I wear my jeans below my, ahem, waist. It’s easier but it isn’t my best presentation. When I want to improve how I present myself, I put on a suit with braces. My suits are tailored to present me in the best manner possible and braces keep my trousers where they’re supposed to be worn.

Your e-commerce site presents you and your business to your shoppers. Until recently, most e-commerce design only had to accommodate different resolutions and different browsers for the desktop/notebook . M-commerce is a reality now. If your shoppers are using mobile devices then your site needs mobile versions that are tailored for those tiny browsers.

Now there’s a new challenge.  I read Dell Streak Brings Tablet Computing Down the Mountain on E-Commerce Times this morning. Dell’s Streak, Apple’s iPad, Asus’s Eee; tablets are here and they’re a new browser frontier with new resolutions, and probably, new browser quirks to accommodate.

Designing for more browser flavors increases your site’s complexity and workload. Where do you start and which browsers are more important for your site and audience?  The clues are in three places:

• your web server visitor logs,
• your competitor’s sites,
• your shoppers.

Your web server logs will tell you which browsers you’re serving. If your shoppers are using browsers that your site doesn’t support you are losing potential sales. Look at your competitor’s sites on friends and associates’ smartphones and netbooks. Are they optimized for that particular device? If so, maybe there’s an audience that your aren’t reaching. Finally, talk to your shoppers. They might not be ready to make the purchase on a mobile device but they might be doing their research while they’re waiting for the train, walking down the street, watching TV, etc.

How about you? Are you using your smartphone or netbook (or tablet!) to research or buy? Is your site optimized for m-commerce browsers or are you thinking about diving in? Tell me how you use the smaller display and if you think it impacts your e-commerce site.

Photo credit: Mykl Roventine

ShopSite is a versatile shopping cart with many built-in features that can be customized for your requirements. But sometimes you need more functionality and ShopSite knew that you might. They included APIs so you can use custom programming to expand and enhance your cart.

API is an acronym for “Application Programming Interface.” Simply put, it’s a socket where your custom program can plug in to exchange data. Data is sent to the program and in some cases the program sends information back.

Order API

An Order API connects after the order is complete (i.e. payment has been approved). It receives all of the order data, but it can’t return data (i.e. it can’t modify the order in ShopSite). For example, Order APIs can be used to send order data to fulfillment services and shipping services (e.g. to create a shipment) or to update an external database.

Shipping API

ShopSite has built-in support for real-time quotes from UPS, FedEx and USPS, as well as calculations based simply on weight or order amount. If you need more complex calculations (e.g. shipping rate quotes from multiple origin zip codes) or you need rate quotes from a different carrier (e.g. a freight carrier) then you need a Shipping API to calculate shipping quotes. The Shipping API receives the cart data and destination zip code from ShopSite when the items in the cart change and it returns a list of shipping rate choices that ShopSite displays to the shopper.

Inventory API

ShopSite has built-in support for monitoring inventory quantity on-hand, preventing sales of out-of-stock items and sending low-threshold notifications so that you can replenish. If your cart inventory needs to be synced with an outside source because you carry inventory or sell in more than one location, you can use an Inventory API to connect with the outside source. The Inventory API receives item data from ShopSite when an item is added to the cart and during checkout. It returns quantity-on-hand data and can also return an alternate SKU for an item.

Sales Tax API

The Sales Tax API gives you more control over sales tax calculations. ShopSite’s built-in sales tax feature can select the sales tax rate based on zip code, VAT/GST, or based on a shopper-selected tax rate. It can include shipping and/or handling charges in the tax calculation. However, if you have to calculate sales tax on different combinations of product, shipping and handling based on the destination, or have to calculate sales tax on data other than the destination zip code, you need a Sales Tax API. The API receives cart data whenever the cart contents change as well as during checkout, and it returns a sales tax amount.

@stuff is a Certified ShopSite Designer. We develop APIs that are customized for your store and requirements. Contact me if you have questions about custom development for your store.

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

When people want information, they don’t have to fire up their laptop or log on to their computer. Nope, information is even more accessible now thanks to 3G cell phones that give users an instant Internet connection. If you’re a brick-and-mortar business and want to tap into a new client stream, look no further than the 280 million people who use their cell phones to tell them everything from what to buy to where to eat. If you’re a local merchant and want to reach out to visitors in your area, there are some new applications that make it very easy to join the local online scene.

Gowalla and Foursquare

Gowalla and Foursquare are 3G phone applications where users add locations and tell their friends about their real-time location. The applications are structured as online games, where users earn virtual badges or points for posting and using the services. In Foursquare, you can become “Mayor” of a certain location by posting regularly; on Gowalla you can be named the “Founder.”

Your business can benefit from adding its location to the application because locations within the services are searchable. When someone from out of town is looking for a place to eat, for example, the app lists local restaurants that have been added to Gowalla, along with the tips and recommendations posted by users who have eaten there. Geotagging capability is even more useful giving you the ability to reach out to shoppers in your vicinity.

For example, let’s say you own the clothing shop around the corner from a restaurant where someone is eating and checking in on Gowalla or Foursquare. When they check in you can generate an invitation that lets them know that while they’re in the area, it’s a good time to stop by your clothing shop and see the latest styles. You can even offer them a discount for coming in. If someone is the Mayor or Founder of your location, you can offer them special discounts because of the frequency of their visits to your location and the marketing service they are providing you. Getting started is easy.

Step One

Create a free account at Gowalla.com and Foursquare.com and check in from your business location to put it on the map. Gowalla requires you to enter an address; Foursquare relies on GPS information to pinpoint your location.

Step Two

See who else has visited your location and what they’re saying about you and check out what other nearby locations people are visiting. Reach out and invite; eventually, you’ll be able to buy advertising that specifically targets people based on their location using these geographically oriented applications.

Step Three

Set up your Gowalla and Foursquare accounts to automatically update your Twitter and Facebook, broadening your reach. The key to success in every business is visibility. Whether you’re a brick-and-mortar retailer catering to a small, local community or an online merchant, people are most likely going to find you first through web-based applications. Gowalla and Foursquare simply take advantage of GPS and 3G technology to make it happen.

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

Photo credit: Jason McArthur

A quick and easy way to help your shoppers select products and increase sales at the same time is by adding effective cross-selling and upselling to your online store. ShopSite has cross-sell and upsell functions that allow you to feature additional related or complementary products on pages, more-info pages and the cart page.

There are several ways you can use cross-selling and upselling to increase revenues and generate customer loyalty. The key is to make sure the items you are listing will be perceived by your customers as adding value and not just about you trying to stuff their cart. The most common ways to entice your customers are with the following approaches:

Volume Discounts

If a customer is already buying something from you, you know they like it, want it, and use it, so why not offer them a small discount to buy more of the same? If one is good, two is better. This type of upselling works best with consumable merchandise such as clothing, food, vitamins, and office supplies. It’s also works well for inexpensive gift items.

This and That

Two successful cross-sell approaches recommend complementary or related items to your customers based on what others bought (“Others who bought this also bought that”) or based on what the customer is looking at or has added to the cart (“If you like this, you’ll want that too). This approach works especially well for books, music, and other genre-specific items as well as general merchandise sales.

Do You Want Fries With Your Burger?

This classic upselling technique is ideal for your store. Simply providing your customers with an array of accessories or related items can increase your sales and it’s ideal for online stores that sell electronics, clothing, or toys. ShopSite’s subproducts feature makes it easy to offer related items as accessories.

Special Situations

To offer rewards to loyal customers, you can develop special offers targeted to customers to thank them for their purchase or offer free shipping at a certain purchase level. If customers are close to reaching a particular amount, you can encourage them to spend a bit more and get free shipping, but do your homework—it’s easy to have this option backfire because shipping costs can often eat up any additional profits.

Cross-selling and upselling are relatively easy to implement in ShopSite and they can increase your sales. ShopSite’s tutorials show you how to add them to your custom template:

1. Cross-sell Products on Pages and More Info Pages
2. More Information Page Product Cross Sell
3. Subproducts Listed In A Pull Down Menu
4. Subproducts Displayed with Checkboxes
5. Subproducts Displayed with Radio Buttons

Add cross-selling and upselling to your e-commerce store. Do you want fries with those additional sales?

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

Photo credit onlinehero

According to the 2009 Visa Security Summit, small businesses “are increasingly a larger percentage of compromise incidents yet are the least prepared to deal with such challenges to their business.” If you are an online merchant, you’re facing even greater threat. Online transaction fraud is one of the fastest growing criminal fraud segments, and without the proper protection, your online store could be at significant risk.

Verification Fraud

Verification fraud is one of the most common types of fraud that online merchants face. The criminal perpetrating the fraud often uses the store simply to gain information about the credit card numbers they are generating, seeking to identify numbers that are valid.

Settlement Fraud

Upon determining the validity of the credit card numbers, the criminal then uses that card to purchase goods, attempting to get your store to ship large quantities of goods to a different location. The goal of the criminal is to spend as much as possible as quickly as possible before the card owner discovers the issue and reports the problem. By the time this happens, the online merchant is usually stuck with enormous chargeback debt.

