify is to run a completely separate storefront which is far from ideal.

 

Custom Functionality

One of the limitations with SaaS carts like Shopify is the inability to access some areas of the code.  This is done so that Shopify can easily upgrade and maintain the software and maintain PCI compliance, so it is a good thing.  However, if you want to do anything custom with the checkout or tie in third party systems using Shopify’s API, you will need to upgrade to their Plus plan which starts at a whopping $2000/month.  That’s $24,000/year!  If you start selling more than $800k/month, they will start charging you .25% of your revenue.  That is just too big of an operating cost to justify.  With Pinnacle Cart, we can easily custom-program any functionality you need.  Just take a look at our add-ons page to see some of the features and functions you can add to your store.  There is no additional monthly cost to add these, just a one-time programming fee.

 

So Why Not Shopify?

If you use Shopify’s payment gateway and don’t need any additional functionality, Shopify would be a great platform for your business.  I usually recommend it for businesses who are just starting out, moving away from Etsy or Ebay,  smaller companies who sell retail only, or stores that don’t plan on growing too large or selling wholesale.  If you are planning on selling wholesale, or need custom functionality not available by default or as an app, Shopify just isn’t going to be a cost effective platform or give you the flexibility you need to scale up in the future.

Is Your Google Analytics Account Configured Properly?

I just completed the first round of Monthly Tune-Ups, and I was surprised at how many people had their Analytics accounts configured improperly, or not at all.  Google Analytics is an incredible source of data for your site, but if you don’t have it set up properly it will give you skewed data, over-inflated stats and bogus conversion rates.  Here are the most common problems I found:

Goals Not Defined

Analytics lets you set goals, such as ‘order received’ as well as the pages that lead up to the goal completion. This is called the goal funnel, and it lets you see how many people start a checkout vs how many complete it.  This can identify choke points in your checkout which may be preventing people from completing the sale.  The most common issues are too many steps, not clearly outlining shipping costs, or having shipping costs that are too high.  Without the funnel and goal completion data though, you can’t examine any of this.

E-Commerce Tracking Not Enabled

Most shopping carts have an e-commerce conversion script built-in to the cart, which will pass along the value of the completed order.  In Analytics, you can then determine which traffic spends the most money, what the average order volume is for a certain demographic, etc.  However, if you don’t have e-commerce reporting turned on in Analytics, you can’t collect any of this data.

Filters Not Defined

Google lets you filter out traffic that you don’t want to include in your reporting.  The most common filter is an IP filter, as you don’t want your own site visits to count towards your monthly traffic. You can filter out as many ip addresses as you want, so be sure to set up one for each staff member and office/home location.  You’ll also want to add your SEO team and Developers on to the filter as well.  I know I spend a ton of time on my clients’ sites, and could easily botch up their analytics data!

Another common filter is one to eliminate spam referral traffic.  You may see things like buttons-for-seo.com in your referring sites.  These aren’t actually sites that sent you traffic, they are a tactic used by spammers to get you to visit that site.  Sometimes that site is selling a product they want you to buy, but as often as not it is some sort of hacker or virus trying to destroy your livelihood. While the referrer links are harmless by themselves (don’t click on the links!), they usually have 100% bounce rate which really messes with your traffic, bounce rate and conversion data.  These are a bit tricky to set up, but there are a ton of resources out there that will give you step by step guides.  One site will even automatically add the filters to your account for you with one click of a button!

One note on filters, they won’t apply to historical data, only data moving forward after you implement the filter. So it may take you a few months to get some valid, clean data after you set them up.

Need Help?

If all of this seems a bit overwhelming to you,  you are not alone and we’d love to help!  One of the main reasons we set up our Monthly Tune-Up service was to help our clients get Analytics set up properly and then really dig into the data that it is collecting.  You can either visit our Monthly Tune-Up page and purchase directly using the buttons you find there, or drop us a line and we’ll walk you through each option and send you a sign-up link.

