Sheryl Canter

Creating an Online Store

To select wisely from the blizzard of options, you must understand the basics.

———–
This is an expanded version of my article in PC Magazine on creating an online store, posted here due to popular demand. I received many requests from readers for additional information.
———–

Online stores have become an essential element of doing business, but selecting wisely from the blizzard of options is difficult without an understanding of the basics. Depending on your choice, you can pay anywhere from 2% to 20% of each sale, not to mention monthly, annual, and startup fees.

Many businesses overpay for e-commerce services because the options are so confusing. A provider with a turnkey solution can be very appealing, despite a high price. The merchant may not even realize how high the price is compared to other options.

To make a good choice, businesses must first understand how online credit card processing works. Every online store needs two basic components: (1) a catalog to display products and allow customers to make selections, and (2) a method of accepting payment. These components are sometimes bundled together and sometimes sold separately, and costs vary widely.

Creating an Online Store
An online catalog can be as simple as a one page product list with each entry containing a “Buy now” button. If you have just one or two products, this is sufficient. But if you want customers to be able to select more than one product at a time, you have two choices.

The simpler method is a multi-product order page that lets customers enter quantities next to each item in your catalog. A single button labeled “Check out” finalizes the selections and brings customers to the payment page. Selections cannot be changed at this point without starting over.

If your online store contains a large number of products, you’ll probably want to use a catalog with a “shopping cart” that can remember customers’ selections as they browse your site. With a shopping cart, customers can click a “Continue shopping” button on the check out page to return to the catalog and add new selections without losing previous selections.

If you have programming skills, you can write your own custom e-store and shopping cart. Another option is to use a general purchase cart program such as osCommerce (an open source cart written in PHP), or Miva (a commercial product written in a proprietary scripting language). Both are frequently pre-installed with e-commerce hosting plans.

Hosting plans described as “commercial” usually often include support for Secure Socket Layers (SSL). This is for creating the secure form where customers enter credit card numbers. Handling credit card numbers securely takes knowledge and skill, so you may prefer to host the secure page on the site that processes your payments (more on this later). If you don’t plan to host the secure order page, don’t pay the additional fee for SSL.

Some Web hosts offer special e-commerce accounts with proprietary shopping carts that include editing tools for easy configuration. They are preconfigured to securely handle credit card transactions, but you are still responsible for obtaining an account (such as a merchant account) for accepting payment.

Two examples of e-commerce hosts are Yahoo Shopping (smallbusiness.yahoo.com/merchant/) and Mainstreet Stores (a Digital River company, mybiz.mainstreet-stores.com). Yahoo’s Standard plan is a hefty $99.95 per month, plus 1% per transaction. This is in addition to the fees for processing payments. Main Street Stores is less expensive, but also less flexible in configuring the store’s appearance.

Accepting Online Payments
There are three main options for accepting payments online: (1) person-to-person (P2P) services such as PayPal or Yahoo PayDirect, (2) payment services that accept credit cards on your behalf, or (3) your own merchant account for accepting credit cards.

P2P services are low cost (PayPal charges just 2.2-2.9% of each sale plus $0.30), but usually require the buyer to register with the service, and this can be a barrier to sales. (PayPal just introduced a credit card service that doesn’t require preregistration.) The registration process is time consuming, and some people prefer not to have their financial information kept on file.

Payment services are basically resellers. Their payment pages clearly state that they are the actual seller while you are only the supplier of goods and services. This disclosure gets around card association rules that forbid a company from accepting credit cards on behalf of another company. Costs can vary from 5-20% of each sale, sometimes with additional fees.

The traditional way to accept credit card payments is to obtain a merchant account. Merchant accounts have lower transaction fees than payment services (usually about 3%), but their service fees tend to be higher ($10-60 per month). There is usually a $200-300 application fee followed by a background and credit screen. Also, there’s usually a minimum term. If your business hits a slow patch, you won’t be able to cancel the merchant account.

Merchant accounts for internet-based businesses have higher fees and are harder to obtain because they’re higher risk. At one time, it was impossible to get a merchant account with a mainstream bank if your business was home-based, low-volume, a startup with no history, or based outside the US.

Large full-service banks still charge high setup and monthly fees, and are unlikely to approve an internet-based startup. But today there are banks that specialize in providing credit card services for small internet businesses. Approval rates are higher and prices are lower. Still, some small or non-US businesses may not be able to obtain a merchant account.

You’ll find companies on the internet offering merchant accounts to anyone, regardless of credit history, but beware sites like this. If the company isn’t following card association rules, it may be shut down at any time, leaving you high and dry.

For US businesses, Electronic Clearing House (echo-inc.com) and PayQuake (payquake.com) offer very low cost merchant accounts with a high percent of applicants accepted. If you’re outside the US, WorldPay (worldpay.com) is a good choice, though their prices are higher. See the “Merchant Accounts” section for details.

