CAll Us: +1 888-999-8231 Submit Ticket
What Is PCI Compliance? – Hostdedi Blog

What Is PCI Compliance? – Hostdedi Blog

When it comes to processing payments online these days, most people don’t even bat an eye. Shoppers are paying with credit cards, over email, and through Facebook, but for ecommerce sites, payment security risk aversion is integral to how they do business.

Here’s how to make sure that your clients’ sites are staying compliant, and what to do when you’re dealing with an out of date application that’s reached end-of-life.

What does it mean?

First of all, let’s get our heads around what PCI compliance even means.

Originally set by the major credit card companies, the PCI Security Standards Council formed these parameters for payment processing compliance to protect their cardholders from security threats and fraud.

Using a set of qualifications to determine the safety of a point of sale terminal or ecommerce website, these standards are now mandatory best practices between businesses who process card payments and their customers.

The standards for PCI compliance are as follows:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks 
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

For developers, a separate set of standards has been set by the PCI SSC to ensure websites are processing electronic payments securely:

  1. Do not retain full magnetic stripe, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data
  2. Protect stored cardholder data 
  3. Provide secure authentication features 
  4. Log payment application activity
  5. Develop secure payment applications
  6. Protect wireless transmissions
  7. Test payment applications to address vulnerabilities
  8. Facilitate secure network implementation
  9. Cardholder data must never be stored on a server connected to the Internet
  10. Facilitate secure remote access to payment application
  11. Encrypt sensitive traffic over public networks
  12. Encrypt all non-console administrative access
  13. Maintain instructional documentation and training programs for customers, resellers, and integrators
  14. Maintain instructional documentation and training prog

Penalty fines for non compliance can range between $5,000 and $100,000 a month, and inevitably wind up being the merchant’s responsibility. Additionally, merchants can face steeper transaction processing fees, or even the inability to process electronic payments for their customers in the future for non-compliance.

What Developers Need to Know About PCI Compliance

Thankfully, payment applications and payment gateways have taken care of much of the technical side of ensuring that payments are processed securely. As a developer or site builder, your primary responsibility where PCI compliance is concerned is to ensure that your applications meet the PCI SSC’s standards and stay up to date.

PCI compliance standards are determined by the volume of transactions which a merchant processes. The merchant is assigned a compliance level requirement based on the volume of business that he or she does, and the security of their sites may be tested by an approved scanning vendor, or ASV.

Source

Ecommerce sites fall under PCI SAQ 3.1 and have the following standards:

Whether your client requires an ASV really depends on which payment processors and ecommerce applications you’re running their site on. These charts depict the flow of data, so that you can determine whether your client’s site will need an ASV or not.

The burden of site security is ultimately on the site administrator, which may be you. If that’s the case, the strongest prevention for noncompliance is pretty straightforward:

  • Make sure plugins stay up to date
  • Ensure that software updates and security patches get installed
  • Maintain stringent server security standards
  • Make sure ecommerce applications are up to date

What End of Life Means for PCI Compliance

Recently, Magento 1 reached end-of-life, putting thousands of ecommerce sites into a compliance grey area when Adobe stopped issuing official security updates.

While the ecommerce application itself represents only a small part of what PCI compliance truly entails, for merchants still running their ecommerce sites on Magento 1, the important thing to note is there will no longer be security patches and updates issued for the platform. They’re on their own unless they’ve invested in a solution like Hostdedi Safe Harbor

This primarily applies to number seven in the list of PCI compliance measures for developers:

Test payment applications to address vulnerabilities.

With Magento no longer looking after security updates for Magento 1 users, it begs the question: can an ecommerce site be PCI compliant on an ecommerce application that’s reached end of life?

Yes. Hostdedi has done it with Safe Harbor. 

What to Do When a Platform Reaches End of Life

Magento was built on Hostdedi servers. When Magento 1 started approaching end of life, our engineering team jumped to work developing a solution that would allow merchants to decide for themselves when to migrate.

For many Magento 1 store owners, making the move to Magento 2 in the wake of COVID-19 wasn’t financially realistic. Site migrations are expensive and complex, and with so much upheaval and uncertainty, many were understandably scared to make the leap.

So the engineering team at Hostdedi came up with a compromise. Hostdedi Safe Harbor was built to address Magento 1 end-of-life, keeping ecommerce sites and stores owners PCI compliant until at LEAST the end of 2021, so they can migrate on their own time.

With regular security patches made by the team who literally started with Magento, Hostdedi is able to keep Magento 1 sites and stores PCI compliant until they’re ready to make the switch.

End of life doesn’t have to mean the end of PCI compliance.

Get more time, and keep customer data safe with Hostdedi Safe Harbor.

Click here to learn more about Hostdedi Safe Harbor, or open the chat window at the bottom right of your screen to speak to sales.

Source link

Ecommerce Trends for 2020: A Season Like We’ve Never Seen Before

Ecommerce Trends for 2020: A Season Like We’ve Never Seen Before

2020 has been a whirlwind year for ecommerce. Ahead of the holiday shopping season, we’re already looking at an 18% spike in revenue for the industry this year, and ecommerce is expected to reach $4.13 trillion in 2020.

The stampede of brick and mortar businesses into ecommerce has been astounding. Early predictions show that retail’s expected decline will be around 10.5% by the end of the year, more than QUADRUPLE earlier predictions.

While the economic fallout from COVID-19 has been catastrophic, one thing’s for certain: ecommerce. Is. BOOMING. Online orders are up 80% since January, and even in a pandemic, the predictions look promising.

Ahead of that growth are trends that are setting the stage for an online shopping experience that’s more immersive and personalized than ever before. 

Let’s talking about the top 8 emerging trends.

1. Chatbots Are the New Virtual Shopping Concierges

The rise of the chatbot is reaching its apex in 2020, with 80% of ecommerce businesses predicted to integrate some form of the tool by the end of the year – and they’ve come a long way. With the integration of AI and machine learning, chatbots are getting better at understanding language and providing helpful responses.

With more than half of customers expecting 24/7 support, chatbots help make sales while support teams sleep, reducing costs by as much as 30% for ecommerce companies.

2. AI-Driven Product Recommendations Are Driving CRAZY Spikes In Revenue

In addition to innovations with chatbots, artificial intelligence is being used to enhance product recommendations for retail marketplaces such as Amazon. On Amazon’s platform alone, product upselling through these recommendations accounts for an ASTOUNDING 35% of overall revenues.

Early data shows that these types of recommendation enhancements can increase conversion rates for ecommerce sites by as much as 915%.

3. Buy Online Pick Up In Store Is Where It’s At 

For order delivery time, the bar has never been higher. Ninety-percent of shoppers say that a delivery date of more than two days has deterred them from purchasing a product before (thanks, Amazon).

BOPIS (Buy Online Pick Up In Store) is a type of shopping that allows a shopper to purchase something online, and then pick it up locally. Forty-eight percent of shoppers reportedly use BOPIS to counter expensive shipping costs, and over 40% use it to get items in time for the holidays.

With such strong numbers, ecommerce companies are scrambling to adopt the practice. According to BigCommerce, 61% of retailers mark BOPIS as at the top of their list for investments in the next year.

4. Direct to Consumer Numbers Have Never Been Stronger

When Amazon shuttered purchasing of nonessential goods in early 2020, consumer goods wholesalers were left in a panic as huge portions of their revenue disappeared overnight.

Now to avoid the uncertainty of ebbing and flowing consumer demand, many B2B wholesalers are pivoting towards a direct to consumer, or DTC model. The industry’s growth initially had flatlined as investment capital began to dry up, but is now seeing a surge again, and is projected to hit $18 billion in 2020.

Learn More About DTC Ecommerce

5. Livestream Ecommerce Is Making Its Debut in the US

There are quiet stirrings of an ecommerce trend that’s done exceedingly well in China finally setting up shop in the United States. Called the QVC of Gen Z, live commerce platforms enable video viewers to watch product demonstrations in real-time and make purchases within the app, typically with no interruption in the video feed.

The shopping and streaming experience is simultaneous, and is attracting the attention of American venture capitalists – and it’s no wonder. In 2019, live commerce hit a whopping $63 billion in China.

6. Smartphone Shopping Numbers Are Surging

The move to mobile has seen a slower transition in ecommerce than it has for content consumption, but we’re finally reaching the tipping point. At this point, 51% of purchases are now happening on smartphones, leading developers to focus on progressive web apps for ecommerce customers.

PWAs keep the UX consistent from desktop to mobile, reducing customer dropoff and keeping the UI consistent and easy to use. Statistics show that the use of PWAs in ecommerce has a dramatic impact on conversion and bounce rates, with some companies seeing an increase in the former of 30%.

Learn More About PWAs

7. Incredible Front End Customization for Personalized Experiences

Personalized ecommerce is at the forefront of innovation for 2020. A new trend known as “headless ecommerce” allows developers to fully offload the front end of their website from their platform to allow for fully custom coded personalization.

This practice allows for unparalleled personalization not previously allowed within the constraints of most ecommerce applications, paving the way for a personalized shopping experience set to rival segmentation.

Studies show that personalization has a unique impact on a shopper’s likelihood of purchasing a product, with more than 80% being more likely to purchase from personalized ecommerce sites.

8. Virtual Showrooms Are Digitizing Retail Stores

If virtual reality was on the rise before, COVID-19 has pushed it full force into deployment as a virtual shopping experience for ecommerce brands and retailers.

In 2020, the rise in experiential ecommerce and the requirement for connection with a brand was the driving force behind such innovations as virtual showrooms and in-store experiences. With the capability to digitize their brick and mortar locations, high-end retailers are able to allow their customers to literally shop the store online through virtual reality.

According to Obsess, a VR and AR firm specializing in digitized retail, 78% of millennial shoppers are in favor of a virtual reality experience in their shopping apps.

“While the foot traffic is low to the stores, Obsess is enabling retailers to quickly make their retail stores shoppable ‘remotely’,” says Amrita Maria, champion of business development at Obsess. “With Obsess, our clients are showcasing their collections to their buyers globally, who are not travelling to fashion capitals this season by creating 3D 360 photorealistic virtual showrooms in which buyers can experience the collection and get the full brand experience.”

With numbers this strong, ecommerce companies have never been more interested in investing in their websites. Find out how Hostdedi can help you support ecommerce innovations like PWA with powerful hosting solutions.

Explore everything Hostdedi has to offer with our Managed WordPress or Managed WooCommerce 14 Day Free Trial.

Source link

Why DTC Ecommerce Matters More Than Ever Today

Why DTC Ecommerce Matters More Than Ever Today

In 2020, DTC ecommerce has proven to be another sensible way to reach your customers, and many brands are looking at starting from B2B and transitioning to direct to consumer.

Those of us working in ecommerce have been seeing the shift for a while now. As more and more stores transitioned their inventory online, the ecommerce boom wasn’t just happening – it was inevitable.

Fast forward to spring of 2020 though, and NOBODY could have predicted what happened next. 

Massive store closures triggered the single largest exodus from brick and mortar the world has ever seen, with more than 100,000 small businesses in the US alone closing for good as a result of the COVID-19 shutdowns.

But small businesses weren’t the only ones to take a hit. Larger retailers like Neiman Marcus have filed for bankruptcy in the last few months, and that list continues to grow.

All things considered though, the pandemic has thrown into sharper relief the need for a stronger ecommerce presence for many of these retailers. Record-breaking numbers are rolling in for ecommerce for 2020, including a growth spurt that put the industry four to six years ahead of schedule.

The Problem With Wholesaling During COVID-19

Even in spite of many shoppers setting their sights online, manufacturers saw major hits to their B2B sales as brick and mortar stores shut down. Those relying on wholesale relationships to float their revenue took devastating hits in the midst of the shutdowns.

As consumers turned to ecommerce sites like Amazon though, the fallout continued. In mid-March, Amazon restricted their B2B purchasing of nonessential goods in the wake of unprecedented demand for household staples.

As Amazon made room in their warehouses for hand sanitizer and toilet paper, purchase orders for nonessential goods rolled to a trickle or stopped completely, and manufacturers saw B2B sales plummet.

In the scramble to recover these revenue losses and brace for a potential second wave of retail shutdowns, many manufacturers are turning to DTC ecommerce models.

What Is DTC and a DNVB?

DTC stands for direct-to-consumer. It’s an ecommerce model wherein the brand sells directly to consumers, rather than through retailers, essentially cutting out the middleman. Some DTC evangelists will tell you the goal is to handle production, sales, distribution, and marketing under one roof and never go wholesale, but in 2020, it’s proven to just be another sensible way to reach your customers, and many brands are looking at starting from B2B and transitioning to DTC.

A DNVB is a digitally native vertical brand that starts this way. Best typified by brands like Avocado Green Mattress and Allbirds, DNVBs typically start with a simple product line (typically one or two options), clear, crisp branding, and a strong mission-driven component.

With brick and mortar sales remaining unstable and manufacturers now dealing with the fallout from their Amazon backlogs, DTC ecommerce is looking more attractive all the time – and consumers are taking notice, too.

Mission-Driven Shoppers Are Fueling the Fire

Interestingly, DTC brands are creating evangelical customers and devoted fan bases centered around two things:

  1. Amazing products
  2. A unifying brand mission

Consumer data shows that millennials now make up the majority of buying power in the US, and are 63% more likely to purchase from a brand because of their mission and values. 

This data, coupled with the boom the DTC sector has seen from innovative consumer goods startups has created a replicable business model that’s looking all the more attractive to manufacturers who entered the industry through wholesaling.