Affiliate Fraud

One of the most common frauds that occur involve an innocent buyer and an innocent seller who are both being used by the fraud perpetrator who sets up a dummy storefront and creates orders for which the criminal either intercepts the payment, collects the affiliate fee, or both.

Being a target of fraud can be a devastating and costly experience for a business owner. Online business owners who offer affiliate or reseller programs or who offer multi-payment trials often meet with the highest risk, according to Jeremy Drzal of Kount , a fraud detection and prevention company. Drzal outlines the process these criminals use at All Pay News:

courtesy of All Pay News

The most frustrating part about these types of fraud is that it can take several weeks or even longer before you as the online merchant become aware of the problem, and tracking down the criminal is difficult. These criminals can work from anywhere and often disguise their location and IP address by hacking into public computers at libraries or Internet cafes.

The fallout from these kinds of criminal schemes is expensive. Not only does the online merchant often pay an affiliate fee to the very criminal who perpetuated the fraud, but can also face additional losses for chargebacks, uncollectible accounts payables, and lost product.

You can protect yourself and your e-commerce business from being the victim of this type of fraud with a service like Kount’s Dynamic Fraud Detection SaaS. Kount’s fraud protection includes integrated solutions through patented Device Fingerprinting and IP Proxy Piercing platform. Integrating these solutions into your e-commerce store can significantly reduce the amount of fraud your store will face by protecting you against:

• Constantly changing customer personas.
• Anonymizing tools.
• Highly organized networks of compromised terminals (botnets).
• Rapid proliferation of stolen cards including CVV and PIN’s.

I partner with Kount and have integrated Kount into ShopSite stores. If you are ready to take a significant step toward discouraging fraud, contact me for more information about Kount and how you can protect your ShopSite store.

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

Photo credit: peasap

According to recent research from the Nielsen Company as reported by Practical eCommerce, more than 9 million people have made at least one purchase using their mobile handset, and an additional 125 million people indicated they would be willing to do so. m-Commerce is the newest way to increase your customer base and revenues, given that there are almost a billion web-friendly phones being used worldwide right now.

Most new-generation phones have browsers that support shopping carts, making mobile commerce a rapidly increasing phenomenon. To make your website mobile commerce ready, there are some specific conversion issues you will need to consider that will ensure that your website is capable of being navigated properly from the smaller mobile handset screen before you can launch your business as mobile-friendly. Because many of the mobile browsers read and interpret the web site code, if you really want a mobile commerce friendly site, you need to consider removing code that a mobile phone might have difficulty with to ensure speedy downloading of your pages and a clear view of your store.

It may be necessary to develop mobile-friendly CSS for your website to enhance the shopping experience of mobile users. Even when using a mobile browser that is designed to provide a desktop-like navigating experience, shopping from a smaller screen might make it difficult for your mobile commerce customers because of the need to continually zoom in and out to see products and endless scrolling to see your products. Understanding the way in which your customers will see your site on a phone screen will help you understand how to enhance the experience, so be sure to test your site on a variety of mobile browsers.

As well, not all of the security bugs have been worked out for credit card payment processing through mobile web browsers, and the U.S. is lagging significantly behind the rest of the world in accepting phone payments (where the purchased product is simply added to the user’s phone bill).

The ever-increasing popularity of mobile commerce will make it certain that you will eventually need to accept mobile payments. As new generation phones take center stage with users for surfing, socializing, and communicating, it is inevitable that these phones will also become the primary way in which most people shop online. Paypal, Amazon, and other major e-commerce sites have already rolled out mobile shopping options. Are you ready?

Photo credit: maveric2003

“How can I protect specific store pages and only allow access to specific shoppers?” is a question I’m frequently asked and there isn’t a quick or inexpensive method for doing it. The typical options are:

• Put the protected pages in a sub-folder and use a .htaccess file to protect the subfolder. It’s fairly easy to implement on a Linux web server but managing users and passwords isn’t convenient (unless you use the same user name and password for everyone). Also, it isn’t shopper friendly. (There aren’t any self-service methods for password maintenance or recovery.)
• Develop an authorized user database (and the associated code to maintain the database) and embed PHP code to test for a cookie before granting access. This method works well, doesn’t require sub-folders and access can be granular (e.g. specific users or groups have access to specific pages). Developing this method is a considerable upfront expense.

A new client asked me to develop a solution with slightly different rules. She only needed to limit access to registered shoppers that are logged in.

ShopSite bakes a cookie when a registered shopper logs in and updates the cookie when they log out. The cookie is a session cookie; it’s automatically deleted when the shopper closes their browser.