PCI Compliance Issues and Solutions

I can’t even begin to tell you how many hours I have spent in the last 2 months on PCI Compliance issues.  From server settings to SSL certificate formats, there is a lot to keep up with.  If you are having trouble passing your quarterly PCI compliance scans or don’t have a clue what to do, perhaps this will help.

How to be Compliant

First, let me explain a bit about PCI compliance, as I have found that many people simply don’t have a clue about it.  If you accept credit cards on your site (i.e. don’t send the customer off-site to pay), you are required to be PCI-DSS compliant.   In a nutshell, this requires having your site/server scanned quarterly by an approved scanning company (complete list here) and filling out a yearly Self-Assessment Questionnaire (SAQ) (full documentation here).  These SAQs can get extremely complex, but most of you will be able to file the ‘A’ form, which is the least complex. However, if you have a brick and mortar store along with your e-commerce store, life will get more difficult as you’ll most likely fall into the ‘D’ category.  There are a lot of very technical questions on the SAQ, so you will probably need the help of your developer/cart provider.

Let me caution you that simply checking ‘yes’ to the questions without understanding them is not a good idea, as you could be subject to fines and/or loss of your merchant account all together. For example, if you are using a cart like Magento and you answer ‘Yes’ to the PA-DSS question, you will be wrong and will likely be dropped by your merchant bank.  The odd thing is that some merchant banks don’t seem to care, while others take this to an extreme.  I’m betting that as the security measures are enforced more, there will be fewer and fewer free passes.

The quarterly PCI scans will typically cause the biggest headache, particularly if your hosting company isn’t top notch.  Below are some of the issues we’ve run into over the last few months, along with some solutions.

PHP 5.4

The biggest issue right now is that PHP 5.4 reached ‘end of life’ about 2 weeks ago.  What that means is PHP is no longer supporting version 5.4 or releasing updates for it, so if there is a security vulnerability that is uncovered there will be no way to fix it.  So if you are running PHP 5.4 or below in your server, this will automatically fail your PCI compliance scan.  Unfortunately upgrading to PHP 5.5 isn’t as easy as it seems, as many older shopping cart platforms and plugins won’t work on PHP 5.5.  If you are running Pinnacle Cart 3.8.x, you are good to go, but if you are on 3.7.15 or below, please contact us and we’ll evaluate your specific site and see what the options for upgrading PHP are.   This is a critical issue that needs to be solved sooner rather than later, as if you fail your PCI compliance scan, your merchant bank will drop you.

TLS V1

For those of you who aren’t server experts, TLS is an encryption protocol used to secure data being transferred over the network.  Recently, TLS V1 was deemed a security risk and if it is enabled on your server, it will fail a PCI scan.  Here’s the problem – if you disable it, Microsoft Outlook will no longer be able to communicate with the server.  For this reason, it is impossible to disable for most hosting companies as Outlook is a very popular email client.  We were able to obtain a waiver form that can be presented to your scanning company informing them that TLS V1 needs to be present for Outlook to function, and that it is not used for any other reason.  So if you are in this predicament, feel free to contact me and I’ll give you a copy of the form.

Plaintext Transmissions

Related to the above issue, scanning companies are now requiring that all communication with the server (other than the web browser) is done via a secure protocol.  That means you need to be sure to check the ‘my server requires a secure connection’ when setting up your email in Outlook, and all insecure protocols on the server such as standard FTP on Port 21 are disabled.  Your host will need to help you with this.

SSL Certificate Encryption

Yet another issue that has come up recently is the security of security certificates.  For the longest time, SSL certificates were issued with an SHA-1 algorithm.  Recently though, that algorithm has been deemed too weak to be effective, so you’ll now see these certificates showing as insecure in Chrome (a yellow padlock instead of a green one).  Obviously this is not ideal to present to your customers, so you’ll want to have your SSL certificate re-issued in SHA-2 format.  Your SSL vendor shouldn’t charge for this, and your hosting company will be able to help you update the certificate on the server.

