Best Webstores

[Steve Moneypenny]

I am fixing to open a shooting related webstore. Mainly to sell products that students and acquaintences say "hey, where can i get" when I reccomend something. Many times they either can't find it, or end up paying way too much. or the worst case I reccomend someone, and the student gets greeted with bad services. I feel that reflects on me for reccomending the person.

I know Monster, Yahoo, and various places offer shopping carts, but which ones (or websites) do you as consumers like to use the most? and those who have stores ( Benos, and others) is the easiest to administrate?

All imput is greatly appreciated.

[George]

If you are not adept at web server stuff, your best bet for total security is to use a webhosting service that offers SSL certificate setup for you and will have their tech team set up the shopping cart script you choose to use.

Shopping Cart scripts typically use SSL encryption to keep the transactions secure and the best ones actually transfer you into a remote, secure server to do the transaction so that all data is actually entered inside the merchant account server instead of being sent there from your server across the internet where there is a very remote chance of interception and decryption even if SSL is used to transfer the transaction data to the merchant server for CC processing.

The choice most folks make for their Merchant Account (separate item from the cart script and webhosting service) where the CC transaction is actuallly handled is to use Authorize.net. It works with most major cart scripts.

Another option that works very well and was only recently introduced is Paypal's Web Payments Pro. It is very easy to setup and use because it does not require the whole store to be run in SSL (which is the hardest part of the webstore transaction process) and can be configured by mere mortals without an IT department assisting. It uses a Verisign provided back-channel SSL pipe that is transparent to the end user to ship transaction info into the Paypal secure server while letting the client remain in your store/server. The transaction process actually occurs inside the Paypal server and nothing but a confirm, or deny message is sent back. Your cart script then closes the customer experience out with a success page without having to process anything sensitive on your server. This provides equal security to running the whole store in SSL without requiring you to deal with new SSL certificates and all the ensuing hassles every year. The one-way SSL pipe into Paypal is just as secure as the normal whole store SSL routine, but can be run on almost any hosting system without IT department assistance as long as the PHP configuration meets certain specs (PHP 4.0 and CURL).

As far as Paypal and firearms related sales, as long as you aren't selling ammo, actual firearms, or the parts to build complete firearms they don't seem to care.

The two leading Shopping Cart scripts are OSCommerce and CubeCart

A websearch on these two scriptnames, Authorize.net, Paypal Website Payments Pro and SSL should get you enough info to choke a horse.

Some examples:

Here are my two stores running CubeCart and Website Payments Pro.

http://www.applescore.com/store/

http://www.3gunrules.com/store/

There are literally tens of thousands of webstores running out there using OSCommerce and CubeCart with Website Payments Pro and Authorize.net handling the merch end.

A number of webhosting services offer OSCommerce and CubeCart built-in and for a fee will pre-configure them along with SSL for you. It is usually up to you to get the merch account up and running with the info they provide after the cart script is initially setup.

Skinning a cart script to get the store front to look the way you want is a horse of another color and sometimes is the toughest part of the job if you need it to match an existing site exactly.

Brian uses custom HTML coding instead of a cart script and then hands the transaction off to Authorize.net for his store.

I believe Matt Burkett is using a heavily customized cart script and Authorize.net

PM me if you need more specific info on anything.

BTW, I thoroughly dislike, even hate the Yahoo webhosting system and anything they offer as Internet Service. Can't speak to Monster, but generally I would choose a real IT oriented hosting service. Try looking at MediaTemple.com

Good luck.

[Rob Boudrie]

SSL is a pre-requisite for a secure website, but not in and of itself sufficient. Some sites (the Enos store, USPSA store, USPSA membership, `IPSC store, SVI, JP to name a few) run the site on a general purpose server and interface to a special "secure service" for ALL handling of the credit card - not even taking the number in on their server.

Putting a SSL based cart (OS Comerce, etc) on a general purpose server that has ports other than 80/443 opened is a recipie for problems down the road. I'd guess that a fair number of stores use SSL to pick up their orders, but use plain old unencrypted FTP with the SAME PASSWORD to upload changes to the site.

USPSA runs their charges through authorize.net. We use Americart.com for the store (Americart interfaces to Authorize.net), and directly interface to Authorize.net for the membership, classifier and nationals registration payments. Don't even think about building a direct Authorize.net interface unless you have some programming skill (you need to generate an MD5 hash) - but you can easily build a store using Americart.com and CoolCart.net to handle the processing (coolcart is a bit easier to use).

[George]

Good point Rob makes about using different passwords for every point in your system.

Most cart scripts prompt you to change the admin login password if you go longer than 3-4 weeks without doing so. This is very important, I change mine bi-weekly and they are non-trivial as heck and not used anywhere else!

There is no such thing as 100% secure on the web, even when you have someone else handle the transaction. Nothing short of direct phone and fax orders are really secure as there is no server storing transaction info that gets grabbed later. It's not just the transaction itself that needs to be secured, the merchant you use is still online with all your transaction data and if they are hacked, so are you ;-/

[Cactustactical]

If your store is basically going to be low volume (as you describe it), your best bet would be Yahoo or something similiar. Disclaimer, I don't really care for Yahoo because of its inflexibility, but it is perhaps as low maintenance as you can get. If the cart is going to be kind of an afterthought and a nice to have, you want low maintenance and reasonably prices. Last time I checked, Monster ( a nice product) wanted a $99 per month base fee which would take a lot of sales to make back.