Four Components of a Successful DTC Ecommerce Site

Over and over again, we see brands killing the game in DTC ecommerce, and the best of them have a few things in common:

  1. Clean branding. Visually-driven shoppers respond to powerful messaging and clean logos. Brands like Tushy and Anese are leading the pack with memorable branding that leaves a mark in a saturated market.
  1. Smooth UX. At Hostdedi, we know that an ecommerce site’s performance is directly linked to its ability to generate revenue. The best DTC ecommerce sites have an intuitive layout, load fast, and have a smooth interaction with their shoppers.
  1. Simple product lines. They say simplicity sells, and that’s certainly the name of the game in DTC ecommerce. Strong DTC brands typically have one or two flagship products they make their mark with and expand on.
  1. Strong missions. The data supports that today’s consumers are more conscious of their purchasing decisions than ever. Making your mission clear and building your brand around it (instead of as an afterthought) will literally win you more sales, and good karma.

Is It Time for You to Go DTC?

If COVID-19 has taught us anything in ecommerce, it’s that you can’t have enough backup plans. Diversifying how and where you sell your products makes all the sense in the world. Those high-volume retail POs may seem nice for a while – until they vanish, and your revenue vanishes with it.

Build resiliency, connect with your customer base, and get in on the thrill that is DTC ecommerce. Talk to one of our experts today about what it would take to get your brand online and selling DTC.

Source link

Hostdedi Magento Cloud vs. Magento Commerce Cloud

Hostdedi Magento Cloud vs. Magento Commerce Cloud

One of the misconceptions about the Enterprise version of Magento 2 is that you have to use Magento Commerce Cloud for hosting. Or that Magento Commerce and the AWS-based Cloud solution are one and the same thing. Magento Commerce Cloud hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Enterprise Magento Commerce store, or your Magento Open Source Store with features for professionals like high scalability, development/staging environments, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce Cloud was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce Cloud includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce Cloud is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem with your website, you first have to bring it to Magento Commerce Cloud team. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to Platform.sh – the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce Cloud is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by siege testing Nginx vs Apache and settling that debate. We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce Cloud, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

The eCommerce Guide to International Shipping Costs

The eCommerce Guide to International Shipping Costs

If a product in your ecommerce store has global appeal, start thinking about a plan for shipping internationally. Shipping overseas isn’t the same as shipping within the country. 

Here’s a primer on the customs issues, international shipping costs, and other logistics you’ll manage as you begin shipping around the globe. Keep in mind that there’s rarely universal truth in international shipping. Get individualized quotes for your own products so you know how much it’ll really cost. 

What is international freight and what is the cheapest international shipping? 

Since shipping overseas is usually more complicated than domestic shipping, international freight logistics can present some unique challenges for eCommerce businesses. Some companies specialize in international freight and handle the logistical challenges for you. 

For small orders sent to your customers, you probably won’t have to think too much about customs issues. Even if you do outsource this process entirely, however, it’s worthwhile to learn more about how international shipping works for your products. You’ll be more adept at troubleshooting and improving your shipping processes. 

Shipping domestically can be very straightforward. You pay a single amount and your package gets delivered. But costs associated with international shipping may include the following: 

  • Customs charges 
  • Customs brokerage costs
  • Ground transportation
  • Maritime transportation
  • Air transportation 

When you ship, you’ll need to choose a carrier to transport your package for you. There are three different types of carriers, and they all work a bit differently. They also frequently work together. Even if you choose one of these, it’s possible that your carrier will contract out part or all of the shipping to another one on this list. 

International Carrier 

If you choose an international shipping carrier such as FedEx or DHL for the entire route, some or all of your shipping costs may be rolled into your postage. International carriers are responsible end-to-end for shipments and generally permit more visibility across the entire process than a national carrier working with a shipping partner would. 

This option may be more expensive than the other two and doesn’t necessarily allow you as much flexibility, but it’s likely a simpler and less time-consuming choice. 

National Carrier

A national carrier handles your packages within a specific country. They may not provide service outside that nation’s borders, or they may contract with local carriers to transport packages through other countries. You can work directly with a national carrier, but you’ll need to ensure that someone is still transporting the packages once they leave national borders. 

One example of a national carrier is the United States Postal Service (USPS). USPS has international reach by working with local partners to transport your packages. When a partner is delivering a package, USPS may not allow as much visibility into the shipping process which means you may not have access to much information when you ship internationally. 

For a small package that only weighs a few pounds, choosing a national carrier might be cheaper than your other options. Larger or heavier packages may be better off with an international carrier or freight forwarder. 

International Freight Forwarder

A third party can organize the handoff between USPS and the final carrier while also handling any customs issues. This is what an international freight forwarder does. They have permission from you to take on freight and have their own agents handle the customs and shipping logistics along the way. 

You could use multiple carriers and arrange the logistics yourself but in practice, this may be too complicated and time-consuming. That’s where outsourcing can make sense. For example, you may decide to ship a package from within the U.S. to the Canadian border through USPS, then have another carrier take it from there. 

Cheapest Way to Ship Internationally

Shipping to other countries is not just one process. There’s so much that depends on the country. To send your products overseas, consider the end country destination and plan accordingly. 

Consider these country-specific sections for more information. This is just a starting point, so be sure to do your own research just to be safe. 

Cheapest Way to Ship to Canada

Shipping to Canadian consumers can be complex. Although you generally shouldn’t have a problem shipping to most Canadians, Canada is a diverse country with a variety of different shipping arrangements and options. Some Canadians live in very isolated, rural areas that may make shipping a more expensive process while others are in urban areas with an abundance of affordable shipping options. 

Retailers must be prepared to work hard in order to win Canadian customers. Having convenient shipping is a good start. Whatever you can do to make purchasing from you easier is probably worthwhile. 

Online purchases made by Canadians do incur customs duties and other taxes, and paying these is the responsibility of the buyer. Although these costs are not coming out of your own pocket, you should know that these expenses do directly impact how much your shoppers can spend with your business. By keeping costs for your customers low, you could even offset some of these expenses and make it more likely that you’ll win their business. 

Besides import costs, Canadians also pay sales taxes for their province and a Goods and Services Tax (GST) to their federal government. GST represents 5%  of the total. Local sales taxes bring this amount higher. 

If your products are relatively cheap, you probably won’t lose business because of import duties. Recent updates to customs processes and costs mean that Canadian customers ordering from American businesses are exempt from paying customs costs on purchases up to $150 CAD, with some exceptions. This is up from the previous $20 CAD limit set in 1985. The old $20 rules still apply with items shipped through Canada Post, so keep in mind the larger limit only applies to private carriers such as FedEx. 

When you ship to Canadians, you have a lot of options. 