Insecure Forms

This is a more recent development, but the scanning companies are now picking up forms that collect personal data and are not in https mode.  Make sure your registration, login and of course checkout are all delivered in secure (https) mode.

Backup files kept on the server

Many shopping carts give you the ability to create a backup file right from the admin area.  The problem is, this file is stored on the server, so if a hacker get in they have one file to download and your whole store is compromised.  Make sure all of your backups are kept off-site, preferably via an hourly automatic backup system.

Get help

While this process has become easier with the advent of Hosted Carts like Shopify (they handle the scanning for you), it is still no fun to fill out the SAQs yourself.  I always recommend partnering with an expert to help you navigate the maze of PCI compliance, especially if you are hosting the cart yourself.  Of course if we built your cart, we’ll always be there to help keep you compliant!

Questions?  Feel free to Contact Us!

Responsive Web Design

responsive-web-designIf you follow web design/e-commerce trends, you have probably been hearing a lot about Responsive Web Design or Mobile First design. In a nutshell, this is a method of building a site that provides an optimal viewing experience for users on ALL devices – from desktop computers to smart phones. The site ‘responds’ or scales to each device, giving each use the same experience albeit at a different scale (see the image to the right as an example).

Why is this important? 

First, mobile use on the web is at an all time high, and if you aren’t designing your site to be mobile-friendly your chances of converting visitors into sales is slim. If you have ever tried to navigate a site that isn’t mobile-friendly on your smartphone you will know exactly what I’m talking about.  Your mobile users expect the same experience as the desktop visitors, and that is either achieved by providing a different version of your site to mobile, or using responsive techniques. The advantage of responsive web design is that you only have to maintain one site instead of two, and your mobile/tablet customers will get the same rich experience as your desktop customers.

Perhaps most importantly, Google is now using mobile friendliness as a ranking factor in their algorithm. That means that if you aren’t taking your mobile users into consideration, you are hurting yourself in the rankings. Google provides a little ‘Mobile Friendly’ tag on corresponding sites in their search results, so there is a good chance the potential customer is going to click on a mobile friendly link as opposed to one that isn’t.

So what does this mean to you as a store owner?

The answer really depends on which shopping cart platform you are using.  The big hosted carts like Shopify, Bigcommerce and Americommerce all have responsive templates that you can select, some are even free.  If you are currently using a template that is NOT responsive I would strongly suggest that you switch to one that is.  If you have a template that was custom designed, it is time to redesign it as responsive.

If you are using Pinnacle Cart, the good news is that their new version (3.8) is responsive by default rather than using a two template method like they have done in the past.  So if you are working with us to build a site on the new platform, we are already building it as a responsive template for you.  The bad news is that due to the complete overhaul of the template system and admin area, you can’t upgrade to this version from an older version.  The store will have to be completely rebuilt.  Your order, customer and product data can all be migrated, but the template will have to be completely redone.

If you are on an older version of Pinnacle Cart (3.7 and below), you don’t have to upgrade to 3.8 in order to have a responsive template.  Just take a look at the new responsive site we built for Lucky Break Consulting, which is using the 3.7 version of Pinnacle Cart.  This was the first site we built on the 3.7 branch that is responsive, so we now have a ‘base’ that we can use to rebuild any site that is currently using the 3.7 branch.

What does it cost?

The cost of upgrading to 3.8 or rebuilding your template on 3.7 will really depend on the complexity of the design layout.  Stores with left hand navigation are more difficult to convert than stores that use a top menu.  Stores that use videos or slideshows will be more difficult to convert than stores that use static images.  It may make sense in some stores to stick with 3.7 if there are a number of complex mods in place, but some stores may be better off upgrading to get to the latest version.  We’ll be happy to look at your stores on a case by case basis and give you the best options for your particular store.

As Pinnacle Cart already has a built-in mobile version of the site, you aren’t being penalized by Google. However, responsive design is clearly the direction the industry is heading, so this is something you should definitely put on the radar in the next year or two.

Questions?  Feel free to contact us!

