ecommerce Day 1



Curtis McHale
email: curtis@curtismchale.ca

Intro




  • running SFNdesign for 5 years
  • specialize in WordPress eCommerce and Membership

Benefits of an online store




  • typical brick and mortar will see a 30% increase in sales
  • no retail space required
  • carry wider variety that then benefits local market
  • better customer targeting with increased metrics
  • easy funnel in to email marketing
  • mobile shopping up 21% in holiday season

SSL



  • when it says 'https://' in the browser

                                     

2 Types of SSL





  1. Quick SSL ($0 with Lets Encrypt to  $150)
  2. Extended Validation ($150 - $500+)

Ssl where?




  • use the host if they have them
  • many hosts have Lets Encrypt built in
  • Geotrust

SSL Setup



  • Media Temple has the best instructions
  • Generate a CSR
  • Send CSR to Geotrust
  • EV requires a bunch of verification
    • checking address
    • checking with government
  • send SSL cert to host or install it
    • some hosts cost extra for dedicated IP

pCI Compliance

  1. Use a firewall
  2. Do not use vender default logins (no admin allowed)
  3. Protect stored data (no FTP)
  4. Encrypt transmission of cardholder data
  5. Use and update virus protection
  6. Build and maintain secure systems
  7. Restrict access to data
  8. No sharing login information
  9. Restrict physical access to card data
  10. Track all network access
  11.  Regularly test security systems and processes
  12. Maintain information security policy

SUper fun reading





PCI Levels




  • Level 4 - less 20k yearly and 1 million in visa
  • Level 3 - 20k - 1 million annually
  • Level 2 - 1 - 6 million annually
  • Level 1 - 6 million+ annually

Pci Audits


  • most of your clients are likely to fall in to self assessment 
    • basically fill out a form yearly and get an automated scan
    • cost is under $500
  • Level 1 and 2 clients need expensive scans
    • 15 - 20k annually
  • all of the steps need to be reviewed annually
    • yes that means the self assessment form

When PCI?




Any time that customer card data is going to touch your server!!

A breach will cost so much money it will shut most businesses down

My starting point is you never want cardholder data

Other Security notes




Skimp on the security stuff and you could 
be liable for a breach


Make sure your contract covers you

Taxes


  • how many tax zones do you think there are in North America?
    • 15,000
    • in 2010 there were only 5,000
    • For WordPress sites with WooCommerce just use TaxNOW

TOS


If you want user agreement to be 'valid'

  • make it easy to find
  • generally a link right next to the button or checkbox


If you don't do this courts have said a TOS is invalid
The user had no 'reasonable' way to find and read it

EFF on TOS          

Privacy Policy


You really should have one even though it's not mandated
  • some industries do regulate it like Hospitals...
  • client needs to check the federal or provincial laws
  • write it in plain english so that users can understand it
  • talk to a lawyer

Hosted Solutions



Software options




WordPress Solutions




about EDD




  • free base plugin
  • integrates with forum easily for product support
  • automatic affiliate payments
  • bundled plugins save you money on purchase
  • great support for users
  • code available on Github
  • powers lots of WP Theme and Plugin shops

About WPEC



  • free base plugin
  • has a number of paid addons (not all in one spot)
  • lots of developers know how to use it
  • code is available on Github
  • Disney,  Digimon Fusion
  • oldest option and has some 'bad blood' around it

WooCommerce




  • backed by WooThemes
  • huge number of plugins in one spot
  • robust API
  • code available on Github
  • can do pretty much anything
  • Animal Suits

ecommerce Day 1

By curtismchale

ecommerce Day 1

  • 2,747