Shipping Options for Sending Items to Canadian Buyers

Canada Post, the national postal service, is one great option for retailers. You can also use FedEx, UPS, DHL or Purolator. Here’s where you may also want to consider Canadian geography when you’re shipping. Some of your customers may live in isolated communities and you may need to account for longer shipping times. As a result, some carriers such as FedEx, have different policies within Canada. FedEx Ground ships in four days or less within the US, but in Canada, takes up to seven days for shipments. 

You can use an individual carrier or use a multi-carrier shipping option that hands off packages to a new carrier at the border. Although the usual U.S. carriers you’re probably familiar with are available, the additional choices you gain within the Canadian border may be worth it. Purolator, for example, is known for reliable next-day shipping by 9 a.m. and 10:30 a.m. to Canadian addresses. When shipping packages, having this option available to customers may be a helpful selling point. 

Cheapest Way to Ship to the U.K.

In the U.K., eCommerce businesses have several options for shipping within the country such as the Royal Mail and DHL. You also have UPS international, FedEx, and even USPS international shipping. Shipping to the U.K. can be an expensive venture with a USPS Small Priority Mail Flat Rate box costing $36 and a Large Flat Rate box costing $94. Your costs will certainly be higher than shipping domestically, but that doesn’t mean shipping to the U.K. is completely cost-prohibitive for retailers. 

Imported goods need to follow the U.K. guidelines. Some of this may involve more work and recordkeeping on your part unless you outsource part or all of this process. 

You should find out if you’ll owe Value Added Tax (VAT) and have to collect it for your customers. Many eCommerce sellers are required to create their own VAT registration and request information from customers to help with location verification and tax reporting — even if you’re not based in the U.K. 

These rules may change. At time of writing, the U.K. was planning to leave the European Union which could result in different policies. 

Cheapest Way to Ship to Australia

When you’re shipping to Australia, you have several options. You can use an international carrier such as UPS, FedEx, or DHL. You could also use USPS. With Flat Rate International options available, you can reduce your costs for shipping a package to Australia. 

Customs costs may not be as much of an issue for you if your products are valued at less than $700 — which is about the minimum taxable amount for Australians who are buying products online and having their purchases shipped. GST imposed by the Australian government applies for more expensive purchases. 

If you use a freight forwarder or shipper, they’ll provide a Self-Assessed Clearance (SAC) Declaration for the Australian government when your package arrives at the border. Otherwise, you’ll be responsible for providing the SAC. 

Cheapest Options for International Shipping

You can streamline your international shipping and save money by creating a process. If you want a game plan for how you’ll ship internationally when orders arrive, take the time to decide in advance which countries you’ll be selling to, and create a system for taking care of shipping. As your business operations grow, you may need a more formal internal process for packaging and shipping including designated job descriptions for team members you have in charge of the process. For automated or outsourced shipping, plan how you’ll transport packages to the carrier, or sign up for a pick-up service. 

Your cheapest overall option may be outsourcing your shipping to a service such as Parcel Monkey or Easyship. These services can take advantage of volume discounts on international shipping and pass the savings along to you. In some instances, this can cut half of your shipping costs. 

Before you make any shipping decisions, carefully consider your options and find out what every shipping service has to offer for your business and your customers. 

Choosing the Best International Shipping Service

Business owners should shop around and consider several important factors when looking for the right shipping service. Start with an example order and calculate the cost and options offered by several different carriers. 

Before you make a list of carriers to compare, you may want to consider what you’ll need in a package shipping service. Specifically: 

  • Product categories you ship
  • Countries you ship to 
  • Countries you plan to ship to later as your business grows 
  • How much of the regulations and customs process you need to outsource 

See how every option stacks up against the others and note any questions or concerns you have for further research. Of course, you’ll also want to compare: 

  • Price
  • Arrival time 
  • Convenience for your customers
  • Shipping experience for you 

Every time you ship internationally, you have the option of using one single carrier or using a multi-carrier shipping option. 

Automating Your Shipping with the WooCommerce Shipping Plugin 

If you’re using WooCommerce, a shipping plugin can help you ship more efficiently. Balance multiple carriers along with a busy array of incoming orders and have costs calculated for you. A variety of different plugins are available with various features designed to make shipping calculations easier and enable quick comparisons among carriers. 

With a plugin, your site can calculate shipping rates accurately and provide customers with multiple choices. This feature allows you to provide different price points and shipping times so buyers can make their own decisions. 

Once you’ve automated your shipping, your online store can run with less guesswork and greater simplicity for both you and your customers. 

Source link

Hostdedi Magento Cloud vs. Magento Commerce

Hostdedi Magento Cloud vs. Magento Commerce

One of the misconceptions about Magento is that you have to use Magento Commerce for hosting. Or that they are one and the same thing. Magento Commerce hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Magento store with features for professionals like high scalability, staging websites, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem you first have to bring it to Magento Commerce. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by recommending Nginx instead of Apache (which for a company specializing in LAMP stack is pretty radical). We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. But Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

Financial Health for Your eCommerce Business

Financial Health for Your eCommerce Business

So you’ve got a great product, and a great website to sell it, but does your eCommerce business have the right financial processes in place to survive? 

According to a recent survey by Small Business Trends, about 90% of eCommerce businesses fail in their first 4 months. Process-related issues like “running out of cash,” and/or “price and costing issues” were cited by at least a third of their respondents – circumstances that are often preventable by developing & sticking with business procedures.

These processes and procedures are often collectively referred to as “financial hygiene.” Just like our personal hygiene keeps us healthy, we need to maintain good financial habits to preserve our financial health. 

  • Hire a CPA When Launching Your Business
  • Open Your Mail 
  • Maintain Accounting Controls
  • Reconcile All Financial Accounts
  • Anticipate Expenses
  • Keep an Eye on Debt

Hire a CPA When Launching Your Business

A Certified Public Accountant (CPA) can help you set your business up correctly. If you’ve already launched, he or she can still get your bookkeeping going in the right direction before costly problems arise. 

It’s true that software like Sage and Quickbooks make it easy to do your own bookkeeping. In fact, most CPAs are happy to help you learn how to work with accounting software. But failing to properly set up your chart of accounts can leave you in the dark, with a setup that’s poorly designed for your particular industry or situation.

As an example, I once served on a board where the accounting software wasn’t telling us anything about our financial position. All of our revenue went into one account called “general revenue,” and all of our expenses came out of one account called “general expenses.” Sure enough, our reports were pretty meaningless. 

The Meaningless Company’s income statement only shows general revenue and general expense. It tells you nothing.
The Meaningless Company’s income statement only shows general revenue and general expense. It tells you nothing.

Establishing a few accounts that captured how our funds were coming in and going out made our finances come alive.

The Meaningful Company’s chart of accounts allows much more information to flow to the income statement.
The Meaningful Company’s chart of accounts allows much more information to flow to the income statement.