You can also use a gui based product display front end or build one from scratch and a cc processor like Cool Cart, Cool Cart is around $20 per month. Support from Cool Cart varies and the owner tends to make changes unnannounced that don't always work in your favor. We used it for about 2 years on one of our earlier store versions and its features were limited as far as our needs. Burkett also did on his earlier web site. It might have everything you need since it sounds like your needs are much less.

You can also use one of the Open Source web stores: oscommerce, zen cart, etc. Those usually have add-ins which will interface directly with a cc processor like Authorize.net or Paypal (anti gun, they don't like you) in a secure fashion. The cc # passes on to the processor and you don't have to deal with storage of it on your sql database. The open source carts are free, but you really got to know php, mysql and html. Unlike a software product sold for profit or one hosted by a 3rd party, there is no dedicated support staff, so you are sometimes left swinging in the wind if you have an issue. The user community is helpful as far as debugging problems, but ultimately it is up to you to deal with them. We have a good guy here who works the site, so we are OK, and we knew that coming into an open source system. I would not recommend an open source product unless you have the knowledge to support it. Simple environmental things like your hosting server upgrading from php 4.x to 5.x can bring your store down and like I said, you are on your own as far as dealing with it.

The front end and cart you ultimately pick depends upon your needs: volume, your knowledge level, flexibility as far as product display, features, etc. I would build a matrix of what your needs ( products to display, cc's accepted, product attributes, discount coupons, etc) and predicted volumes are and then study the existing products and then

make a choice.

George,

Paypal will shut off anyone without warning if you sell anything related to "pre-ban" or "assault weapons". Almost a year ago, they froze our account because we sold high capacity magazines and AR-15 accessories. They demanded that we stop selling all of this items. There is no appeal process with them. We told them to go pound sand.

Paypal is a very user friendly system to use, but their bias and strategy to get rid of "us" makes them risky as a payment choice. If they are an option that you can live without, I would say go for it. When they do shut down your account, they typically freeze it for 6 months without appeal, locking you out of access to your funds. We knew the full nature of their bias, so we swept our account nightly, so suffered little harm when they shut us down.

[George]

Yeah, I know all about PayPal's policies and have been able to work around them because I don't use any wording, or feature products that run afoul of their attitudes. I submit all my listings for approval and have gotten a clean bill of health from them, so far. We will see how the long term goes.

The best option IMHO, is to find an IT oriented hosting service that supplies a cart script pre-installed and offers SSL config for you, now you get full features and ease of use. They are running the server AND supplying the script AND the SSL, so it is up to them to keep the server environment stable and the SSL cert current. 98% of the headaches are here.

[robomanusa]

another option for you would be Interchange and is written in Perl

http://www.icdevgroup.org/

ssl certs can be created by anyone with a unix based machine and are just as good as the ones you will pay for just to not have IE warn you of the trustworthyness of the owner. Another one of your MS monopolies, lol

no matter what option you go with you'll need someone to handle CC transactions securely for you, which will be costly......... im like george the new web payments pro from paypal offers offline processing so someone can call and give you the info over the phone, paypal dont need to know the items sold, just provide an order number, lol

[Steve Moneypenny]

Thanks for all the awesome info guys! i'll be studying... Even if you folks aren't computer savvy i'm interested in your experiences with web stores. (good and especially bad so i know what to avoid)

As for Pay pal... i'd walk on fire to not let them make a damn dime!

[Cactustactical]

Below is a cut and paste excerpt from Paypal's acceptable use policy on firearms found here: Paypal Acceptable Use Policy. The full summary page on what Paypal considers not fit to support can be found here: Paypal Policies.

FIREARM PARTS AND ACCESSORIES

You may not use PayPal to purchase or sell any firearm receivers or frames, components and parts of receivers and frames, or "cut" or "80%" receivers. PayPal also does not permit assault weapon-related parts and accessories, firearm silencers, and kits designed to convert a firearm to have automatic firing capability. This includes the sale of any parts or accessories prohibited for sale by the National Firearms Act or other federal or state law, including items related to short-barreled shotguns or short-barreled rifles, fully automatic weapons, large-capacity magazines, multi-burst trigger activators and camouflaging firearm containers.

AMMUNITION

You may not use PayPal to buy or sell high-capacity magazines (those which hold more than 10 rounds), ammunition with propellant (e.g., gunpowder), or blank ammunition. The term "ammunition" means ammunition or cartridge cases, primers, bullets, or propellant powder designed for use in any firearm.

end of cut and paste.

They define an Ar-15 as an assault weapon, so any accessory for your AR that you attempt to sell using Paypal is a violation of their policies and will get you banned if it comes to their attention. The ban on high caps speaks for itself.

Steve, sorry for this thread drift, but I think it is important for people to read what Paypal stands for and understand what sort of company they are dealing with when they use it. It seems like people tend to look the other way when dealing with Paypal when they are unashamedly anti gun, in this instance standards are compromised when passions are so high when dealing with other anti 2nd amendment companies.

Edited November 20, 2006 by Cactustactical

[George]

I always know what I am dealing with because I make the choice after "carefully" looking at the options ;-)