|
SHOPPING CARTS To choose the means whereby we put our products on the world-wide-web, we proceed by a process of elimination (skip to the carts).
Also, people
sometimes browse with images and Java turned off, so if they attempt
to order and nothing happens... 3. It should avoid using frames. Some older browsers cannot support them, and we want to maximise our potential customer base. They also make pages awkward for search engine spiders to index. [Jan. 2000. Most surfers now use IE4 and Netscape Navigator 4.5 and higher browsers, with JavaScript turned on. Frames are no longer a demerit, but if you can avoid using them, do so. If you look at the most popular sites on the net, they are conspicuous by their absence.] 4. It should offer if possible a secure alternative to SSL transmission. Not all browsers can engage in these. There are two main SSL Secure Certificate Providers - verisign.com and thawte.com. Verisign owns Thawte. Thawte's certs cheap, and work just as well. See also RSA. The reason I think the wealthier Verisign bought out Thawte is because Verisign's cert's expired in Internet Explorer 3 in Nov/Dec 1999, so it now has no advantage over Thawte. Thawte's cert's however should be immediately acceptable in IE4, IE5 and Netscape Communicator for years to come. An SSL cert will still work even if it's expired; it just means that a customer has to 'accept' it into their browser, which is an annoying and worrying delay to the order process. As people upgrade their browsers this will no longer be an issue (I hope), but Thawte were for a short while serious competition price-wise to Verisign. Internet Presence Providers (IPP's) can provide their own generic certificates for their clients, but the customer - with a Netscape or an IE4 browser - has to go through a process of accepting them. The small business will have to decide if Verisign is worth the cost. My web hosts says that Thawte are a good bet as their certificates are cheaper (about $120) and are valid in later browsers (Netscape Communicator 4.5 and IE4), until the year 2020. Go to thawte.com. You could link directly to their browser checking scripts once your site is up and running. These scripts or .exe files allow browsers to be upgraded with new certificates 'on the fly'. A generic certificate is just as good on a purely technical level, but it adds awkwardness to the transaction. If you're doing good business, get a branded cert. If you're an individual just starting out with little money, a generic certificate will do fine. You can also 'pimp' off your web-hosts' cert. Just make sure you explain to your customer what will happen, and why. You just have to use their URL in your https call to your order form. Customers will expect to see the little key or lock light up on their browsers, so one should cater to them, regardless. Feb. 2000. At the time of writing I'm thinking of getting my own generic certificate, at a later date, as I am incensed at having to pay $100+ yearly to be 'certified', and now my own cert won't work properly in my Netscape browser! An SSL secure cert just fronts an SSL http encryption process, and in technical terms Joe Soap's is as good as any other. Thawte went to the trouble of checking over my company documentation before issuing mine, but they can't really check I'm not a crook - just my legal and paper existence. If their cert won't work in some browsers i.e. not go into SSL mode seamlessly on my site, then what's the point? And it might be fun putting my own one in [grin]. Oct. 2000. My web host has, at my request, set up a generic SSL cert on my site, good to the year 2010, for free. We'll see how it goes. Feb. 2001. The cert. works, but is unacceptable to older (IE3, Netscape Navigator 2.0) browsers. For net rebels, techies and people with limited finances only. I'm changing my order-form set-up now, so I probably wont be using it, but it is an option, if you're customers are not 'net newbies, and you can explain it to them 5. The ideal online web-shop should encrypt its orders from the time they 'leave' the customer's browser, until the time they are processed, and the customers' cards' charged. It's possible, but unethical, to set up a web shop without encryption. All one really needs at base is an simple order form and a .cgi script to post it. If however a whole slew of your customers' credit card numbers are intercepted and used by hackers, or your own staff, or that of your IPP , it would be bad for business, to say the least. Two types of 'post browser' encryption are used on the Internet - PGP (Pretty Good Privacy) and the rest. PGP can be downloaded for free in its pc and web forms from many sites on the internet. If you download a pc version of PGP, get version 2.6.2. At the time of writing, this version is compatible with the current web version and scripts which use PGP. The rest are individual systems developed by shopping cart software manufacturers. By 'post browser' I mean what happens to the order after it has been sent by the customer i.e. is it stored on the server in an encrypted or unencrypted form, or is it sent immediately to the merchant as an encrypted or unencrypted email? "Encrypted" should be the obvious choice. Ways to save data encrypted on a server are:
...in order of security. PGP is most secure, Uunecoding is hardly at all. Your customers' data is in a box like the one that's displaying this web page. Under-paid, over-worked geeks have access to it. That's excluding potential hacking. 6. The ideal online web shop should also be cheap - under $500, and capable of being set up without specialist technical knowledge or assistance. Some free web-shop packages will allow a customer to type in incorrect credit card numbers if the number of digits is the same as that of a valid card. They don't do a Mod-10 algorithm check on the basic validity of the number entered i.e. that it's in a range used by Visa and Mastercard, etc. This basic check stops honest customers keying in the wrong numbers by mistake. It does not stop crooks typing in numbers which will bypass this check, but which are ultimately invalid. I'm currently working on my own PGP based secure order script with credit-card validity checking. A beta version is available here. No shopping cart software in itself can check that a credit card number is stolen, or that there are sufficient funds in the account to pay for your product. There are a number of all-in-one services that will process your customers' numbers instantly via proprietary software, and debit their accounts. As I have not tried any of these myself I cannot vouch for them here. The most often cited are ibill.com, authorize.net and cybercash.com. CyberCash I have heard can keep and sell on your customers' information - not an attractive prospect. I read this in the alt.ecommerce Usenet newsgroup - a site well worth visiting. NOTE: When you set up your shop try testing it using Internet Explorer 3, as well as Netscape, or just the buggiest browser you can find. If your web store works under it you're home and dry. So, having taken all the above into consideration, what are the current options ? (bear in mind there are new products coming out every quarter). Having gone though twenty-plus different sub $500 shopping cart software solutions, I now present the cheapest, simplest, and most effective solutions: 1. Dansie Cart. A well specified cart, which hooks up with many different credit-card processors. Ain't tried it, but I've tried many others, so I'm making it number one by default, as it's inexpensive. Bad point: Apparently the Perl code is obscured, to make it harder to copy, which is annoying if you want to customise it. 2. Oscommerce. A very good, full-featured, free cart. Uses Php and MySQL. Not easy to setup for a net newbie. Cookies are used to track the order. If you have PhpMyAdmin installed in your web accout, it's easier. Requires a customer to register before they can make a purchase; irritating. 2a. X-cart. Similar to Oscommerce. Commercial. Requires a customer to register before they can make a purchase. 3. Akopia / Minivend (free). Complex product with lots of files and a lot of setting up to do. A complete solution, and includes the option of third party credit-card real-time order processing. Encrypts orders. 4. Agora agoracart.com. A Web-Store/Commerce.cgi hybrid. Open-source and free! 5. The Commission Cart. siteinteractive.com A cgi-based shopping cart which also functions as an affiliate program. Most interesting and useful. Haven't tried it, as you have to buy it first. Other webmasters earn commissions by signing up and linking to your site. Looks good.
9. Order Maven A little gem of a program. You bundle it with your shareware software, the customer starts it up, chooses the product, enters their details, and send off their order like an email, with the credit card details encrypted. It costs $30.00 at the time of writing. No secure server or order page needed; it's all done on the customer's pc at their leisure. You need to customise it, naturally. This isn't hard. Make sure you write your mail server URL into the code. For the customer, the order module is a 160kb download. Not too bad at all. 10. ait2000.com is a one-man-band-all-in-one operation, but is definitely worth a look. No cgi scripting needed. Has lots of interesting info at the site. 11. Selena Sol's Web Store (free) extropia.com/scripts/web_store.html The mama of them all. Allows orders to be encrypted via PGP if you have PGP installed on your server. Is very complex for a Unix newbie. Is well documented - the readme texts that came with the zip file were how I worked out what was wrong with ShopWizard (a previously interesting package which I bought, now gone over to JavaScript). Worth downloading just for those. And it's free. Like Perlshop, I didn't go the whole way to setting it up properly, but it was a very informative experience. Despite what it appears to say at the new site, the scripts are still free. 12. PerlShop (free) PerlShop is a simple shop to set up. It's free, and if you're coming to web shops fresh (rather than being at the end of your tether as I was), it's definitely worth a try. It now seems that a least one of the processing services it hooks up with is redundant. Still, it's worth a look, as it is an industry standard. 13. Mals-e. Mal seems like a decent chap: mals-e.com/more.htm 14. The TigerTom OMNI Script. As an alternative, try my secure order form script. Pretty good for the money! Doesn't hook up with any credit-card processors; it's just a simple order-form. Has some unusual features, 'though. 15. hotscripts.com has loads cgi-based carts. Remember: try to avoid carts that use cookies and javascript only, or that tie you into one secure server and credit-card processor. Also avoid web-based services that you lease only. Having read the above you should have eliminated quite a few programs from your shopping list. They either won't work with IE3, Opera, Mosaic, AOL et al., or they won't encrypt your order, or they want to tie you into their manufacturers' secure order system at $30+ per month. Another option is to get a bespoke system set up for you by a specialist company. These cost thousands of dollars. Aren't you glad you bought this little pamphlet? And you helped save the planet. Well done! :)
Also Ran:Here's a list of other carts, for your information. I can't endorse them, as I haven't tried them. Some are high-end solutions; they're expensive, you may need your own server, and are used for web shops with thousands of items. Also may require licensing. Browser-Based
Storefront Creation Services
FREE Browser-Based Storefront Creation Services
Shopping Cart Solutions
Advanced eCommerce Systems
Cat@log,
Vision Factory Intershop
Mall vPOS, Verifone Intershop
Online Net.Commerce,
IBM Domino Merchant,
Lotus WebCatalog
& WebMerchant, Pacific Coast Software SiteLINK
Toolkit Version, Dydacomp Merchandizer Electronic
Store, Globus.com SoftCart,
Mercantec iCat Electronic
Commerce Publisher 3.0, iCat ShopSite
Pro, Icentral ShopZone GoldPaint,
ClickShop Make-A-Store ShopSite
Manager, Icentral Shopping
Cart (Mall Edition), AHG WebCart,
RC Software Internet
Business Breakthrough, Breakthrough Software Hazel, Netsville Hassan Consulting's
Shopping Cart WebOrder,
Net2Go JShop Professional EZShopper,
AHG Smart Shop
|