Same bottom line, but just a few minutes spent looking at it could tell you:

  • Left handed widgets are far less profitable than the regular ones (compare sales and the cost of making them)
  • Even though you took in more money than you spent, you lost money selling widgets. Selling a piece of equipment masked a serious shortfall.

Proper bookkeeping throughout the year allows you and your CPA to anticipate your tax liabilities and plan ahead. It also makes the process of creating your tax return relatively simple, because your business expenses are already properly allocated to the right categories, like automotive expense, travel expenses, meals, and so on. 

Without proper bookkeeping, your expenses must be figured out after the fact (if you still can). Many deductions are lost because a business owner did not keep adequate records and receipts to attest to them.

A CPA or a qualified business consultant should also help you develop realistic budgets and goals for your business, so that you can develop forecasts and know how much capital you need to launch your business.

Open Your Mail

You might be surprised how many business owners neglect to open their mail (whether electronic or postal) and take care of it. Sure, much of it will be junk, But taking care of your bank statements, government notices, and customer correspondence will keep your business on track and keep small problems from turning into bigger ones. 

For example, a government notice that your sales tax payment is missing generally comes with a small penalty and interest charge – if you catch it the first time – but these costs soar if you ignore the initial notices.

Set aside a time at least once a week (preferably more often) to go through everything and process it:

  • Pay bills
  • Deposit checks 
  • Respond to customer complaints or concerns (even the difficult ones)
  • Respond to vendor, bank and government notifications

You may think the advice to “deposit checks” above is unnecessary. But I was once asked to shred a number of old documents for a client, and found almost a dozen unopened envelopes with checks in them totaling over a thousand dollars – checks that were now long out of date.

If something comes in that you simply don’t understand how to handle, talk to your CPA or another trusted advisor. One of my college instructors gave my class simple advice that has always stuck with me: 

“Bad news doesn’t get better with time”

Maintain Accounting Controls

As your business grows, the items mentioned above are often the first things a business owner wants to delegate. However, maintaining good accounting controls dictate that you, the business owner, personally perform certain tasks whenever possible. 

If you have someone else writing your paper checks, you should still sign them. You may have someone else reconciling your bank statements, but you should still read them. The mundane task of checking the PO box has saved more than one business owner from continued fraud or theft within their organization, because they noticed an invoice or other document that didn’t make sense and tracked it down.

Reconcile All Financial Accounts

Reconciling bank and credit card statements should be performed monthly. Reconciling statements means comparing them to your records to ensure the totals are the same. Online banking and the daily transaction download to your accounting software is a good thing, but reconciling keeps your records accurate and provides a check on whether the amounts being stated are going where you believe they’re going. 

For example, Quickbooks may assume that a downloaded transaction for $100 matches a transaction you’ve already entered for $100. But those amounts may just happen to match, and in fact the transaction you entered may still be outstanding. 

Reconciling accounts forces you to track down all of these transactions, and is also a second chance to notice where payments have been made. For example, you may have thought you put Google AdWords on hold, but find that it’s still being charged to a credit card.

Taking inventory of your finished goods, work in progress, and raw materials periodically also helps you to keep your business records on point – and can help you discover it if things are going missing.

Anticipate Expenses

Some expenses, like ordering inventory and paying shipping bills, are predictable. Others, like payroll, taxes, and loan payments, come in at different times (weekly, bi-weekly, monthly, quarterly, or even annually). 

It may be tough to keep track of how much you will owe at different times. To make it even more tricky, payroll expenses are often automatically deducted from your account, ready or not!

One solution for this is to maintain a cash flow forecast that accounts for all anticipated future expenses in the next few months. Another approach that many business owners use, especially for payroll expenses, is to maintain a separate bank account. By transferring the gross (i.e. total) amount of payroll expense to it each pay period, the business owner can effectively save up for monthly and quarterly payroll taxes as they come due. 

Dedicated checking accounts are also sometimes used for significant business expenses like inventory. Depositing a portion of the money from all sales into an inventory checking account means you are always financially ready to order more inventory.

For expenses that are predictable, but that will be realized at somewhat unpredictable intervals (like the payroll and inventory examples), the additional bank accounts are preferred by many business owners because they provide a clearer picture of where they stand, without having to make calculations on the fly. 

For example, if you need a new $2,000 computer in a hurry, you have $6,000 in the main bank account, and you know that your next payroll is already transferred to the payroll account, you know you’re able to buy the computer. 

You’ll still need to do cash flow forecasting, but having a few dedicated checking accounts for those critical functions described above will help you stay organized, and your business should have money for your priorities.

Keep an Eye on Debt

A certain amount of debt may be inevitable in a business, especially when it’s starting up and/or growing. But unless you carefully monitor debt, your access to credit may mask serious issues with cash flow and profitability in your business. You may simply wake up one day and find that your credit cards and/or business line of credit are tapped out. 

To avoid this, you should monitor your debt – check your balances at least once a month to make sure they’re heading down, not up. Keep a spreadsheet so that you see how these balances are changing over time. Creeping debt is much easier to correct before it gets completely out of hand than it will be later when you’re running out of credit and paying a lot of interest.

Financial Hygiene – It’s Good for You!

You went into business because you had a great idea, not because you love accounting. Bookkeeping chores, reading emails, and other administrative tasks may feel like nothing but distractions from reaching your goals. But staying on top of them is the best way to control the risks you run in business!

Source link

Why WooCommerce is a Powerful Affiliate Marketing Platform

Why WooCommerce is a Powerful Affiliate Marketing Platform

The goal of ecommerce marketing is to expose a store’s products to people most likely to buy them. There are many ways to achieve that goal: display advertising, email marketing, content marketing, and more.
Affiliate marketing is one of the most popular marketing strategies: 80 percent of brands use affiliate marketing to promote their products. It’s also one of the most cost-effective; unlike display advertising or content marketing, there are few upfront costs because affiliates take on the burden of content creation and promotion.
WooCommerce is an excellent platform for building an affiliate marketing program. A WooCommerce store combines WordPress’s strengths as a content management system and WooCommerce’s sophisticated ecommerce features. With the addition of one of the affiliate marketing plugins we are about to discuss, WooCommerce is fully capable of supporting the largest and most complex affiliate marketing programs.

What is Affiliate Marketing?

Affiliate marketing provides rewards, typically a percentage of the value of a sale, to third parties that refer customers to an ecommerce store. The affiliate fees give marketers, bloggers, and other retailers an incentive to promote the store’s product. Amazon’s affiliate program is a great example. Many blogs and review sites are supported entirely by money paid by Amazon to affiliates who refer customers.
A retailer of high-end audio equipment might create an affiliate program to encourage audiophile blogs to write about their products, for example. The bloggers write reviews, make YouTube demonstration videos, and promote the products on social media. Because the blogger already has an audience of audiophiles, the products are promoted to customers who are already inclined to buy.
It would be expensive for the retailer to pay for social media promotion, blog articles, and video content, but with an affiliate program they don’t pay anything unless a customer is referred and buys a product.

