CAll Us: +1 888-999-8231 Submit Ticket
Is the End Near for EV SSL Certificates?

Is the End Near for EV SSL Certificates?

Google, Firefox, and Apple certainly think so. Extended Validation (EV) SSLs are effectively being put out to pasture. Upcoming changes to Chrome and Firefox will soon remove the EV badge from their browsers, citing concerns with its diminished reputation for protecting consumers. 

Standard vs. EV SSL certificates

If you’re already familiar with SSL certificates and the difference between Standard and Extended Validation (EV) varieties, skip ahead to the Why Are Browsers Burying EV SSL Certificates? section. 

SSL certificates are digital certificates that authenticate the identity of a website and allow for secure transmission of credit card data, login credentials, and other sensitive information. Though many types are available, standard SSL certificates provide the padlock icon in most browsers, help make your site PCI-compliant, and are a good choice for most merchants. 

Gray SSL Padlock

In most browsers, sites without SSL certification receive the “Not Secure” label, and anyone clicking on it will read a dire warning. 

Not Secure SSL warning

Furthermore, most browsers also will warn the user before entering any credit card information. Even if they don’t notice the lock, it’s almost impossible to miss the alert upon checkout. This tends to have a chilling effect on most users’ buying experience.

SSL warning

EV SSL certificates attempt to enhance this authentication with a more rigorous (and expensive) validation process. The end result is the addition of the merchant’s established legal identity just to the left of the web address.

In theory, this provides an additional visual cue for consumers, which makes them feel safer and more likely to spend their money on the site. In practice, most consumers don’t notice the absence of a site’s “legal identity,” meaning the EV SSL certificate provide little value to anyone other than the organization selling it.

Why Are Browsers Burying EV SSL Certificates?

In cyber security circles, criticism of EV SSL is not new. The stated goals for EV SSL are 1) to make it harder for phishing scams to fake their online identity, and 2) make consumers feel more safe. Their argument is that EV SSLs are only marginally effective at #1, and utterly ineffective at #2. 

The core failing in the “legal identity” tactic against phishing scams is the relative fluidity of those legal identities. The phrase itself is a misnomer, one that falsely invokes images of face-to-face authentication and triple-checked claims. As demonstrated by one industry professional, the methods of identity verification vary by state, with many ranging between “woefully inadequate” and “cursory.” A determined bad actor would have little trouble registering “Identity Verified” or some other devious “legal identity” to dupe unsuspecting consumers into feeling secure.

However, such efforts would likely be wasted, because the same experts claim most users simply fail to notice the presence or absence of the legal identity. Apple has alread removed the visual cue from Safari and Mojave  for this very reason. Recently, Chrome and Firefox announced their intent to follow suit, with the former stating: 

Users do not appear to make choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection.

For Chrome, this takes effect on September 10. The change comes to Firefox on October 22. The legal identifier will still be available, but buried in the interface and only accessible to the determined clicks of a knowledgeable user. 

Despite the exaggerated claims of organizations eager to sell EV certificates, most users are content to see the padlock and not see any warnings at checkout, both of which are provided by other, less expensive SSL certificates.  

 

If you have questions about which SSL certificate is right for you, contact our sales team for assistance.

The post Is the End Near for EV SSL Certificates? appeared first on Hostdedi Blog.

Source link

How Hostdedi Helps Your Store Stay PCI Compliant

How Hostdedi Helps Your Store Stay PCI Compliant

Having a PCI compliant store requires the sustained efforts of both yourself and your hosting provider. Although there are no shortcuts, choosing a credible web hosting provider is an effective place to start. Even so, most PCI requirements can only be met by you, the merchant. Read on to learn more about the dividing line between host and merchant, and why it can be worthwhile to go beyond PCI for your customers.

 

What Is PCI?

nexcess locked safeIn ecommerce, PCI is shorthand for Payment Card Industry Data Security Standards (PCI DSS). Created in 2004, PCI DSS aim to help protect consumers and prevent credit card fraud. It is required for any organization that receives, processes, or stores credit card data of any of the five members of the PCI Security Council: VISA, MasterCard, American Express, Discover, and JCB.

The list of requirements is extensive, to put it mildly. The requirements span six categories, and each category is divided into several hundred specific requirements. Some fall exclusively under the domain of either merchants or hosting providers, while some extend to both. PCI compliance is also not a one-time requirement, as the Security Council makes periodic adjustments to address new threats to consumers.

Compliance is not a “one-and-done” event. It requires daily, weekly, monthly, and annual tasks to maintain compliance. There are 12 general requirements divided among six categories. For illustrative purposes, we’ve listed these same categories, but also included more specific requirements from within PCI DSS. 

6 Key Categories for PCI Compliance

Build and maintain a secure network. Install and maintain a firewall. Use unique, high-security passwords with special care to replace default passwords.

Protect cardholder data. Whenever possible, do not store cardholder data. If there is a business need to store cardholder data, then you must protect this data. Encrypt any data passed across public networks, including data passed between your shopping cart, your Web-hosting provider, and your customers.

Maintain a vulnerability management program. Use antivirus software and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure your antivirus software applications are compliant with your chosen card companies.

Implement strong access control measures. Access to cardholder data, both electronic and physical, should be on a need-to-know basis. Ensure those people with electronic access have a unique ID and password. Do not allow people to share login credentials. Educate yourself and your employees on data security, and specifically the PCI Data Security Standard (DSS).

Regularly monitor and test networks. Track and monitor all access to networks and cardholder data. Maintain a regular testing schedule for security systems and processes, including: firewalls, patches, web servers, email servers, and antivirus.

Maintain an information security policy. Establish a clear and thorough organizational data security policy. Disseminate and update this policy regularly.

PCI non-compliance can result in fines ranging between $5000—$100,000 per month, depending on the size of the offending organization, its severity, and other factors. Non-compliance can also result in legal action, security breaches, and lost revenue.

PCI Requirements for Hosting Providers 

nexcess monitoringIt is virtually impossible for the typical merchant to be PCI compliant without enlisting the services of a compliant hosting provider. Merchants that host their own websites must meet hosting provider requirements in addition to meeting those for merchants. Such a model works for massive enterprises like Amazon and WalMart, but few others. 

Following are some of the highlights of our systems and policies that uphold our status as a PCI compliant hosting provider. The term “cardholder data environment” refers to any system that stores, processes, or transmits credit card data as well as any system that has access to cardholder data environment itself.

We maintain a web application firewall (WAF), which monitors all connections between the cardholder data environment and other networks. ModSec prohibits public access to sensitive areas, identifies untrusted connections, and hides IP addresses and routing information from unauthorized parties. 

We apply industry-accepted configuration standards for all system components that address all known security vulnerabilities. This extends to our internal and external network, our operating systems, and hardware required to host web services.

We apply cryptography and security protocols that encrypt and protect cardholder data even when transmitted across public networks. SSL certificates and other trusted security keys are unilaterally enforced. Only modern TLS ciphers are permitted.

We restrict physical access to our data center with 24-hour security policies and a team trained to implement them. This includes, but is not limited to:

  • Video surveillance with 90-day footage history
  • Secured entry with at least two-factor authentication (PIN, access card) in most areas, and three-factor authentication (PIN, access card, thumbprint) in areas housing the cardholder data environment
  • Visible identification on all team members
  • Visitor policy that prevents unauthorized public access; authorized external individuals have access only to required areas and are escorted at all times 
  • Team members are given access to the cardholder data environment only if their role requires it
  • Restricted access to network jacks, wireless access points, gateways, networks, and other lines of communication

We track and monitor access to network resources and cardholder data, though it falls to clients to maintain logs and monitor logins for their own applications (Magento, WordPress, and so on).  

We regularly test our security systems and processes, and perform internal penetration testing at regular intervals as well as after any significant infrastructure upgrade. 

PCI Requirements for Merchants

Secure store with HostdediProperly implemented, PCI compliance helps merchants adhere to commonly accepted best practices of data security. Hosting with a PCI compliant provider is a solid first step, but becoming compliant still requires action on your part.

If your store accepts credit cards as payment, it must be PCI compliant whether you store that data or not. Choosing a PCI Compliant web host is only the first step. Most credible web hosts can provide merchants with materials outlining their respective responsibilities upon request, but ultimately it is on merchants to understand and meet these requirements. 

Regrettably, there is no “one size fits all” checklist. Your specific responsibilities will vary according to your merchant level (1–4, with 1 being the highest), which is generally determined by the number of credit card transactions your store processes annually. 

The general process for most merchants is:

  1. Identify, understand, and implement the appropriate PCI DSS requirements. 
  2. Complete a Self Assessment Questionnaire (SAQ). The SAQ is a checklist outlining the requirements. Depending on your level, some or all of them will apply to you. Level 1 merchants have the most requirements; level 4, the least.
    Resist the temptation to simply “check every box” in the SAQ. Doing so endangers your customers and exposes your business to liability. The PCI stands to lose money from breaches, and in response may investigate your SAQ and AOC.
  3. Submit to a quarterly scan by an Approved Scanning Vendor (ASV), an independent, qualified authority that performs external vulnerability scans on your systems. 
  4. Complete the Attestation of Compliance (AOC), a document asserting that you are both eligible to perform and have in fact performed the SAQ to the best of your ability.
  5. If classified as a level 1 merchant, you must take additional steps, including an on-site assessment. 

If climbing the considerable hurdle of PCI compliance doesn’t appeal to you, you’re not alone. Your hosting provider can answer questions related to overlapping responsibility, and third party Qualified Security Assessors (QSAs) can help businesses run the PCI gauntlet (for a price). 

Even businesses offering only PayPal, Auth.net, and other payment services as payment options must be PCI compliant because those businesses must still transmit credit card data.

One universal component is the need to confirm that all of your service providers are PCI compliant. This includes your hosting provider, but also extends to payment processors, payment gateways, POS providers, and any other entities that touch your customers’ cardholder data. 

Some PCI Essentials for Merchants

  • Maintain PCI compliance. Compliance requires ongoing awareness and daily application. Tasks range between daily and annual, but all are recurring.
  • Don’t just check “Yes” to every question in the SAQ. Due diligence protects your business and your customers.
  • Know your code, or use a developer that does. Implement best practices of deployment using staging and dev sites without exception.
  • Establish a secure password policy. Use complex, unique passwords and never allow your staff to share login credentials or use default passwords.
  • Enable two-factor authentication for all of your internal users, and consider providing it as an option for customers logging in to your site.
  • Use a web application firewall (WAF). At Hostdedi, we provide one for all clients and it’s enabled by default.
  • Don’t just take your hosting provider’s word for it. Confirm they’re PCI Compliant and competent by asking for (and getting) their Attestation of Compliance (AOC).
  • Keep your applications and extensions current to the latest stable release, and actively monitor for new threats and versions.

Beyond PCI

If PCI compliance were enough, breaches of high-profile organizations would be far less common. Compliant should not mean complacent.

In reality, PCI compliance is “Cardholder Data Security 101.” It is the minimum acceptable standard and a reasonable introduction, but PCI is far from infallible. Credit card companies require compliance. Merchants adhering to PCI standards will be more effective at protecting consumers than businesses that just pay them lip service, but PCI compliance is only the first step. 

The very nature of PCI — a large, curated document updated only periodically — makes it vulnerable. Standards deemed sufficient in the “current” version are often exposed as inadequate. It can take months or even years for PCI to “catch up,” and bad actors are well aware of its limitations.

The best protection is knowledge. At Hostdedi, we have team members that specialize in web security who stay well-versed in the newest threats, breaches, and countermeasures. Many merchants may be reluctant to enlist the services of a security expert. At the very least, we recommend subscribing to security notifications for your ecommerce application and following at least one credible web security news source. Both sources react much faster than the PCI, and following them will help you “spot the smoke” before it becomes a fire. 

We’re on the List!

Don’t forget, we’re “On the List” of PCI compliant providers officially recognized by the Visa Global Registry. That means we’ve shown a continued commitment to reviewing and improving our security policies to match and exceed PCI compliance requirements. If you’re looking for a PCI compliant provider, hosting with Hostdedi means you’re hosting with an approved and recognized provider. Learn more about the PCI compliant hosting with Hostdedi. 

For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.  

Source link

Hostdedi Amsterdam Data Center Launches Cloud Servers

Hostdedi Amsterdam Data Center Launches Cloud Servers

Four years ago, we expanded our European hosting services to include Amsterdam, arguably one of best-connected cities in the world. Now, we’re bringing the scalability and versatility of Hostdedi Cloud to our Amsterdam data center!

Why Amsterdam Matters for Ecommerce

Amsterdam hosts about one-third of Europe’s data center capacity, and for good reason. In North Holland (Netherlands) and near the Amsterdam Internet Exchange (AMS-IX), the combination of geography and technology provides reliable low-latency connections to France, Germany, Scandinavia, and much of eastern Europe. 

The city continues to stand as a center of information technology and ecommerce entrepreneurship, with proven network infrastructure and expansive connectivity to key EU markets. Amsterdam’s history as an international trade hub played will see further exposure this October, when the city hosts MagentoLive Europe, a gathering of 2,000 merchants and developers from around the world.

A Closer Look at the Amsterdam Facility

As a PCI-compliant hosting provider, we apply the same high standards of reliability and security that we apply to all of our data centers. The Amsterdam facility occupies a state-of-the-art data center only minutes away from AMS-IX and uses redundant Tier 1 carriers for dependable connectivity and speed. 

Sixteen generators and 2N redundancy keep the data center ready for nearly every power-loss scenario. As for security, the facility upholds triple-authentication access with biometric readers, as well as 24-hour manned security stations, intrusion detection, and camera surveillance. 

Cloud Services

With the launch of Amsterdam Cloud Services, our clients can expect the same security and performance already present in all of our global data centers. We built this platform to make it easier than ever for your service to grow with your business.All Hostdedi Cloud services include:

  • 24-hour support and monitoring
  • Free migration
  • PCI-compliant cloud hosting
  •  optimized application hosting for Magento, WooCommerce, WordPress, Drupal, and others. 

If you’re a Hostdedi Cloud client, you may also add:

  • Auto Scaling: Ensure your site stays online during foreseen and unforeseen traffic spikes. Be billed only for what you use, when you use it.
  • Cloud Accelerator: Boost your site’s delivery of static content (.jpg, .gif, .png, .bmp, .js, .css, among many others) to deliver a near-instant experience to your site visitors.
  • Instant Dev Sites: Create dev and staging environments at the touch of a button. Test changes without fear and maintain user security with auto-scrubbing of personally identifiable information (PII).


Questions? Our sales team has answers! Contact them at
[email protected] between 9 a.m.– 5 p.m. eastern, Monday to Friday.

 

Source link

Installing BigCommerce for WordPress, Step by Step

Installing BigCommerce for WordPress, Step by Step

In this post we’re going to go through installing the BigCommerce for WordPress plugin, starting with a mostly empty WordPress install. But before we begin, I want to briefly note that if you’re new to Hostdedi and/or want to add a BigCommerce for WordPress retail plan to your existing Hostdedi hosting account, you can do so by visiting this page, selecting a plan and auto-installing BigCommerce for WordPress in one click. For those who need an enterprise-level solution, you’ll follow the steps outlined in this blog to manually install.

The BigCommerce for WordPress plugin is available on WordPress.org, like most plugins. This makes it easy to install, right from within the WordPress admin interface.

Start by logging into WordPress and in the left admin menu, choose Plugins ➞ Add New.

Easy to install bigcommerce from the plugin directory

 

Then in the top right search area search for BigCommerce. When the results appear, click on Install Now on the BigCommerce plugin.

Once it’s installed you’ll need to activate it.

To get started just click activate

As soon as the plugin is activated it will take you to an Onboarding Wizard to help you configure it properly. Your first step will be to either connect your WordPress site to an existing BigCommerce store or create a new BigCommerce store from right within WordPress.

The BigCommerce onboarding wizard starts automatically

For this post we’ll choose Create New Account.

BigCommerce just needs a few details to create your store

The form is longer than what you see in the screenshot, but it asks for normal contact information like address, city, state, zip, phone, etc.

When creating a new account like this it’s creating a free 15-day trial. If you decide you don’t like it, you can simply let it expire. If you decide you’d like to sign up for BigCommerce you may do that in your Account page in the BigCommerce admin area.

and set up a channel

Once you’ve created an account you’ll need to make a Channel.  Channels in BigCommerce allow you to specify what products appear in what storefront.  For example, Amazon can be a channel, and you can say “These products appear in Amazon”.

With WordPress, each WordPress instance in a channel, so you can show certain products on one WordPress site, and other products on another WordPress site.

Of course if you wish you may show all products on your WordPress site, but this Channel we’re making is the method by which that happens.

As shown in the screenshot above you may choose to have all products immediately imported or have none so that you may go back later and specifically choose which products get imported.

then select how to want to use the bigcommerce plugin

The next option is to choose a Full Featured Store or set up a Blogging store. If you choose Simple Blogging then it will skip helping you set up a Navigation Menu and disable the Cart and the Embedded Checkout. So customers will click to Buy a product and it will send them to the BigCommerce store. If you choose this and change your mind it’s easy to switch back later.

For this post we’re going to choose Full Featured Store.

Once you’ve chosen Full Featured Store, the next step is to optionally set up a WordPress Navigation Menu. Checkboxes are provided for all of the pages that BigCommerce creates during this install, including Product Listing Pages, Brand Pages, Category Pages, Shopping Cart, Checkout, etc. You can also choose a Menu Location, exactly like in the default WordPress menu builder.

After you complete the Navigation configuration you’re essentially done with setting up WordPress.  If you wish you can go into BigCommerce ➞ Settings and make some changes, but that’s not required.

The final page of the Setup Wizard offers some links to finish setting up your store, and these must be done before your store will function properly.  These things include setting up your payment gateway, taxes, and shipping.

Once these last admin things have been set up you’re ready to sell!

Learn more about the BC4WP plugin with Hostdedi here.

Source link

The 2019 Black Friday Ecommerce Prep Guide

The 2019 Black Friday Ecommerce Prep Guide

Every year, on the fourth Friday of November, shopping chaos unfolds.

Stores cut their prices, customers flock to their nearest outlets, and deals are had by everyone.

But not anymore. Thanks to ecommerce, customers no longer have to leave the comfort of their home to take part in Black Friday. Keeping an eye on advertisements and pre-event newsletters, customers can easily turn on their laptop, click add to cart, and checkout as soon as the clock strikes twelve.

For customers, this is great. For merchants, it means competition has only gotten more fierce (if you thought that possible). It’s no longer just about having the best deals; it’s about having the best visibility. 

Why Black Friday Matters

Black Friday is the busiest shopping day of the year, with American shoppers spending a record $5 billion in 2017. In 2018, this number then grew by 19%, with over 14.8 million online transactions recorded. With so much money up for grabs, Black Friday can be one of the most profitable days of the year for some businesses. In some cases, it even defines a stores annual profit. 

In the jewelry industry, for example, Black Friday can account for 40% of a business’s annual revenue. With such a large percentage from only a single day, these merchants are often forced to ensure their Black Friday campaigns do better year-over-year. The alternative is something many can’t think about. 

Hopefully, your sales are not so dependent on Black Friday. However, there’s still a lot of money available to those savvy enough to take advantage of the digital opportunities available to merchants. 

But with more demand and more customers, the chance of something going wrong only increases. If you want to be successful this Black Friday, you can’t treat it like any other sales day, or even any other sales event. 

Black Friday Ecommerce Statistics

According to NRF, shoppers who took part both online and in-store were up 40% from 2017, with multi-channel shoppers outspending single-channel shoppers by $93. This year, ecommerce merchants can expect to see another huge increase in online shoppers, following on from 2018’s substantial growth.

With Black Friday now online, shoppers no longer have to venture outside to chaotic shopping centers and can instead make their purchases from the comfort of their sofa. 

This is despite in-store shoppers declining by roughly 1%, and 44% of consumers saying they would shop online in 2017 vs just 42% in 2018. 

Industry Ecommerce Benchmarks for Black Friday

Prior to the 2018 Black Friday event, Blackfriday.com questioned their users on what they planned to look for in the sales. 

Industry Breakdown of Black Friday Ecommerce Interest

Clothing took top spot, with 23% of consumers aiming to score a good deal on fashion items. This was quickly followed by tech, with 22% of consumers looking for their next gadget. 

Towards the bottom of the pile was travel. With it being less of an impulse buy, just 9% of consumers aimed to find some travel deals for the coming year.

If you’re a clothes or tech merchants, Black Friday and Cyber Monday are going to be the days you want to get ready for. 

Getting Your Site Ready for Black Friday

Getting ready for Black Friday means getting ready for more than just the products you’re going to sell. Expect to see:

  • An increase in traffic
  • An increase in server strain
  • An increase in the potential for things to go wrong

We’ve seen it all too many times. Merchants who wait until the last second to address these potential pitfalls, and as a result: they fall. 

Getting yourself ready for Black Friday doesn’t have to be complicated, and it doesn’t have to be a lengthy process. But it will mean that you’re able to maximize ROI from the event, and secure your place among the Black Friday customer go-tos for years to come. 

Get Started Early

The earlier you start targeting Black Friday shoppers, the better results you’re going to have. Getting started early means ramping up everything from prep work to marketing strategy. 

Some merchants start their Black Friday marketing efforts as early as October, with others beginning to ramp up marketing in early September. 

When considering how early you will begin your marketing strategy, take a step back and analyze these factors.

 

  • Budget: How much do you have to spend on Black Friday marketing? Where should that budget be spent? Will you increase adwords spend, ramp up email products, or instead focus on more traditional print-media?
  • Resources: November is a resource-intensive time. Christmas is just around the corner, and depending on where you’re located, Singles Day is just a few short weeks ahead of Black Friday. Calculating ROI on resource spend is going to make a huge difference. You don’t want to run out of money before Black Friday has even started. 
  • Potential: While it would be great if we all had unlimited products and opportunities, that’s more often not the case. Perhaps you’re limited in terms of stock or fulfillment processes. The less potential for your Black Friday campaign, the less time should be dedicated to it. 

 

Once you’ve drawn a clear picture of these areas, it’s a good idea to outline the different channels and audiences your aiming to target and assign any associated dates. 

Getting Your Ecommerce Site (and hosting) Ready for Black Friday

If you’re running a Black Friday sale, that means you can all but guarantee an influx of traffic. That means more opportunities for something to go wrong. Don’t let it be your hosting platform. 

As the foundation of your site, hosting problems can mean slow user experiences, broken page elements, and, in the most extreme cases, site-wide outages. Luckily, there are specific steps you can take to ensure a smooth Black Friday experience for your customers and keep those conversions rolling in. 

What’s Your Limit?

How much can your hosting actually take? 

Every hosting package you purchase will have its limits. If your site is seeing more visitors than those limits can handle, then your site won’t crash. Instead, it will slow to a crawl, queuing page load requests until it eventually becomes long enough for the dreaded timeout. 

If you’re already seeing traffic hover around your limit, it’s definitely worth upgrading your hosting to the next level. If you’re running on the Hostdedi Cloud, you can also enable auto scaling in your Client Portal. Just a flick of a button and you’ll be set for any unexpected (or expected) traffic spikes. 

Prepare for International Sales

International sales can add a whole new level of complexity to a store. For the merchant, alternate payment options, different order fulfillment choices, and tweaks to content are only the start. On top of those, delivering digital assets to countries halfway around the world presents its own problem. 

Yes, digital transfer speeds are fast, but running your website through cables located under the Atlantic is going to lead to some lag, especially if demand is high (like on Black Friday). How can you solve this?

For most stores looking to serve international customers, purchasing a CDN add-on for their store will allow static assets such as images to be held in server locations around the world. This way, regardless of where your customers are coming from, they’re going to be able to access high-bandwidth assets from a local location. That means faster load times and more conversions. 

Check in with Our Support Techs… Why Not?

Our philosophy is that it’s always worth exploring every avenue available to you, to see if there’s something you’ve been missing. That’s why we recommend all of our clients expecting an influx of traffic during Black Friday to check in and see if there’s anything we can do to help.

There may not be. Perhaps you’ve already prepared your store for any eventuality. But what if you’ve missed something and it ends up coming back to haunt you? We’ll often reach out to clients we expect to encounter a problem, so keep an eye on your inbox. Or, start the conversation yourself. 

At the very least, it’s worth letting the team here know that you’re planning to run a sale over those dates, that way our team can take extra steps to keep an eye on your hosting platform and how it’s performing. 

Black Friday Ecommerce Strategy

Start Marketing Early

Any good Black Friday ecommerce strategy means ramping up interest before Black Friday actually begins. After all, some customers spend weeks looking for deals they’re going to jump on during the sales. 

Getting started early means promoting your company’s email newsletter through organic and paid channels. This will give you a lot of leads to follow up with once your really start marketing your discounts. 

The earlier you start marketing your Black Friday discounts, the more customers are going to come knocking on the big day.

Start promotions with enticing statements about how your sales event is unique. Statements like “Over 80% off this Black Friday, sign up to stay ahead of the curve” work well to draw in subscriptions, especially when they’re paired with tantalizing artwork. 

Get Creating Niche Gift Guides

You’ve got awesome products so why not let them market themselves? Your Black Friday marketing strategy doesn’t have to only be about target Black Friday shoppers. There’s a whole internet of customers you have access to. 

This means creating marketing material that will draw in those interested in your niche, but not Black Friday. 

Gift guides are a great way to target long tail ecommerce SEO keywords. They not only target Black Friday Shoppers, but everyone looking for your products. 

One of the best ways to do this is by creating a gift guide that suits your target audience. If you sell shoes, how about creating the ultimate gift guide to Men’s Fashion in 2019? If you sell hats, do the same thing. If you have a larger product range, make your gift guide broader. The possibilities are limitless. 

Prepare Upsells and Cross-sells

With the average person spending $289.19 during Black Friday in 2018, it’s the perfect opportunity to push upsells and cross-sells. This may be grouping items for an improved discount, or providing recommendations for related products during checkout. 

Just remember, a good upsell and cross-sell strategy revolves around providing your buyer value. Don’t just indiscriminately group items together, think of how grouping multiple items provides buyers with a benefit. 

For example, if you’re selling shoes, shoe care products are a great upsell. They can potentially increase the longevity of a product, fitting perfectly within the buyer narrative of saving money. 

If you’re selling a specific type of gift, think about other products that complement it. The more you think about and push the narrative of buyer benefit, the more you’re going to be successful here. 

Prepare Your Email Strategy

Did you know that 25% of Black Friday sales start with an email? At least, that’s what Custora says

That means you should be jumping on the email bandwagon if you want to maximize ROI. But how?

Great email campaigns start with two things: timing and subject lines. 

If you haven’t already, begin testing what times are best for sending emails to your customers. Which days of the week work best and when are they going to check their inbox? 

If you spend 1 hour creating the perfect email, spend 2 crafting the subject line. 

Then work on your subject lines. These sentences should be the core of your content. If you spend 1 hour creating the perfect email content, spend 2 crafting the subject line. The subject line will encourage opens, click-throughs, and sales. 

Learn how to tailor your emails to the customers with our guide to email personalization

Go Beyond Black Friday

There are four days of shopping to be had around Black Friday: not just Black Friday itself. Make sure to target each of these days individually.

Then, think about how your Black Friday marketing strategy can continue to bring sales in even after the sales event is over. Use it as an opportunity to increase reach, and audience knowledge of your brand. 

Don’t Shrug Off Black Friday in 2019

We’ve seen it all too often: merchants not preparing their stores for Black Friday and then suffering from site slowdowns and outages. Don’t let that be you. 

Talking to a sales rep to ensure you’re ready is one of the most crucial steps merchants can make in the run up to November 29th this year.

Interested in learning more about how Hostdedi solutions can benefit you? See some more benefits we’re offering merchants this year and get 75% off of new services or upgrades with code HolidayPrep19.

Source link

Hostdedi Amsterdam Data Center Launches Cloud Servers

Hostdedi Amsterdam Data Center Launches Cloud Servers

Four years ago, we expanded our European hosting services to include Amsterdam, arguably one of best-connected cities in the world. Now, we’re bringing the scalability and versatility of Hostdedi Cloud to our Amsterdam data center!

Why Amsterdam Matters for Ecommerce

Amsterdam hosts about one-third of Europe’s data center capacity, and for good reason. In North Holland (Netherlands) and near the Amsterdam Internet Exchange (AMS-IX), the combination of geography and technology provides reliable low-latency connections to France, Germany, Scandinavia, and much of eastern Europe. 

The city continues to stand as a center of information technology and ecommerce entrepreneurship, with proven network infrastructure and expansive connectivity to key EU markets. Amsterdam’s history as an international trade hub played will see further exposure this October, when the city hosts MagentoLive Europe, a gathering of 2,000 merchants and developers from around the world.

A Closer Look at the Amsterdam Facility

As a PCI-compliant hosting provider, we apply the same high standards of reliability and security that we apply to all of our data centers. The Amsterdam facility occupies a state-of-the-art data center only minutes away from AMS-IX and uses redundant Tier 1 carriers for dependable connectivity and speed. 

Sixteen generators and 2N redundancy keep the data center ready for nearly every power-loss scenario. As for security, the facility upholds triple-authentication access with biometric readers, as well as 24-hour manned security stations, intrusion detection, and camera surveillance. 

Cloud Services

With the launch of Amsterdam Cloud Services, our clients can expect the same security and performance already present in all of our global data centers. We built this platform to make it easier than ever for your service to grow with your business.All Hostdedi Cloud services include:

  • 24-hour support and monitoring
  • Free migration
  • PCI-compliant cloud hosting
  •  optimized application hosting for Magento, WooCommerce, WordPress, Drupal, and others. 

If you’re a Hostdedi Cloud client, you may also add:

  • Auto Scaling: Ensure your site stays online during foreseen and unforeseen traffic spikes. Be billed only for what you use, when you use it.
  • Cloud Accelerator: Boost your site’s delivery of static content (.jpg, .gif, .png, .bmp, .js, .css, among many others) to deliver a near-instant experience to your site visitors.
  • Instant Dev Sites: Create dev and staging environments at the touch of a button. Test changes without fear and maintain user security with auto-scrubbing of personally identifiable information (PII).


Questions? Our sales team has answers! Contact them at
[email protected] between 9 a.m.– 5 p.m. eastern, Monday to Friday.

 

Source link

How Hostdedi Helps Your Store Stay PCI-Compliant

How Hostdedi Helps Your Store Stay PCI-Compliant

Having a PCI-compliant store requires the sustained efforts of both yourself and your hosting provider. Although there are no shortcuts, choosing a credible web hosting provider is an effective place to start. Even so, most PCI requirements can only be met by you, the merchant. Read on to learn more about the dividing line between host and merchant, and why it can be worthwhile to go beyond PCI for your customers.

 

What Is PCI?

nexcess locked safeIn ecommerce, PCI is shorthand for Payment Card Industry Data Security Standards (PCI DSS). Created in 2004, PCI DSS aim to help protect consumers and prevent credit card fraud. It is required for any organization that receives, processes, or stores credit card data of any of the five members of the PCI Security Council: VISA, MasterCard, American Express, Discover, and JCB.

The list of requirements is extensive, to put it mildly. The requirements span six categories, and each category is divided into several hundred specific requirements. Some fall exclusively under the domain of either merchants or hosting providers, while some extend to both. PCI compliance is also not a one-time requirement, as the Security Council makes periodic adjustments to address new threats to consumers.

Compliance is not a “one-and-done” event. It requires daily, weekly, monthly, and annual tasks to maintain compliance. There are 12 general requirements divided among six categories. For illustrative purposes, we’ve listed these same categories, but also included more specific requirements from within PCI DSS. 

6 Key Categories for PCI Compliance

Build and maintain a secure network. Install and maintain a firewall. Use unique, high-security passwords with special care to replace default passwords.

Protect cardholder data. Whenever possible, do not store cardholder data. If there is a business need to store cardholder data, then you must protect this data. Encrypt any data passed across public networks, including data passed between your shopping cart, your Web-hosting provider, and your customers.

Maintain a vulnerability management program. Use antivirus software and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure your antivirus software applications are compliant with your chosen card companies.

Implement strong access control measures. Access to cardholder data, both electronic and physical, should be on a need-to-know basis. Ensure those people with electronic access have a unique ID and password. Do not allow people to share login credentials. Educate yourself and your employees on data security, and specifically the PCI Data Security Standard (DSS).

Regularly monitor and test networks. Track and monitor all access to networks and cardholder data. Maintain a regular testing schedule for security systems and processes, including: firewalls, patches, web servers, email servers, and antivirus.

Maintain an information security policy. Establish a clear and thorough organizational data security policy. Disseminate and update this policy regularly.

PCI non-compliance can result in fines ranging between $5000—$100,000 per month, depending on the size of the offending organization, its severity, and other factors. Non-compliance can also result in legal action, security breaches, and lost revenue.

PCI Requirements for Hosting Providers 

nexcess monitoringIt is virtually impossible for the typical merchant to be PCI compliant without enlisting the services of a compliant hosting provider. Merchants that host their own websites must meet hosting provider requirements in addition to meeting those for merchants. Such a model works for massive enterprises like Amazon and WalMart, but few others. 

Following are some of the highlights of our systems and policies that uphold our status as a PCI-compliant hosting provider. The term “cardholder data environment” refers to any system that stores, processes, or transmits credit card data as well as any system that has access to cardholder data environment itself.

We maintain a web application firewall (WAF), which monitors all connections between the cardholder data environment and other networks. ModSec prohibits public access to sensitive areas, identifies untrusted connections, and hides IP addresses and routing information from unauthorized parties. 

We apply industry-accepted configuration standards for all system components that address all known security vulnerabilities. This extends to our internal and external network, our operating systems, and hardware required to host web services.

We apply cryptography and security protocols that encrypt and protect cardholder data even when transmitted across public networks. SSL certificates and other trusted security keys are unilaterally enforced. Only modern TLS ciphers are permitted.

We restrict physical access to our data center with 24-hour security policies and a team trained to implement them. This includes, but is not limited to:

  • Video surveillance with 90-day footage history
  • Secured entry with at least two-factor authentication (PIN, access card) in most areas, and three-factor authentication (PIN, access card, thumbprint) in areas housing the cardholder data environment
  • Visible identification on all team members
  • Visitor policy that prevents unauthorized public access; authorized external individuals have access only to required areas and are escorted at all times 
  • Team members are given access to the cardholder data environment only if their role requires it
  • Restricted access to network jacks, wireless access points, gateways, networks, and other lines of communication

We track and monitor access to network resources and cardholder data, though it falls to clients to maintain logs and monitor logins for their own applications (Magento, WordPress, and so on).  

We regularly test our security systems and processes, and perform internal penetration testing at regular intervals as well as after any significant infrastructure upgrade. 

PCI Requirements for Merchants

Secure store with HostdediProperly implemented, PCI compliance helps merchants adhere to commonly accepted best practices of data security. Hosting with a PCI-compliant provider is a solid first step, but becoming compliant still requires action on your partt.

If your store accepts credit cards as payment, it must be PCI-compliant whether you store that data or not. Choosing a PCI-compliant web host is only the first step. