Building
E-Commerce Sites

It doesn't have to suck.

#bcn10ecom

Who's here?

What's in it for me?

Developers

New to ecommerce:Overview

What Options you have

Experienced in ecommerce:Cover some details you may not have thought of

Best practices

What's in it for me?

DevelopersDesigners

Awesome website design, awesome ecommerce

What's in it for me?

DevelopersDesignersMerchants / Marketers

Modern ecommerce:Modal cart

Single page checkout + signup/login

mobile commerce

social commerce

Security:PCI-DSS

PA-DSS

The Payment Application Data Security Standard (PA-DSS)

The Payment Card Industry Data Security Standard (PCI DSS)

Who is this guy?

General projects team leader and developer at DaveRamsey.comCo-Founder and core developer of FoxyCart.comLuke Stokesluke.stokes@foxycart.com@lukestokes

FoxyCart founded in 2007We've processed over 300,000 transactions this year alone for over $30M

over 1400 websites using FoxyCart to power their ecommerce

NOT A SALES PRESENTATION

US E-Commerce Revenues

http://www.census.gov/econ/estats/http://www.singularity.com/charts/page104.htmlOut of date, but you get the idea... ecommerce is important

E-Commerce Overview

Use the right tool for the job, work with what you're comfortable using.

Legacy Systems

QuickbooksSalesforceCustom fulfillment systemsYour CMS of choice

The Store

Again, work with what you're comfortable with.- table based layout?- font tags?

The Store

CMS + E-Commerce (self hosted)

Security issues: card holder data passing through your infrastructureDifficult to styleTries to be the one-size-fits-all solution for everyoneCreates a disconnect between your website and your online store

The Store

CMS + E-Commerce (hosted)

Difficult to integrateHave to learn new template languages

The Store

CMS + E-Commerce (CMS Specific)

Keeps you using the tools you're comfortable with (CMS) but may not give you the flexibility you need on the eCommerce side of things.

The Hybrid Store

Integrates your website with your ecommerceBrings the purchase closer to your content

The Hybrid Store

CMS:

E-Commerce:

Cons Requires customizationInventorycategory pages

Pros:Stick with the tools you knowOne website, not 2Service based let each system do what it does bestMore control to integrate with the tools you're already using (not one size fits all)Not cookie cutter, allows for flexibility of catalog, cart and checkout pagesOh, look, another osCommerce store...

Lots of great options, many of which didn't exist when we started FoxyCart

Payment Gateway

Payment Gateway

Connects your website to your merchant account

Merchant Account

Merchant Account

Allows your bank account to accept payments via credit and debit cards

Discount rates: percentage of transactionTransaction rates: set fee for each transaction ($.30 to $.50)Chargebacks: $30-$50, total PITA.Application feesOngoing feesSettlement fees: $.05 to $5

Keep in mind that it can take quite some time to get your merchant account setup so get the ball rolling early. Full credit checks are often part of the process. Be sure to read the fine print of what is and isn't allowed.

Profit!

Profit!

Meet real needs, serve well, get paid

Issuing Bank

Acquiring Bank

Tangent:Lots of hands in the cookie jar.Make sure your business model is profitable FIRSTDon't jump into an idea with tons of venture capital

YouTube made $240 million in 2009 and spent $700 million to do it

FoxyCart's story isn't sexy it's just a hell of a lot of work with very little sleep. We were profitable right away because we never borrowed money. Our growth has been steady because our users spread the word because we're meeting a real need: ecommerce for developers.

For your business idea: meet a REAL need. Get feedback from tools like User Voice. Make a profit!

Integration

Think about how the information you collect online will integrate with other parts of your business

Gotchas

SecurityIntegrationUpgradesFeatures

Gotchas - Security

Multiple attack vectorsClient NaivetNo such thing as "Secure"Security is HARD

Multiple attack vectors:Systems/HostingSoftwareSocial EngineeringClient NaiveteEmailing CC numbersNo such thing as "Secure"High profile failures includeJC PennyGoogleFacebookSecurity is HARDPCI is 200+ requirements. You can't take care of it by paying a simple fee (don't be scammed)PEN testing requiredSSL CertificatesServer Monitoring

Gotchas - Integration

CRMEmail MarketingInventoryAccounting

WorkflowCurrentFutureThink about moving to a service based architecture

Don't duplicate your data

Use the best tools for the job

Gotchas Upgrades

Security Hot-fixesNew features your client needsCustomizations

Fired a client 2 years ago and that version of osCommerce is getting hacked? What then?

Customize self-hosted package too much, how can you upgrade?

Gotchas Features

90% may not be good enoughsubscriptions / downloadables /registrations / coupons / gift certificates /custom fieldsWorkaroundsFuture business needs

Figure out your needs first and ensure the features are there

Brett story, 3-4 different shopping cart solutions for the same client.

Ensure you have workarounds

Doing conference registrations now, but what about selling the tracks as downloadables?

Demo

http://www.twelvesouth.comhttp://www.modernash.comhttp://www.thenerdmachine.com/apparel/shirts/mens-nes-black

Takeaways

Be familiar with all the pieces involved

Use the tools best suited for your needs

Have a plan for handling PCI compliance, security and ongoing maintenance including bug fixes and feature requests

Legacy Systems, Website, Store, Payment Gateway, Merchant Account and back to your legacy systems

Use the best in breed tools

Security is EVERYONE's job

Questions?

Shameless plug:FoxyCart handles much of your PCI concerns, has the features you need or ways to integrate with them, removes the need for an SSL certificate, supports multiple accounts with one login, lets you design your site how YOU want it, has one of the best checkout flows in existence and integrates with anything that can handle XML