How Does Affiliate Marketing Work?

First, a retailer creates an affiliate marketing program on their store. Then, prospective affiliates join the program. Affiliates are given links with identifying codes to use when promoting the store’s products. When a customer clicks on a link on the affiliate’s site, the store knows whose link was used. Any products bought by the referred customers are recorded by the store, and, at fixed periods, the affiliate marketer is paid their percentage of the sale value.
That’s the nutshell explanation of affiliate marketing, which can get a good deal more complicated, but with a decent affiliate marketing plugin, most of the details are automated. An affiliate marketing plugin also provides a range of analytics tools to help ecommerce retailers to optimize their affiliate program.

Affiliate Marketing Plugins for WooCommerce

There are many affiliate marketing plugins available for WooCommerce, but we’ll highlight two of the best, one premium and one free.

AffiliateWP

AffiliateWP is a premium affiliate marketing plugin with a comprehensive array of features and its own add-on ecosystem. AffiliateWP is designed to be easy to use, and anyone familiar with WooCommerce should have no trouble installing it and configuring a basic affiliate marketing program.
Standout features include excellent integration with WooCommerce and membership plugins, powerful affiliate management features and analytics with real-time reporting, reliable affiliate tracking, and handy asset management for providing affiliates with branded visual resources and text links.

Affiliates Manager

Affiliates Manager is a free WordPress affiliate plugin that integrates with WooCommerce and other WordPress ecommerce plugins. It’s not quite as feature rich or slickly designed as AffiliateWP, but it has all the features a WooCommerce user needs to recruit, manage, and track their affiliates.

Source link

6 Magento Alternatives You Should Be Considering After Magento 1

6 Magento Alternatives You Should Be Considering After Magento 1

Magento 1 (M1) will be sunsetting June 2020. While the eCommerce platform will still be accessible and usable by both merchants and devs, it will no longer receive official support from either Magento or Adobe. That means that for the 180,000 merchants running M1, the hunt for Magento alternatives is on. 

Are you unsure where to go once M1’s life draws to a close? Here, we’ll cover some of your options, along with the pros and cons of each. Hopefully, by the end of this article, you’ll have a clearer idea of where your next step on your ecommerce journey will take you. 


Don’t have time to read this now?

Download the After M1 eBook for a complete list of your best options – for when you do have time.


WooCommerce

You may be surprised by the first alternative on this list. You’re probably thinking that WooCommerce just doesn’t have the capabilities you’re looking for in a Magento alternative. This is especially true if you have any experience in WooCommerce and the WordPress space. And you may be right; WooCommerce isn’t as functional as Magento. However, it does have its advantages. 

WooCommerce sits perfectly between being a SaaS product like Shopify, and being a self-hosted ecommerce CMS you have full control of like Magento. It plays a fine line between ease of use and feature sets, and it does so brilliantly. You may be surprised by the types of stores that are on WooCommerce. It’s not all small businesses. 

In 2018, WooCommerce looked into its user base in more detail. They analyzed stores to see where they are coming from and their size. What they found was surprising

WooCommerce is not the ecommerce platform of small merchants some developers think it is. There are a number of larger stores using it as well. 

A large number of WooCommerce stores actually fall between the $100,000 to $500,000 range, with some extending as far as $1 million in annual revenue. Brands that have made WooCommerce their ecommerce platform of choice include Blue Star Coffee, Weber, Ripley’s Believe It or Not, and Singer.

WooCommerce is not the best choice for large stores that involve a lot of moving parts. But it is a great Magento alternative for smaller and medium-sized stores looking to take control.

Why use WooCommerce instead of Magento?

  • It’s very easy to use, while still offering impressive flexibility for developers
  • It offers a large number of plugins to increase functionality
  • It has a large selection of themes and templates
  • It’s lightweight, so can load content faster

Why use Magento instead of WooCommerce

  • WooCommerce, while flexible, doesn’t have the ecommerce functionality of Magento
  • Magento is better for growing merchants
  • Magento has a great community that supports ecommerce specifically

 

Stay on Magento 1

Your second alternative isn’t an alternative, and comes with a question. Why make the move at all? Have you thought you need to make the move because of the warnings you’re seeing from the community and in your installation? 

Sentiment regarding the Magento 1 End Of Life is split in the community. Fears regarding security vulnerabilities, loss of PCI compliance, and more are on one side. While devs offering continued support and security updates are on the other. 

As a hosting provider, we will continue to support merchants that wish to stay on Magento 1, by making sure to keep our web application firewall up to date to help with security. We’ll also continue to maintain server-side performance optimizations for the first version of Magento. 

Staying on Magento 1 means doing everything you can to secure your site. From hosting to development, don’t cut corners when the future of your store is at stake. 

If you decide that staying on Magento 1 – even if just for the time being – is the right move for your store, then there are a few things you’re going to want to do. Firstly, upgrade your store to Magento 1.9. Unlike replatforming, this does not require much work or expense and is a simple patching process.

You’re also going to want to upgrade any other software you’re running as part of your application stack. This includes your PHP, MySQL, and Apache versions, along with any other applications you’re running as a part of your stack. The Hostdedi support team can help with this. Get in touch and we’ll make sure your hosting environment is as secure as possible. 

Finally, don’t forget to communicate with your developer (if you have one) about what they think staying on Magento 1 means for your store. Some developers will try their best to accommodate you and put in place safeguards so your store isn’t exposed to vulnerabilities. 

Why Stay on Magento 1 instead of moving to Magento 2?

Download and read After M1 to find out more detailed reasons for why staying on M1 may be the right option for your store. 

 

BigCommerce (For WordPress)

Perhaps WooCommerce isn’t the right fit for your store. Maybe Staying on Magento 1 is out of the question. Where do you go next? 

BigCommerce started out as a SaaS application but has since expanded into the headless (decoupled) market. We offer this as an option in the form of BigCommerce for WordPress. The Advantages? Merchants can use both the backend of BigCommerce for ecommerce management and the frontend of WordPress for displaying it. 

This means is more flexibility, better potential user experiences, and the ability to ramp up your content marketing strategy. Remember, content and product SEO are different, so don’t charge in head-first if your not as experienced with content SEO. 

BigCommerce is the Magento alternative for merchants looking for both great content and product management capabilities.

BigCommerce for WordPress also comes with premium support from both Hostdedi and BigCommerce. In the event something goes wrong on either the application or the hosting side, you’ll immediately be able to reach out to a relevant member of the support staff to resolve your problem. The faster it’s resolved, the quicker you’re going to be able to start selling again. 

Why choose BigCommerce instead of Magento?