How to Secure Your Online Store

securityIt seems like every week there is a new security threat on the news.  However, most of the security threats to an online store are due to negligence on the part of the store owner and not some super-hacker.  I’m continually appalled at how lax some store owners are at protecting their customer’s data.  Until biometrics become commonplace, you’ll need to continue to take steps to ensure your store is secure from threats.

Pick a PCI Compliant Host Who Specializes in E-Commerce

The biggest mistake people make when setting up their store initially is going with the cheapest host they can find.  While that $4.99/month price may sound like a bargain, you get what you pay for.  A host that specializes in e-commerce hosting will ensure that their servers are fully PCI compliant, and will scan them regularly for malware/viruses.  They will also make sure your firewall is set up correctly, and things like SSH access are disabled so that hackers don’t have an easy entry point.

IP-Restricting the Admin Area

The simplest protection against hackers getting into your admin area is to restrict it to certain IP addresses.  Most e-commerce software his this built-in, but there are some workarounds available if yours doesn’t.  Essentially you just put the IP addresses of you and your employees into the system, and anyone else who tries to enter that area will be blocked.  Simple and easy, but no one ever seems to set this up.

Choosing Strong Passwords

I’m continually surprised when clients provide access to their server with passwords like ‘1234567’ or ‘password2014’.  There are tons of free password generators out there that will generate complex, impossible to guess passwords.  Use these for your server, your admin login account, your email, EVERYTHING.

Scanning For Malware/Viruses

One of the easiest entry points for a hacker is through your hacked computer.  Keyloggers provide hackers with all of the passwords they need, not just for your online store but for your bank account, credit cards, etc.  Scan the computer you use for your online store regularly for viruses and malware.

Keeping Your Software Up to Date

Most hacks occur when a store owner is using outdated or insecure software on their site.  WordPress is a notorious target for hackers, and once they get in there, they can get in to the rest of the software on your server, including your online store.  When WordPress comes out with an update, it is for a good reason, don’t ignore it!  The same goes for any other software on your server, including your shopping cart.  When you get a security patch from your shopping cart provider, install it ASAP!

Access to Third Parties

Often you need to provide access to your site/server for programmers, third party vendors, etc.  When you do so, make sure you give them a unique account that you can disable when they are through.  Also make sure you delete their IP address from the allowed list on your Firewall when they are done – there is no reason for them to have access to the site at all once their work is done.  NEVER give out your personal account login info to someone you don’t know!

Backup Storage

Many store owners seem to think that storing a backup of their site ON their server is a good idea.  Backups should always be kept OFFLINE, and any good host will be doing this automatically for you anyway.  There is no reason to store a complete copy of your site or database on your server.  That just makes it easy for a hacker to get everything they need.

Common Sense

When all else fails, use common sense.  If you think something is risky, chances are it is!  Remember, if you are hacked, it isn’t just your customer’s credit cards that can be hacked, but you could be liable for huge fines as well.  It is your responsibility as a store owner to provide  secure, safe shopping environment for your customers.

Not sure if your store is secure?  We’ll be happy to give you a site audit, just drop us a line!

Common E-Commerce Mistakes and How to Avoid Them

affiliate-marketing-mistakes-to-avoidWe’ve built a lot of sites over the years, but the web isn’t a ‘build it and they will come’ type of place anymore.  You have to spend a lot of time (and sometimes money) to make sure your site is better than your competition.  While I usually post tricks to enhance your site, this article is going to be more about things NOT to do.

Poor Quality Product Photography

Too often we build a client a beautiful site, only to see them upload product photos that look like they were taken with a 1980’s Polaroid camera.  Just because we all carry a camera in our pocket everywhere we go doesn’t mean we are all professional photographers. Product shots are some of the most difficult to shoot, and a good shot makes a HUGE difference in the way your customers see your products.  These days ‘lifestyle’ photos are very popular – showing someone using your product in the real-world.  Props are also very helpful, particularly when trying to convey scent or taste (the scented web isn’t quite here yet).  While it is possible to create beautiful photos yourself using some inexpensive tools, it is not something everyone will be able to do.  Spend the money on a pro if you don’t have the skills.

Ignoring Social Media and Your Blog

It is pretty much impossible to ignore social media these days, particularly when it comes to E-Commerce. Customers want and expect to see your company on at least one of the channels they follow, and if you aren’t there it reflects badly on your brand. You should be active on Facebook and Twitter at an absolute minimum, with Pinterest and Instagram quickly becoming just as important.  If you don’t have the time to do this yourself, hire a social media manager.  Yes, it is that important.  Blogging is also crucial, as that is one of the best ways to get fresh copy on your site and keep your customers coming back.  New product announcements, tech articles or just interesting tidbits may be enough to entice the visitor to come back and purchase something else.

Sending Customers Off-site to Pay

We often get customers who want to only offer PayPal so that they can save themselves the $30/month gateway fee.  Unfortunately if you do this you will be alienating a good number of potential customers.  I’m a fan of PayPal, but many people are not and simply won’t bother completing the transaction if that is the only method you offer.  People expect to be able to enter a credit card on your site and be done, not jump through hoops.

Ignoring Search Engine Optimization

Google has gotten VERY picky about the sites it lists in the search results.  Gone are the days of ‘keyword stuffing’ or linking your site on link farms.  These days it is all about following their very specific rules and quite simply, writing good copy.  In order to succeed, you need to take the time to research the correct keywords, and include those keywords everywhere they are expected – URLs, META data, H1 tags, and of course your actual copy (descriptions, product titles, etc).  It is a laborious and mind-numbing exercise, but one that needs to be done as thoroughly as possible.  Ideally you should hire a professional to at least help you with the keyword research, as optimizing for the wrong keyword is just as bad as having no keywords at all.

Poor Design/Visual Hierarchy

I talk about this subject a lot, because it is SO important.  Many people who start an e-commerce site put up a generic template and don’t spend any time or money on design.  This would be like opening a retail store in a cardboard box, no one is going to want to shop there!  Your site needs to represent your brand well, and convey a message of professionalism and confidence.  A template that looks like every other generic site out there, or something that looks like it came from the 1990s isn’t going to win you many fans or repeat customers.

Hiring a professional designer will benefit you in other ways as well. We understand visual hierarchy and the use of color so that your customers click where you want them to, and spend time where you want them to.  (hint – you don’t want them clicking on a link to another site first!).  The goal of any e-commerce site is to get the customer to buy, not get distracted with social media or things that aren’t related to opening their wallet.  Understand your customer, understand what they want, and don’t assume they will find what they are looking for without some direction.

Unclear or Missing Value Proposition

You have about 5 seconds to grab the attention of a potential customer, and if you don’t clearly communicate who you are and why they should shop there immediately, chances are they are going to shop elsewhere.  Your value proposition should be clearly shown above the fold either as part of the hero space, or in the header itself.  Keep in mind that not all customers land on the home page, so it is always safer to include something this important in the header.  For example, in an industry like handmade soaps, you are going to be competing with thousands of other makers, so what makes you better than them?  Why should someone shop with you vs them?  Make that extremely clear in your value proposition and you’ll make the customer want to learn more about you and your products.

Need help fixing one of the issues above on your site?  Feel free to contact us!

Understanding Social Media and E-Commerce

Social-Media1One topic that comes up with every project we build is social media.  Unless you have been living in a cave, you probably know just how huge social media is to just about every aspect of life on the web these days.  Many people don’t understand exactly how it works with e-commerce, so I thought I’d outline the basics.

