WordCamp Phoenix 2012 – E-Commerce

Aaron D. Campbell, BlueDog Web Services

Click any slide or press F5 to start the slideshow. Navigate with the arrow keys and press ESC to exit the slideshow.

E-Commerce & WordPress

The options available and how to choose what’s right for you.

Aaron D. Campbell
WordCamp Phoenix, 2012
Slides: http://xwp.me/wcphx2012

About Me

Aaron D. Campbell
aaron@bluedogwebservices.com
http://bluedogwebservices.com/
Twitter: @BlueDogWeb
http://profiles.wordpress.org/aaroncampbell/

2011: $193.4 Billion
2010: $166.4 Billion

Total e-commerce sales according to the US Census Bureau

e-commerce is a pain

Merchant Accounts

Payment Gateways

Fulfillment systems

PCI Compliance

Security

SSL Certificates

Returns

Refunds

Customers

Maze of Choices

  • Shopping Cart
  • Onsite/Offsite payments
  • Payment Gateway
  • Merchant Account
  • SSL Certificate
  • PCI Compliance

Cart vs No Cart

Reasons to consider no cart
  • Single product
  • Non-standard experience
  • Subscriptions
  • Registrations
Why this is a bad idea
  • Can confuse users
  • Cost

Onsite vs Offsite

Offsite
  • Extra checkout steps
  • User leaves site
  • No need for SSL certificate
  • No PCI Compliance
Onsite
  • More work to setup
  • Seamless checkout experience
  • SSL certificate required
  • Must certify PCI Compliance
  • Requires Merchant Account
PayPal Standard

Customer leaves your site, completes payment on the PayPal site, and does not have to return.

Express Checkout

Customer goes to PayPal, enters payment details, and returns to your site to finish order process.

Website Payments Pro

Customer stays on your site through the whole process.

Payment Gateways

A payment gateway is a service that authorizes payments. It’s the equivalent of a physical point of sale terminal.



Merchant Accounts

A merchant account is a type of bank account that allows businesses to accept payments by debit or credit cards. It requires an agreement between the merchant, bank, and payment processor.

Costs
  • Authorization Fee
  • Statement Fee
  • Monthly minimum fee
  • Batch fee
  • Customer Service fee
  • Annual fee
  • Early termination fee
  • Chargeback fee

Merchant Account Tips

  • Sometimes the merchant account and payment gateway are a package
  • This can take time – plan accordingly
  • Know your limits
  • Find out about reserve amount
  • Beware the chargeback

SSL Encryption

  • Encrypts communication between the browser and the server
  • The browser encrypts information before sending it with the public key from the certificate
  • The server decrypts the information with a private key known only to it

SSL Buying Guide

  • Costs range from $25 – $1500/year
  • 4 Basic certificate types:
    • Single domain
    • Multiple sub-domains
    • Wildcard sub-domains
    • Extended Validation (EV)
Vendors

PCI

PCI SSC

Payment Card Industry Security Standards Council
Sets the standards you have to follow.

PCI DSS

PCI Data Security Standard
The standard you are required to meet. 12 requirements for any business that stores, processes, or transmits cardholder payment data.

PCI-DSS
Build and Maintain a Secure Network

Requirement 1:

Install and maintain a firewall configuration to protect cardholder data

Requirement 2:

Do not use vendor-supplied defaults for system passwords and other security parameters

PCI-DSS
Protect Cardholder Data

Requirement 3:

Protect stored cardholder data

Requirement 4:

Encrypt transmission of cardholder data across open, public networks

PCI-DSS
Maintain a Vulnerability Management Program

Requirement 5:

Use and regularly update anti-virus software or programs

Requirement 6:

Develop and maintain secure systems and applications

PCI-DSS
Implement Strong Access Control Measures

Requirement 7:

Restrict access to cardholder data by business need to know

Requirement 8:

Assign a unique ID to each person with computer access

Requirement 9:

Restrict physical access to cardholder data

PCI-DSS
Regularly Monitor and Test Networks

Requirement 10:

Track and monitor all access to network resources and cardholder data

Requirement 11:

Regularly test security systems and processes

PCI-DSS
Maintain an Information Security Policy

Requirement 12:

Maintain a policy that addresses information security for all personnel

PCI-Compliance: Assess → Remediate → Report

Assess: identifying cardholder data, taking an inventory of your IT assets and business processes for payment card processing, and analyzing them for vulnerabilities that could expose cardholder data

Remediate: fixing vulnerabilities and not storing cardholder data unless you need it

Report: compiling and submitting required remediation validation records (if applicable), and submitting compliance reports

SAQ
Self Assessment Questionnaire

  • This is basically a checklist of yes/no questions that you can use to “Assess”
  • Get it here: http://xwp.me/pcisaqs

Best Practices

getshopped.org

WP e-Commerce

Free + Paid Upgrades/Addons ($10 – $195 each)

jigoshop.com

Jigoshop

Free + Paid Upgrades/Addons ($8 – $80 each)

cart66.com

Cart66

Free Lite Version
$89 – $299 (per year for continued support)

shopplugin.net

Shopp

$55 – $299
Addon modules $25 each
Priority Support $49 – $199

Questions?

Ask!

This presentation is running on WordPress and based on the Shower presentation template: https://github.com/pepelsbey/shower