  • It offers both great ecommerce and content functionality
  • Both BigCommerce and your hosting provider are able to offer support

Why choose Magento instead of BigCommerce?

  • Magento still offers more in terms of functionality
  • BigCommerce charges transaction fees
  • BigCommerce is a closed source application without the development community of Magento

 

Sylius

Perhaps you’re a developer or merchant that loves to live on the bleeding edge. Maybe you’ve always prided yourself on staying up to date with the latest and greatest. Or perhaps you’re all about taking the reins when it comes to functionality. 

If that sounds like you, then Sylius is probably your platform of choice. 

Sylius is an open source ecommerce platform that runs on Symfony. That means more customization, more functionality, and stronger alignment with dev best practices. Plus, with it being open source, the community for support only continues to grow. 

Currently available in standard and enterprise forms, Sylius is a good option if you’re looking to stay ahead of trends in web development. However, if your store needs to remain reliable, then it may be better to look elsewhere. 

Why choose Sylius over Magento

  • Sylius is cutting edge in ecommerce web development
  • It allows merchants to create a heavily customized ecommerce experience

Why choose Magento over Sylius

  • Magento has a longer history and is a more secure foundation
  • There is a larger selection of extensions for Magento
  • You may be limited by your programming expertise

 

Shopify

On the other end of the functionality spectrum is Shopify; a SaaS application built to make ecommerce easy. 

Shopify is one of the more popular options around, and it’s easy to see why when you take a look at its ease of use. For small merchants, the process of going from store idea to selling is quick and easy. However, this ease of use isn’t all it’s cracked up to be – especially when a store starts to grow. 

Shopify is a good option for merchants getting started in ecommerce, but as they grow its limitations become increasingly apparent. 

Shopify comes with a number of limitations that can ultimately hurt a merchant’s bottom line. 

One of the most significant of these limitations is transaction fees. While alternatives like WooCommerce and Magento let merchants use a number of different payment processors without needing to pay transaction fees, Shopify only allows you to avoid them if you use Shopify’s payment service. This can cause problems with lock-in once you start needing an alternative. 

Other limitations also start to appear when considering Shopify SEO. These include:

  • A rigid URL structure
  • Limitations to meta titles and descriptions
  • A locked robots.txt files
  • An inability to edit tag pages
  • No good way to handle duplicate content

For merchants that want their store to rank for important search terms, these SEO limitations can quickly outway the advantages that come with Shopify’s ease of use – especially if you’re a merchant with a lot of products. 

Why choose Shopify over Magento?

  • It’s easier to use and get started with
  • It comes with a large selection of templates and themes

Why choose Magento over Shopify?

  • Magento offers more in terms of flexibility and functionality
  • Magento doesn’t have transaction costs
  • Shopify has some serious SEO limitations

 

Prestashop

Prestashop is another option that works well for merchants looking to leverage a platform that offers ease of use. 

Originally released in 2008, Prestashop comes in both self-hosted and SasS forms. While the user base for both has diminished over the last few years, it’s still a strong competitor for small stores.

Moreover, perhaps because of its self-hosted background, when compared with other SaaS platforms, it manages to hold its own in terms of functionality. Some of the main reasons you may decide to use Prestashop include: 

  • Easy to use and intuitive interface
  • A good selection of themes and templates
  • Over 3,900 extensions for expanding functionality
  • A lightweight platform that is usually fast

Despite these advantages, Prestashop, like Shopify, just can’t compete with some of the bigger players in terms of functionality and flexibility. For medium stores or those that expect to grow, it quickly becomes a bottleneck that prevents continued growth. 

Prestashop is a good option if you’re looking for a platform that offers ease of use. But it trails behind some of the more powerful options in terms of functionality. 

Magento, for example, offers a number of complex options and tools for managing omnichannel customer journeys and multi-site stores with localization requirements. This is an advantage that can particularly help stores with international customers. Localization with Prestashop doesn’t offer the same level of detail or a truly “local” experience. 

Prestashop – just like Shopify-  also falls down in terms of SEO. In fact, stock Prestashop doesn’t even have some SEO features you would expect to see, like meta titles and descriptions. To gain access to that functionality you have to download an extension. 

Overall, Prestashop isn’t the best option on this list. It does, however, offer a suitable alternative to Magento for merchants looking to simplify their commerce experience. 

Why choose Prestashop over Magento?

  • Prestashop is easier to use and develop with. 
  • Prestashop offers a large number of themes and add-ons

Why choose Magento over Prestashop?

  • Prestashop has terrible SEO features
  • Magento offers more in terms of features and functionality

 

Source link

How Hostdedi Helps Your Store Stay PCI Compliant

How Hostdedi Helps Your Store Stay PCI Compliant

Having a PCI compliant store requires the sustained efforts of both yourself and your hosting provider. Although there are no shortcuts, choosing a credible web hosting provider is an effective place to start. Even so, most PCI requirements can only be met by you, the merchant. Read on to learn more about the dividing line between host and merchant, and why it can be worthwhile to go beyond PCI for your customers.

 

What Is PCI?

nexcess locked safeIn ecommerce, PCI is shorthand for Payment Card Industry Data Security Standards (PCI DSS). Created in 2004, PCI DSS aim to help protect consumers and prevent credit card fraud. It is required for any organization that receives, processes, or stores credit card data of any of the five members of the PCI Security Council: VISA, MasterCard, American Express, Discover, and JCB.

The list of requirements is extensive, to put it mildly. The requirements span six categories, and each category is divided into several hundred specific requirements. Some fall exclusively under the domain of either merchants or hosting providers, while some extend to both. PCI compliance is also not a one-time requirement, as the Security Council makes periodic adjustments to address new threats to consumers.

Compliance is not a “one-and-done” event. It requires daily, weekly, monthly, and annual tasks to maintain compliance. There are 12 general requirements divided among six categories. For illustrative purposes, we’ve listed these same categories, but also included more specific requirements from within PCI DSS. 

6 Key Categories for PCI Compliance

Build and maintain a secure network. Install and maintain a firewall. Use unique, high-security passwords with special care to replace default passwords.

Protect cardholder data. Whenever possible, do not store cardholder data. If there is a business need to store cardholder data, then you must protect this data. Encrypt any data passed across public networks, including data passed between your shopping cart, your Web-hosting provider, and your customers.

Maintain a vulnerability management program. Use antivirus software and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure your antivirus software applications are compliant with your chosen card companies.

Implement strong access control measures. Access to cardholder data, both electronic and physical, should be on a need-to-know basis. Ensure those people with electronic access have a unique ID and password. Do not allow people to share login credentials. Educate yourself and your employees on data security, and specifically the PCI Data Security Standard (DSS).

Regularly monitor and test networks. Track and monitor all access to networks and cardholder data. Maintain a regular testing schedule for security systems and processes, including: firewalls, patches, web servers, email servers, and antivirus.