Social Media Sites

Obviously the first step of Social Media is to get yourself out there.  There are a number of social media platforms, and which ones you concentrate on really depends on your market.  There are some that you absolutely need to be active on, and some that are more industry-specific.  You need to be spending your time where it is most beneficial to your particular store.  You’ll quickly learn which platform is giving you the best return on your time investment.  Here are the big ones:

Facebook – absolutely essential to have a presence here.  You need a page, not a personal account – they are very different.  Pages let people ‘like’ them, accounts require you to friend request them.  You want everyone and their brother to ‘like’ your page, you do not want everyone and their brother being your friend, as many things that get posted on Facebook are not business appropriate.  You should be posting at least once a week if not more.  Facebook also lets you have a ‘store’ tab on your page, so you can list your products directly on that page.  Pinnacle Cart integrates with this seamlessly.

Twitter – another essential platform.  You should be tweeting at least daily, if not more.  Great for quick hits about new products, sales, etc.

Google + – essentially Google’s attempt to offer the same thing as Facebook, it just hasn’t taken off as quickly as they had hoped.  However, having a Google + account will help you, so you need to at least link up to it.  I personally don’t post as much on mine as I should, but it does have fans out there!

Pinterest – if you aren’t familiar with Pinterest, it is a site that allows you to share photos of things you find around the web on ‘boards’ that you set up.  Many people use it for shopping lists, ideas for projects, etc.  If you are selling anything that has images, you should have a Pinterest account and set up boards with your products.  People can share boards and images with one another, which hopefully will cause your products to spread like wildfire!

Instagram – we’ve seen this service become more popular of late.  Today’s society is obsessed with photos – and pretty  much has a camera with them at all times due to the mobile phone boom.  So why not take advantage of the trend and share your products regularly?

YouTube – if you have products that warrant video demonstrations/instructions/etc, you absolutely have to have a YouTube account to store them all.  Vimeo is an alternate service, but YouTube is still the biggest.

LinkedIn – not a huge player in the e-commerce side of social media, it can still be valuable if you are a B2B company.

Managing Social Media

You’ll soon discover that posting on all of these sites regularly is a full-time job in itself.  Not only do you have to find/write great content daily, but you absolutely MUST interact with any customers that interact with you, particularly if it is a complaint or rave.  This is now a major communication channel for people, and if you aren’t responsive you will lose customers.  This is why once you get busy, a Social Media Manager is going to become an essential part of your company.

Integration

So how do you integrate Social Media into your e-commerce site?  Some methods are quite easy, while others require a bit more work.

Links to your channels – first you need to provide links TO your social media channels from your site.  These are usually found in the header or footer of a site, and take the form of small icons with the social media logo on them.  There are all shapes and sizes, and usually your designer will come up with a set that matches your look and feel.  Make sure you set them to open in a new window, as you could easily lose a sale because someone gets distracted by going to Facebook!

‘Like’ Buttons – this is where the real value of social media comes in.  On each of your product detail pages, you should have ‘like’ buttons to each of the major social media channels.  When a customer clicks on one of these links, it posts your product to their wall/page/feed.  That is basically free advertising for you, as everyone of their friends and followers will see that product.

Feeds – one challenge of e-commerce is to provide fresh content for your customers (and the search engines). One great way to do that is by using social media ‘feeds’.  These are basically boxes that you place somewhere on your site that show the last 2 or 3 posts on each of your social media channels.  Some people have them in just one place (like the home page), while others show them throughout the site.  Either way, it is a great way to keep things fresh, and even pick up a few ‘likes’ for your channels.

Login – Many social media channels offer a way to log in with your saved info.  These take the form of ‘login with facebook’ or ‘login with Google +’ buttons next to the regular login buttons on your site.  These are one click logins, so they can save your customers a ton of time.

Comments – it is also possible to have ‘comment on Facebook’ boxes right on your product detail pages.  These work a lot like reviews, and are visible to all of the people on the person’s feed.

Blogging

If you are a blogger (and you should be), you can also post your blog article directly to your social media channels.  This reminds people who are following you to come on over to your site and see the latest and greatest, and hopefully make a sale.

A lot of info to digest isn’t it?  The bottom line is that if you don’t spend the time to create an active, professional social media presence your store will never be successful.  It would almost be like building a brick and mortar store but not putting a sign out front.

As always if you have any questions feel free to contact us!

Page 1 of 3123