P2P Payment Services
Most online purchases are made by credit card in the US, but credit cards are less popular overseas. P2P services offer bank transfers and e-checks in addition to credit cards, and are the cheapest and easiest alternative.

PayPal isn’t the only P2P service, but it’s the largest and best known, and has high trust and acceptance among customers. Some many merchants, however, claim that PayPal freezes money in an account if there’s any kind of customer complaint, whether founded or unfounded.

Since some people prefer credit cards and some prefer person-to-person services, it’s a good idea to offer both options on your Web site. This has the added benefit of providing a backup in case one of the processors is offline.

Third Party Payment Processors
Even if you can get a merchant account, you may not want one for a startup because of the fixed costs. The alternative is to contract with a third party to sell your products using their merchant account. Companies providing this service are usually called third party processors, but most prefer the term “reseller”.

It’s against card association rules to accept credit cards on behalf of another business since it allows the other business to avoid background and credit checks. However, there are no rules against being a reseller. You are the provider of goods and services, while the company with the merchant account is the actual seller.

The reseller arrangement must be clearly indicated on the order form to meet legal requirements, and prepare customers to see the reseller’s name on their credit card statement. If a customer doesn’t recognize a charge and calls her bank to dispute it (termed a “chargeback”), the merchant’s credit rating will be adversely affected.

At minimum, third party processors provide a shopping cart or product selection form, a secure order page, access to a payment gateway (more on this later), and use of a merchant account. Transaction rates generally vary from 6-20%, compared to 2-3% for a standard internet merchant account.

The cheapest and most flexible of these services are archrivals 2CheckOut and PaySystems. Both charge a $49 setup fee. 2CheckOut’s transaction fees are 5.5% of the purchase plus $0.45. 5% of purchases is held for 90 days on a rolling basis to use against chargebacks. PaySystems offers two rate plans: 3.95% plus $1, or $5.5 plus $0.35 with up to 5% of sales held for six months on a rolling basis.

Both offer a shopping cart, but you don’t have to use it. You can implement the cart on your own site, and use the services only for payment of the total. PayPal also can be used this way, but the other third party credit card processors require you to use their internal catalogs.

Another feature offered by PayPal, 2CheckOut, and PaySystems, but none of the other third party credit card processors is the ability to post purchase information back to a script on your site. This allows you to store order information in a database, and send an automated message to customers after verifying payment – for example, a software registration code.

PayPal and 2CheckOut post back instantly, while with PaySystems there’s a 2-3 hour delay for fraud screening. PayPal doesn’t require fraud screening because the money is in hand, but 2CheckOut does, and it’s disconcerting to receive fraud alerts after your script has already mailed out software registration codes. 2CheckOut is aware of this problem and is working on a solution.

There are a few other differences. 2CheckOut allows you to customize the order form with a header and footer so the look matches your own site. PaySystems’ checkout page is visually aggressive and there is no ability to customize it. 2CheckOut allows you to add your company’s name to the descriptor line on the customer’s credit card bill, while PaySystems does not.

Also, to avoid liability beyond the purchase price, PaySystems checkout page insists that it sells only “PaySystem points” that are redeemable for products or services, but does not sell the actual products or services themselves. They are the only third party processor to describe themselves as a third party processor rather than a reseller. The point message on the checkout page is confusing, and may make some customers uncomfortable.

PaySystems also has some image problems because they handle credit card processing for quite a few scammers and spammers – for example, vendors selling penis enlargement pills. PaySystems says they will shut down any account after two complaints for spamming, but few people think to complain to a company’s credit card processor, and their support of these companies has tarnished their reputation. For example, one Web site devoted to monitoring internet scams warns that sites using PaySystems to process credit cards are more likely to be scams.

Both 2CheckOut and PaySystems have been victimized in the rash of Distributed Denial of Service (DDoS) attacks over the last year. PaySystems moved to a distributed network with redundancy to protect against such attacks. 2CheckOut did the same after a particular devastating attack over Thanksgiving weekend in 2003.

All the other third party credit card processors cost more and are less flexible, but sometimes offer special features related to specific industries. For example, the shareware processor RegNow (regnow.com, owned by Digital River) charges an astronomical 20% transaction fee, but gives access to affiliate programs for increasing sales, and optionally will host downloads for a penny a megabyte.

ClickBank (www.clickbank.com) also offers an affiliate program. Products are restricted to digital goods and services that can be delivered over the internet. Also, only one product can be purchased at a time – you can’t set up a list of products. There’s a $49 activation fee; the transaction fee is 7.5% plus $1.

Kagi (www.kagi.com) allows both tangible and digital goods and services, with a product list rather than a shopping cart. There are no setup or monthly fees. Transaction fees but average around 8-10%.

The only other third party processor offering a shopping cart is CCNow, a Digital River service that is restricted to tangible goods. Use of the shopping cart is required. The cost is $9.95 per month ($11.95 outside the US), plus 9% for sales in excess of $100 (11% outside the US).

