Jun 25, 2011

0 E-Commerce Web Hosting


With billions of dollars worth of business being done online, more businesses are starting to sell their products and services on the Internet. However, because of the involvement of financial and other sensitive data, hosting requirements for e-commerce websites are different than for other kinds of websites. 

In this article we will talk about the various considerations for choosing an e-commerce web hosting package.

Self Hosted vs. Managed Solutions
When it comes to e-commerce, what is required is software to manage and display the inventory or services you are selling, allowing customers to place orders and display the orders placed so that they may be fulfilled.
 
To accomplish this, you will either need to code your own software, use an out of the box software or use a hosted e-commerce solution. There are benefits and drawbacks to all of these methods and you need to find the solution which best serves your situation. Below is an outline of each of these methods individually.

1) Custom Coded Solution. Having an e-commerce system that is custom coded to your requirements is an ideal solution. However, the costs and time required to produce a custom coded e-commerce solution deter most people from opting for such a system.

If you do indeed choose to opt for a custom coded solution, then you have to be extra cautious about the security aspect of your software, as e-commerce sites are a lucrative target for hackers who would have unauthorized access to the sensitive financial data of customers.

2) Out of the Box Software. There are multitudes of commercial and free e-commerce management software solutions available in the market to easily accomplish most common tasks required to run an e-commerce business. The software is frequently used by many e-commerce sites, which means that the code is being tested in the real environment consistently.

With an out of the box software, you can have your e-commerce website running without having to spend a large amount of time and money on custom software development , plus the software is usually maintained by the manufacturer. If you choose to opt for “off the shelf” software, then you need to have skills or resources for installing and maintaining the software.

3) Hosted e-Commerce Solution. For a large number of people, the concept of installing and maintaining even an out of the box e-commerce management software is too technical or simply too time consuming. There are some companies which offer hosted e-commerce solutions without the necessity and hassle of dealing with the technical aspect of installation and software management.

With such available solutions, all one needs to do is to create an account on the website of the service provider, configure the domain to resolve to their servers, input information regarding products and start accepting orders. Such services may incur a setup or monthly service fee. However, there is no need for software installation or to keep up with security updates as that aspect is handled by the hosted service provider.

Depending on your business requirements and technical resources, you need to assess your situation and decide which of the solutions would best serve your needs. However, there are certain considerations which are common to all e-commerce sites regardless of the solution chosen. Below is a discussion of some of those considerations.

Server Reliability & Scalability
While server reliability is important for all websites, it becomes even more critical for e-commerce sites as there are direct financial and credibility implications due to server down time. For this reason it is important to have highly reliable web servers in place that can manage high traffic.

A lot of companies, especially those choosing self-hosted solutions, decide to host their e-commerce website on cheap shared hosting plans. Initially that may not cause any problems or hassles. However, as the e-commerce store becomes more popular, the server may not be able to handle the loads and could go offline causing direct financial losses. Not only that, there is the downtime that may also be caused due to the need to switch to a more powerful server, which could result in more of a sales loss. For this reason, it is best to get started on a virtual private server or a grid server as that solution can handle more loads than a shared server and are far more reliable overall.

It is also advisable to choose a hosting company that offers a choice of various hosting packages, including VPS and Dedicated Servers. By choosing a web hosting company which offers a hosting package that includes more resources than those that are currently required, it becomes easier to upgrade when needed and will reduce any downtime that may arise from the necessity of switching web hosts.

For self hosted solutions, one should opt in for the most powerful hosting package that can be afforded. The situation is more complex in the case of hosted solutions, where one doesn’t have control over the hosting infrastructure that the service runs on. In this case, it is best to check the service reputation of the proposed provider and review their up-time track record.

Data Security 
Data Security is one of the most important aspects of e-commerce hosting. Customers must share their personal and financial information when placing an order online. That makes e-commerce web sites an extremely lucrative target for hackers and identity thieves. Some security considerations that must be kept in mind are:

1) Use SSL for transmission of sensitive data. If there is any sensitive data being transmitted from a customer’s computer to the web server, do it over a Secure Socket Layer (SSL) connection secured by an up-to-date SSL certificate. This way all of the data being transmitted from the client computer to the server will be encrypted. Therefore, if someone tries to intercept the packets, the data will not be of any use to them in an encrypted form and sensitive data will not be compromised.

To implement a secure connection, an SSL certificate must be purchased and installed on the server. It is easy and inexpensive to purchase a SSL certificate. Most domain registrars such as GoDaddy and NameCheap offer SSL Certificates. You will need to supply the domain name the owner’s name and an address. 

There are different levels of certificate, the one we suggest for ecommerce is one that has fully verified the business and domain owner information. This type of certificate establishes higher level of trust which can be displayed to website visitors.

2) Regularly Update Server Software. Security exploits are regularly discovered in software and most developers release patches to fix these security exploits. It is always a good idea to stay updated on security patches for the server operating system, scripting software, database software and e-commerce management software.
 
This becomes even more important when the website is running on open source software. Exploits for such software are usually listed in publicly available exploit databases. Any person with knowledge of exploits for the unpatched versions can compromise the security of the website, possibly even the server.

Some hosting companies, as well as independent server management companies, offer security testing and patching at regular intervals. It is a good idea to pay for such services to regularly test for any security loop holes in the software and have it patched before it can be compromised.

3) Ask Only Necessary Information. As a security measure, e-commerce web sites should only ask for information that is indeed necessary to fulfill the order placed. Any additional questions for marketing purposes should be simple yes and no radio button type and not required for purchase. By following this strategy, even if the site is compromised, the damage done will be minimized as the amount of information available to the attacker will be limited.

4) Avoid Storing Credit Card Details. Rules regarding the storage of credit card information are well laid out by most banks and credit card issuers, requiring the merchants to encrypt them before storage. However, even with encryption, there have been cases of credit card information being compromised and misused by hackers.

Visa’s Cardholder Information Security Program (CISP) was created to define a security standard for all merchants that process, transmit and store Visa Cardholder information. To achieve CISP compliance, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard. The PCI Standard is the result of collaboration between the four major credit card brands to develop a single approach to safeguarding sensitive data. The PCI standard defines a series of best practices for handling, transmitting and storing sensitive data. While for medium to large companies may have the resources to comply on their own, smaller websites may need to pursue other solutions.

The first solution around this is to have customers input their credit card information every time they place an order over a secure link and discard the information after the credit card payment has been accepted. This is a minor inconvenience that most customers accept as a norm, as a trade-off for better security. However, it can be a problem if you are offering a subscription or a payment plan.

The second solution is to use the various payment processing companies which allow you to accept payment without ever asking for a customer’s credit card details. Companies like PayPal and MoneyBookers allow merchants to accept credit card payment without asking customers to input their financial information.

However, most e-commerce companies choose to make it optional to use such companies as the customers are required to have an account, and verify their identity with them prior to being able to make payments. Such companies may also have a different set of terms of service (TOS) than banks, which also means more legal contracts to keep track of for merchants.

Customer Support
Another important consideration for e-commerce hosting is the speed and quality of the customer support offered by the web hosting company. For an e-commerce website, server down time has direct financial and credibility implications.

If the customers find a website to be down, they will not be able to see the products and services for sales and therefore unable to place orders. The credibility of the company may also suffer if customers are continually unable to reach the website.

For this reason, it is important that one makes an effort to find and even pay a premium, if needed, for a web host which offers customer support with a fast turn-around and staff that has adequate technical skills. It is important that in case of downtime the hosting company’s support staff is able to fix the problem quickly. It is also worth it to work with a hosting company that offers telephone or live-chat support, as that can even further minimize the response time in the event of a problem on the server.

Certain hosting companies offer pro-active monitoring services where they actively monitor web server downtime. It is usually a good idea to pay for such services, as that can help minimize any down time that the visitors to the site may experience. Even if one doesn’t choose a pro-active monitoring service, it is a smart idea to have a server monitoring service like Alertra.com or Hyperion.com to track the e-commerce site. This will provide the website staff with the ability to be notified of any down time, either via email or text message.

It should also be noted that sales and technical support teams are different. There is no way that you can equate the quality of a pre-sales response to the technical support you may get from the host. So it is advisable to check the host’s reputation at various independent forums like Web Hosting Talk.

When it comes to e-commerce hosting, it is worth it to put in extra time and effort to find a great web host that has a dependable e-commerce solution in place as it can have direct implications for your online success.

0 Comments:

:))Blogger ;)) ;;) :DBlogger ;) :p :(( :) :(Smiley =(( =)) :-* :x b-(:-t8-}

Post a Comment

We respect your openion