Basics of eCommerce and woocommerce
Curtis McHale
email: curtis@curtismchale.ca
Intro
- running SFNdesign for 5 years
- specialize in WordPress eCommerce and Membership
Benefits of an online store
- typical brick and mortar will see a 30% increase in sales
- no retail space required
- carry wider variety that then benefits local market
- better customer targeting with increased metrics
- easy funnel in to email marketing
- mobile shopping up 21% in holiday season
SSL
- when it says 'https://' in the browser
2 Types of SSL
- Quick SSL ($0 with Lets Encrypt to $150)
- Extended Validation ($150 - $500+)
Ssl where?
- use the host if they have them
- many hosts have Lets Encrypt built in
- Geotrust
SSL Setup
- Media Temple has the best instructions
- Generate a CSR
- Send CSR to Geotrust
- EV requires a bunch of verification
- checking address
- checking with government
- send SSL cert to host or install it
- some hosts cost extra for dedicated IP
pCI Compliance
- Use a firewall
- Do not use vender default logins (no admin allowed)
- Protect stored data (no FTP)
- Encrypt transmission of cardholder data
- Use and update virus protection
- Build and maintain secure systems
- Restrict access to data
- No sharing login information
- Restrict physical access to card data
- Track all network access
- Regularly test security systems and processes
- Maintain information security policy
SUper fun reading
- PCI documentation
- V3 from November 2013
PCI Levels
- Level 4 - less 20k yearly and 1 million in visa
- Level 3 - 20k - 1 million annually
- Level 2 - 1 - 6 million annually
- Level 1 - 6 million+ annually
Pci Audits
- most of your clients are likely to fall in to self assessment
- basically fill out a form yearly and get an automated scan
- cost is under $500
- Level 1 and 2 clients need expensive scans
- 15 - 20k annually
- all of the steps need to be reviewed annually
- yes that means the self assessment form
When PCI?
Any time that customer card data is going to touch your server!!
A breach will cost so much money it will shut most businesses down
My starting point is you never want cardholder data
Other Security notes
- use WordPress escaping functions
- get your code audited
Skimp on the security stuff and you could
be liable for a breach
Make sure your contract covers you
Taxes
- how many tax zones do you think there are in North America?
- 15,000
- in 2010 there were only 5,000
- For WordPress sites with WooCommerce just use TaxNOW
TOS
If you want user agreement to be 'valid'
- make it easy to find
- generally a link right next to the button or checkbox
If you don't do this courts have said a TOS is invalid
The user had no 'reasonable' way to find and read it
Privacy Policy
You really should have one even though it's not mandated
- some industries do regulate it like Hospitals...
- client needs to check the federal or provincial laws
- write it in plain english so that users can understand it
- talk to a lawyer
WordPress Solutions
Key Plugins for WooCommerce
- Stripe
- Drip
- WooCommerce Subscriptions
Really that's it and many people don't need Subscriptions if they're not doing a recurring product.
eCommerce Basics and WooCommerce
By curtismchale
