ecommerce Day 1
Curtis McHale
email: curtis@curtismchale.ca
Intro
- running SFNdesign for 5 years
- specialize in WordPress eCommerce and Membership
Benefits of an online store
- typical brick and mortar will see a 30% increase in sales
- no retail space required
- carry wider variety that then benefits local market
- better customer targeting with increased metrics
- easy funnel in to email marketing
- mobile shopping up 21% in holiday season
SSL
- when it says 'https://' in the browser
2 Types of SSL
- Quick SSL ($0 with Lets Encrypt to $150)
- Extended Validation ($150 - $500+)
Ssl where?
- use the host if they have them
- many hosts have Lets Encrypt built in
- Geotrust
SSL Setup
- Media Temple has the best instructions
- Generate a CSR
- Send CSR to Geotrust
- EV requires a bunch of verification
- checking address
- checking with government
- send SSL cert to host or install it
- some hosts cost extra for dedicated IP
pCI Compliance
- Use a firewall
- Do not use vender default logins (no admin allowed)
- Protect stored data (no FTP)
- Encrypt transmission of cardholder data
- Use and update virus protection
- Build and maintain secure systems
- Restrict access to data
- No sharing login information
- Restrict physical access to card data
- Track all network access
- Regularly test security systems and processes
- Maintain information security policy
SUper fun reading
- PCI documentation
- V3 from November 2013
PCI Levels
- Level 4 - less 20k yearly and 1 million in visa
- Level 3 - 20k - 1 million annually
- Level 2 - 1 - 6 million annually
- Level 1 - 6 million+ annually
Pci Audits
- most of your clients are likely to fall in to self assessment
- basically fill out a form yearly and get an automated scan
- cost is under $500
- Level 1 and 2 clients need expensive scans
- 15 - 20k annually
- all of the steps need to be reviewed annually
- yes that means the self assessment form
When PCI?
Any time that customer card data is going to touch your server!!
A breach will cost so much money it will shut most businesses down
My starting point is you never want cardholder data
Other Security notes
- use WordPress escaping functions
- get your code audited
Skimp on the security stuff and you could
be liable for a breach
Make sure your contract covers you
Taxes
- how many tax zones do you think there are in North America?
- 15,000
- in 2010 there were only 5,000
- For WordPress sites with WooCommerce just use TaxNOW
TOS
If you want user agreement to be 'valid'
- make it easy to find
- generally a link right next to the button or checkbox
If you don't do this courts have said a TOS is invalid
The user had no 'reasonable' way to find and read it
Privacy Policy
You really should have one even though it's not mandated
- some industries do regulate it like Hospitals...
- client needs to check the federal or provincial laws
- write it in plain english so that users can understand it
- talk to a lawyer
Hosted Solutions
Software options
WordPress Solutions
about EDD
- free base plugin
- integrates with forum easily for product support
- automatic affiliate payments
- bundled plugins save you money on purchase
- great support for users
- code available on Github
- powers lots of WP Theme and Plugin shops
About WPEC
- free base plugin
- has a number of paid addons (not all in one spot)
- lots of developers know how to use it
- code is available on Github
- Disney, Digimon Fusion
- oldest option and has some 'bad blood' around it
WooCommerce
- backed by WooThemes
- huge number of plugins in one spot
- robust API
- code available on Github
- can do pretty much anything
- Animal Suits