Testing for a registered shopper cookie is easy in PHP; here’s the code that I developed for her. If the registered cookie is found and the shopper is logged in, the page will display. Otherwise the shopper is redirected to a different page (typically a login page):

<?php
$cookieName = 'ss_reg_[store serial number]'; // change this
$redirect = '[the URL to redirect if not logged in]'; // change this
$OK = false;
if (isset($_COOKIE[$cookieName])) {
   $cookie = explode("|", $_COOKIE[$cookieName]);
   $OK = ($cookie[2] == 'yes');
}
if (!$OK) {
   header("Location: $redirect");
   exit;
}
?>

To use this code:

1. Replace [store serial number] with your ShopSite serial number (you can find it in Preferences ->Hosting Service->Serial Number).
2. Replace [the URL to redirect if not logged in] with the full URL (e.g. http://www.mystore.com/page.html) to which you want to redirect the shopper if they aren’t logged in.
3. Insert the snippet above the first line of the pages that you want to protect. (If the pages are generated by a ShopSite template you can insert the snippet into the template.)

The minimum requirements for using this code are:

1. You must be using ShopSite Pro (for its Registered ShopSite feature).
2. If the pages that use this snippet do not have a .php extension, your web host must be configured to parse for PHP tags in non-PHP files (e.g. .html files). Your web hosting provider can help you set this up.

Like any other changes you make to your site, test the new page(s) and/or template(s) before making them live on your site.

If you are a small business owner doing business online, you need to think proactively about protecting yourself from web site disasters. Losing your web presence to any kind of web site disaster would have the same impact for most small online businesses as an earthquake would have on a brick-and-mortar business. There are three key things you can do to prevent website disasters from occurring with your website:

1. Test Your Website

While it is important to test your website to make sure everything is operating properly, many business owners make the mistake of testing on their live site instead of using a development site for testing. If you test on your live site, you might be the one who breaks it. However, by testing on a development site, you can still thoroughly check the operation of your site, and run test orders to make sure transactions go smoothly, without running the risk of bringing your site down for however long it takes to fix it.

2. Make Data Recovery Easy

If something does happen to your website data, it can be frustrating and difficult to recover from quickly—unless you have local backup copies of all your web site code. Your backup process should also include maintaining all of your source files for your graphics. As well, even if you are a small operation and don’t think it’s necessary, get in the habit of doing nightly backups of everything—or it’s possible you never will be anything but a small operation. Good web disaster practices are essential for ensuring that you are capable of meeting and exceeding your customer’s needs.

3. Protect Your Site

There are several steps you need to take to protect your website from being infiltrated by hackers. What you need to remember is that when you make things easy on you, you make things even easier for hackers and other criminals. It might be more convenient to have every system using the same password, or to let all employees log in under your account, but it is dangerous. You should have strong, unique passwords for each system. Login information should be secured and only shared with those who need to have access.

You should be changing your passwords often. Never rely on vendor-provided passwords to protect you. Always change it as soon as you receive the login information. You should change your passwords any time someone leaves your employment, too, even if you think they might be the most trustworthy person. The strength of your password is also important. 4-letter passwords are ridiculously easy to crack; 8-12 character passwords that are a combination of letters, numbers, and symbols afford you the most protection. And no matter how tempting it is, don’t store your passwords in your browser.

A few small steps and inconveniences now can save you a world of hurt over the long run and protect both your business and your customers.

If you’d like to receive regular technology updates from The View From Under the Hat™, subscribe via RSS or email.

Photo by irene.

In Part 1 of this 3-part series on PCI Compliance, we talked about the what of compliance, and in Part 2 we discussed the why of compliance. In this final installment of the PCI Compliance series, I want to talk to you about the exorbitant cost of non-compliance. Next week, I’ll talk to you about how to prevent a Website disaster.

Did you know that even if you are considered a small, Level 4 business with less than 20,000 transactions per month that you are still required to meet certain PCI compliance standards? At the very least, you must complete an annual Self Assessment Questionnaire if you accept or process credit cards in your line of business. Even if you do not store credit card information, if any part of your payment process does come into contact with secure credit card information, you are required to meet PCI security standards. In fact, according to the PCI Security Standards Council (www.pcisecuritystandards.org) even if you only process one credit card transaction per year, you are required to meet the standards or face the risk of being fined or having your ability to process credit cards revoked.

The focus of the credit card industry has shifted from Level 1 merchants to identifying and reducing the security risks in small businesses because research completed by Bank of America shows that Level 4 credit card merchants account for 99% of all credit card transactions but continue to be the highest security risk, particularly compared to larger firms, because these smaller businesses often cannot afford to place more emphasis on security or do not have the IT knowledge to do so.

The High Cost of Non-Compliance

According to a recent poll by the PCI Security Standards Council, only 29% of small business owners had knowledge of the PCI compliance standards and only 11% were actually in compliance. That means there is a lot of risk out there, and risk is costly. It only takes having one confirmed security breach for a Level 4 merchant to suddenly be forced to meet Level 1 compliance standards, and the fines for security breaches can climb into the millions.

Visa Card, Inc. reports that more than 80% of their non-compliance issues came from Level 4 merchants. Credit card fraud losses amount to more than $1 billion each year, and while consumers are protected from being held responsible for stolen credit card purchases, that cost is definitely passed on to merchants, and the shift in focus to small businesses with less than 20,000 credit card transactions per year is significant.

When a merchant is non-compliant, the business can be held liable for the cost of chargebacks as well as the cost of reissuing cards or supplying secure monthly monitoring for the hacked accounts. Replacement cards are typically charged to the merchant at $25-$75 each, and monthly monitoring can be $15-40 per month per account in addition to fines, forced security measures, and the potential of having your ability to accept credit cards revoked.

To paraphrase Ben Franklin, an ounce of prevention is cheaper than a pound of cure. The cost of non-compliance is significantly higher than meeting PCI compliance standards. As we wrap up our discussion about PCI Compliance, I hope the information I’ve presented encourages you to become PCI compliant.

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

Photo by chrisstreeter

Even if you’re a small business with a small amount of credit card transactions each year, you may have already heard from your merchant bank or credit card processor about Payment Card Industry (PCI) compliance. PCI compliance is the process of developing security processes and systems that protect you, your bank, and your customers from credit card fraud and identity theft by making sure the way you store and access credit card information limits risk as much as possible.

In Part 1 I discussed the “what” of PCI Compliance. In this second part of my three-part series on PCI Compliance, I’ll tell you how you can simplify PCI compliance if all of your credit card transactions are processed online, e.g. by a shopping cart.

The first step is to determine your PCI Compliance level. Compliance requirements depend on the number of transactions your business has in a year. There are several levels of PCI compliance:

1. Level 1 Merchants process over 6 million credit card transactions each year.
2. Level 2 Merchants process between 1 million and 6 million credit card transactions each year.
3. Level 3 Merchants process between 20,000 and 1 million e-commerce transactions each year.
4. Level 4 Merchants process less than 20,000 e-commerce transactions per year, and less than 1 million total transactions per year.

Most small businesses fall into the level 4 category, which is who this article is intended to help. If your business is Level 3 or higher, your compliance requirements are more involved than I can cover in this post, but more information can be obtained from the PCI Security Standards at www.pcisecuritystandards.org.

PCI Compliance Can Be Easy For Level 4 Online Merchants

PCI Compliance is easier if you don’t store credit card data on your local systems. If your shopping cart software is PCI Compliant, and your hosting platform is PCI Compliant, then your e-commerce store should be able to pass a quarterly PCI Compliance scan.

If…

• If you only process credit cards via your shopping cart, and,
• your store passes a PCI Compliance scan, and,
• you fill out a Type 1 Self Assessment Questionnaire for card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced, (refer to the PCI DSS New Self-Assessment Questionnaire (SAQ) Summary V1.2)

…it’s easier to be PCI Compliant.

Two companies that I work with, and recommend, whose products and services will satisfy the software and hosting requirements for PCI Compliance are:

• ShopSite Shopping Cart Software is PCI/CISP/PABP/PA-DSS certified.
• LexiConn Internet Services Inc. is a National ShopSite Hosting Partner that can provide PCI Compliant hosting. (LexiConn and atStuff LLC have a mutual affiliate relationship.)

If you have to store credit card information try to outsource the information storage to your credit gateway and let them do the heavy technology lifting to protect that data. I suggest that you consider the Authorize.net Customer Information Manager (CIM) and/or Automatic Recurring Billing™ (ARB) products for safe, outsourced credit card storage. (I am an Authorize.net reseller.)

In Parts 1 and 2 of this 3-part series, I discussed the what and how of PCI Compliance. In Part 3, I’ll tell you why you should be PCI Compliant today even if your bank and/or merchant processor don’t require it yet.

The information in this article is intended as a guide only. Only your PCI Compliance vendor can certify your compliance. Please perform due diligence to ensure that you are meeting compliance standards by reviewing the requirements with the PCI Security Standards Council and your own PCI Compliance vendor.

If you’d like to receive regular technology updates from The View From Under the Hat, subscribe via RSS or email.

Mike Masin is an e-commerce developer and owner of atStuff LLC.

Photo by john.d.mcdonald