Secure Forms & Gateways
The trickiest part of creating an online store is accepting payment because you have to securely obtain the customer’s credit card, and then securely transmit it for processing. Whether you want to obtain authorization immediately or enter the credit card manually when you fill the order, the information must be encrypted during data entry and subsequent transmission.

To secure a Web page for entry of a credit card number you need an SSL certificate from a recognized certificate authority. GoDaddy (godaddy.com) recently started offering very low priced SSL certificates. GoDaddy offers only standard certificates and not “step-up” certificates.

Step-up certificates will automatically increase the encryption strength supported by the customer’s browser to 128-bits if necessary. All modern browsers support 128-bit encryption, but until recently the US disallowed export of strong encryption so many people overseas still have 40-bit and 56-bit browsers. If few of your customers are overseas, this may not matter.

To authorize credit card charges in real time, you need a “payment gateway” in addition to an internet merchant account. A payment gateway is the internet equivalent of the in-store swipe terminal.

Payment gateways are servers that have been licensed to send encrypted financial transactions to the card processing network, which is separate from the internet. An in-store terminal gets the transaction data from the cash register and the credit card; a payment gateway gets transaction data from an encrypted online payment form.

The payment form must send data to the gateway according to detailed rules, so implementation requires some programming. Since errors can compromise security, gateway providers encourage merchants to use a secure form hosted on the gateway server, rather than hosting the form on their own server. The form’s appearance can be customized to some extent, but the merchant won’t be able to retain the customer’s credit card number, making it difficult to identify chargebacks (disputed charges).

Another solution is to use shopping cart software with built-in gateway support. No shopping cart supports all gateways, so choose the shopping cart first, and then choose from its list of supported gateways. There are also multiple processing networks, and no gateway supports them all. Your merchant account must be with a bank that uses a network supported by your gateway.

Merchant Accounts
To process credit cards, you need both a merchant account and a gateway service. The gateway service is usually provided by a third party for a separate fee, but not always.

Electronic Clearing House, Inc. (echo-inc.com), has their own gateway and processing service, so they can offer a free gateway with their very low cost merchant accounts. Merchants can accept e-checks in addition to credit cards. The setup fee is $99, and the monthly fee of $19.95 is charged only if there are sales in that month. Discount rates are 2.1-2.6%.

PayQuake (www.payquake.com) is another low-cost merchant account provider with a good track record. The Pay for Play plan has an annual fee of $49, and a discount rate of 3.79% plus a $0.50 transaction fee. Plans for higher volume businesses include setup and monthly fees, but lower rates for each purchase -discount rates of 2.4-2.8% plus $0.30-0.40 per transaction.

Both Echo and PayQuake offer merchant accounts only to US businesses. If you’re outside the US, WorldPay is a good choice, though their prices are somewhat higher.

WorldPay’s WorldDirect service offers a similar range of features as 2CheckOut and PayPal, so many people erroneously believe they are third party processors. In fact, WorldPay offers standard merchant accounts with an array of services usually associated with third party processors. Transaction fees are just 2.95% plus $0.45, but there is a $299 setup fee, plus a monthly fee of $35/month.

Making a Choice
There are dozens of other companies offering ways to accept money on a Web site – P2P services, low-cost/no-screen merchant accounts, wire transfers, and even an electronic currency based on a store of gold bullion. Since money is involved, scammers abound. Check out a company carefully before giving them your business. Simply typing the company’s name into a search engine with the word “forum” or “problem” can turn up valuable information. If an offer sounds too good to be true, it probably is.

Hiring a consultant to set up your online store may be cheaper in the long run than paying high ongoing service and transaction fees. In general, the more work you’re willing to do upfront, the less you’ll pay for the privilege of selling goods and services online.

One Comment

  1. Mark Strong says:

    Mainstreet-stores is in my opinion a scam.

    I was a FedEx custome and 5 years ago they were pushing something called FedEx Storebuilder. I clicked it to try it as a trial and within a week found it too hard to use and never went back.

    Now I find that has been taken over by someone called Mainstreet-stores. I found out because in an audit of my bank records we found a monthly $9.95 charge for the last 5 years called DR*MAINSTREET*DR

    So that’s $600 in automatic charges for something I never used.

    Further investigation shows that apparently Mainstreet-stores took this application over from FedEx and they say when you clicked, you agreed to have $9.95 automatically charged to you every month until you cancel.

    What makes this even more annoying is that in 5 years they certainly know the account has not been used. They sent no email, mail or communications of any sort regarding this. I belive this is because they didn’t want to alert people like me that we were being charged for something we were not using and were in fact unaware we were being charged for. They refuse to refund this.

    It is my opinion based on my experience with these guys that they operate in bad faith, know that there are many people like me that they are billing for nothing and are pleased with that situation.

    I would highly advise avoiding these people.

Leave a Reply

*