Maintain an information security policy. Establish a clear and thorough organizational data security policy. Disseminate and update this policy regularly.

PCI non-compliance can result in fines ranging between $5000—$100,000 per month, depending on the size of the offending organization, its severity, and other factors. Non-compliance can also result in legal action, security breaches, and lost revenue.

PCI Requirements for Hosting Providers 

nexcess monitoringIt is virtually impossible for the typical merchant to be PCI compliant without enlisting the services of a compliant hosting provider. Merchants that host their own websites must meet hosting provider requirements in addition to meeting those for merchants. Such a model works for massive enterprises like Amazon and WalMart, but few others. 

Following are some of the highlights of our systems and policies that uphold our status as a PCI compliant hosting provider. The term “cardholder data environment” refers to any system that stores, processes, or transmits credit card data as well as any system that has access to cardholder data environment itself.

We maintain a web application firewall (WAF), which monitors all connections between the cardholder data environment and other networks. ModSec prohibits public access to sensitive areas, identifies untrusted connections, and hides IP addresses and routing information from unauthorized parties. 

We apply industry-accepted configuration standards for all system components that address all known security vulnerabilities. This extends to our internal and external network, our operating systems, and hardware required to host web services.

We apply cryptography and security protocols that encrypt and protect cardholder data even when transmitted across public networks. SSL certificates and other trusted security keys are unilaterally enforced. Only modern TLS ciphers are permitted.

We restrict physical access to our data center with 24-hour security policies and a team trained to implement them. This includes, but is not limited to:

  • Video surveillance with 90-day footage history
  • Secured entry with at least two-factor authentication (PIN, access card) in most areas, and three-factor authentication (PIN, access card, thumbprint) in areas housing the cardholder data environment
  • Visible identification on all team members
  • Visitor policy that prevents unauthorized public access; authorized external individuals have access only to required areas and are escorted at all times 
  • Team members are given access to the cardholder data environment only if their role requires it
  • Restricted access to network jacks, wireless access points, gateways, networks, and other lines of communication

We track and monitor access to network resources and cardholder data, though it falls to clients to maintain logs and monitor logins for their own applications (Magento, WordPress, and so on).  

We regularly test our security systems and processes, and perform internal penetration testing at regular intervals as well as after any significant infrastructure upgrade. 

PCI Requirements for Merchants

Secure store with HostdediProperly implemented, PCI compliance helps merchants adhere to commonly accepted best practices of data security. Hosting with a PCI compliant provider is a solid first step, but becoming compliant still requires action on your part.

If your store accepts credit cards as payment, it must be PCI compliant whether you store that data or not. Choosing a PCI Compliant web host is only the first step. Most credible web hosts can provide merchants with materials outlining their respective responsibilities upon request, but ultimately it is on merchants to understand and meet these requirements. 

Regrettably, there is no “one size fits all” checklist. Your specific responsibilities will vary according to your merchant level (1–4, with 1 being the highest), which is generally determined by the number of credit card transactions your store processes annually. 

The general process for most merchants is:

  1. Identify, understand, and implement the appropriate PCI DSS requirements. 
  2. Complete a Self Assessment Questionnaire (SAQ). The SAQ is a checklist outlining the requirements. Depending on your level, some or all of them will apply to you. Level 1 merchants have the most requirements; level 4, the least.
    Resist the temptation to simply “check every box” in the SAQ. Doing so endangers your customers and exposes your business to liability. The PCI stands to lose money from breaches, and in response may investigate your SAQ and AOC.
  3. Submit to a quarterly scan by an Approved Scanning Vendor (ASV), an independent, qualified authority that performs external vulnerability scans on your systems. 
  4. Complete the Attestation of Compliance (AOC), a document asserting that you are both eligible to perform and have in fact performed the SAQ to the best of your ability.
  5. If classified as a level 1 merchant, you must take additional steps, including an on-site assessment. 

If climbing the considerable hurdle of PCI compliance doesn’t appeal to you, you’re not alone. Your hosting provider can answer questions related to overlapping responsibility, and third party Qualified Security Assessors (QSAs) can help businesses run the PCI gauntlet (for a price). 

Even businesses offering only PayPal, Auth.net, and other payment services as payment options must be PCI compliant because those businesses must still transmit credit card data.

One universal component is the need to confirm that all of your service providers are PCI compliant. This includes your hosting provider, but also extends to payment processors, payment gateways, POS providers, and any other entities that touch your customers’ cardholder data. 

Some PCI Essentials for Merchants

  • Maintain PCI compliance. Compliance requires ongoing awareness and daily application. Tasks range between daily and annual, but all are recurring.
  • Don’t just check “Yes” to every question in the SAQ. Due diligence protects your business and your customers.
  • Know your code, or use a developer that does. Implement best practices of deployment using staging and dev sites without exception.
  • Establish a secure password policy. Use complex, unique passwords and never allow your staff to share login credentials or use default passwords.
  • Enable two-factor authentication for all of your internal users, and consider providing it as an option for customers logging in to your site.
  • Use a web application firewall (WAF). At Hostdedi, we provide one for all clients and it’s enabled by default.
  • Don’t just take your hosting provider’s word for it. Confirm they’re PCI Compliant and competent by asking for (and getting) their Attestation of Compliance (AOC).
  • Keep your applications and extensions current to the latest stable release, and actively monitor for new threats and versions.

Beyond PCI

If PCI compliance were enough, breaches of high-profile organizations would be far less common. Compliant should not mean complacent.

In reality, PCI compliance is “Cardholder Data Security 101.” It is the minimum acceptable standard and a reasonable introduction, but PCI is far from infallible. Credit card companies require compliance. Merchants adhering to PCI standards will be more effective at protecting consumers than businesses that just pay them lip service, but PCI compliance is only the first step. 

The very nature of PCI — a large, curated document updated only periodically — makes it vulnerable. Standards deemed sufficient in the “current” version are often exposed as inadequate. It can take months or even years for PCI to “catch up,” and bad actors are well aware of its limitations.

The best protection is knowledge. At Hostdedi, we have team members that specialize in web security who stay well-versed in the newest threats, breaches, and countermeasures. Many merchants may be reluctant to enlist the services of a security expert. At the very least, we recommend subscribing to security notifications for your ecommerce application and following at least one credible web security news source. Both sources react much faster than the PCI, and following them will help you “spot the smoke” before it becomes a fire. 

We’re on the List!

Don’t forget, we’re “On the List” of PCI compliant providers officially recognized by the Visa Global Registry. That means we’ve shown a continued commitment to reviewing and improving our security policies to match and exceed PCI compliance requirements. If you’re looking for a PCI compliant provider, hosting with Hostdedi means you’re hosting with an approved and recognized provider. Learn more about the PCI compliant hosting with Hostdedi. 

For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.  

Source link