Web Hosting Talk : Web Hosting Main Forums : Ecommerce Hosting & Discussion : Setting up an ecommerce site, my head is swimming...

[ylee21]

Thanks in advance for any help you can provide...

Here is my situation, I am starting an ecommerce website and am new to the whole process. I am an ASP developer, so I went with a Windows hosting site, APlus.net. I also got the shopping cart Comersus, again since it was ASP and I knew I could modify it. So far so good.

Now I am on to SSL and payment gateways. Here is one question, should I go with the SSL cert offered through APlus as part of my hosting plan or get one through GeoTrust or verisign? Is there a difference?

Second, I was thinking of going with 2CO for payment gateway since there is a deal for Comersus users, but what is the general consensus on 2CO?

I am a US citizen, this will be a US company and website. So, any recommendations for SSL and/or gateways? Also, what is a standard percentage fee for CC processing?

Sorry this is a little rambling, I am just trying to get a grasp of all the steps needed to set up this site.

Thanks!

[Ariel74]

If you're a US citizen, and you have decent personal credit, you might want to look into a merchant account as opposed to 2CO. 2CO charges around 5.5% per transaction, but a merchant account will be somewhere from 2% - 2.5% for Internet transactions. Not only that, but 2CO and similar "3PP"'s tend to hold your funds in "reserve". As long as you're not a high risk merchant, the funds are typically deposited nightly from a merchant account and show up in your bank account in 1-2 days.

[alternatech]

Great information Ariel74.
I wanted to recommend a processor which can set you up with a shopping cart, gateway and merchant account. I have used them in the past and they were fantastic. They handle both traditional and high risk accounts. Very good customer service as well and completely competitive rates. Also, they were not a third party and provided me with a free shopping cart. PM me if you would like more information.

[RaTz]

and as for the ssl's - it really depends on you. there's certs that sell for like 20 bucks but generally geotrust & verisign are considered top of the line and score good with customers shopping at your site. thawte isn't bad either. you can get a decent cert for about 100$ im not sure how much your hosting provider is asking for?

[pulszar]

I think the one from his host that he's talking about is a shared SSL. You probably want to buy one from GeoTrust or Verisgn

[jmacgre]

I have further questions which may confuse things, but worth a review so both ylee21 and myself can learn more. I am also setting up e-commerce. i want my site to look self-contained so the payment processing is like https://mysite.com or https://secure.mysite.com would be acceptable too, but not https://somebodyelse.com/mysite/. Beyond that, I want the absolute cheapest solution I can find. I don't understand shared SSL versus SSL from a variety of other sources, nor PGP or MD5 encryption -- can these also be used in processing orders online? Self-generated certificates are free... why not use one of these? What do I get for the $100 fee to a certificate provider? What's the value of a name? And, is there anything I should know about payment gateways to help me gauge the risk or possibility that *they* could compromise my customer listings, private data like emails addresses, and (oh, the horror) credit card numbers. Are there metrics and audits and safeguards beyond just reputation?? What are the odds of finding a "new" and "cheap" payment gateway which is also ethical?

[jmacgre]

In particular, I am trying to simplify by looking at companies like AIT.com where they "do it all" by operating several arms of business - Certificate issuer, Payment gateway, Merchant Account - a one stop ecommerce shop. Should this worry me? Is there any reason, any conflict of interest or legal reasoning why these components have not traditionally been consolidated under one roof?

Sorry so many questions -- all help appreciated!

[ylee21]

Thanks for all the help so far, this forum is great.

APlus will give me a non-shared SSL for 69 bucks a year, it sounds like the difference between that and verisign and thawte is just money and name recognition. I don't put much weight behind name recognition right now, so I will go with the cert from APlus.

Now on to gateways. I did some searching in the forums and it appears most people do not recommend third party providers ("3-PPP"). That rules out 2CO, would anyone have a recommendation for a good non-3-PPP that I could use? I am willing to pay a bit more in rates if the provider has higher ranking in credibility. Also, does it matter who I have my business checking account with to use any payment providers?

Thanks again!

[pulszar]

I've been doing alot of research on starting up an ecommerce biz myself and although I don't know everything, I do know that if you are looking for the absolute cheapest, most "cost effecient" solution, you will probably be disappointed (you get what you pay for).

If you want to run a serious online store, I would spend the extra cash and hook up with a trustworthy merchant/gateway company (but with reasonable rates) and spring for a real SSL from GeoTrust or something.

It might be more money upfront instead of profits but in the long run you will probably have more customers and return customers. Personally I always dodge websites that look shoddy and not secured.

[bhafer]

I use godaddy.com for my ssl certificates. You can't beat $19.95 per year:
https://www.godaddy.com/gdshop/ssl/ssl.asp

As for merchant services I use e-onlinedata. It's a great 2.29% rate:
https://www.e-onlinedata.com/hts

Good luck in your search!

[RaTz]

Quote:

Originally Posted by jmacgre

I have further questions which may confuse things, but worth a review so both ylee21 and myself can learn more. I am also setting up e-commerce. i want my site to look self-contained so the payment processing is like https://mysite.com or https://secure.mysite.com would be acceptable too, but not https://somebodyelse.com/mysite/. Beyond that, I want the absolute cheapest solution I can find. I don't understand shared SSL versus SSL from a variety of other sources, nor PGP or MD5 encryption -- can these also be used in processing orders online? Self-generated certificates are free... why not use one of these? What do I get for the $100 fee to a certificate provider? What's the value of a name? And, is there anything I should know about payment gateways to help me gauge the risk or possibility that *they* could compromise my customer listings, private data like emails addresses, and (oh, the horror) credit card numbers. Are there metrics and audits and safeguards beyond just reputation?? What are the odds of finding a "new" and "cheap" payment gateway which is also ethical?

a shared certificate is one that is installed on the server by the host and all sub users have access to it for their site. when customer browses the site they see the host's certificate. it is still secure just under their name.
well if you want to do it all proper, i would get a geotrust ssl but if its out of your budget at least get one of the cheaper alternatives instead of using the shared one. from personal experience, when shopping online i like to see a trustworthy certificate installed on the site and providers like geotrust and verisign will certify your business etc. and put all that info on the cert for your customers to feel safe and comfortable etc. plus u get the name - a verisign or geotrust ssl. oooo

payment gateways are quite secure. most offer fraud protection tools and a bunch of extras to sweeten the pot but for the most part, you can trust them with cc numbers and emails etc. and i wouldn't exactly look for new and cheap.
just for example purposes: authorize.net with 2%, 0.25, and $20-25 monthly isn't expensive by most standards. linkpoint offers almost same with no transaction fees. there's different providers. shop around you can definately get cheap but good accounts. in the end it is up to you to decide which company you want to trust your money with.

[ylee21]

RaTz, bhafer, thanks for the help. I will check out your recommendations and go from there, thanks again to everyone who replied!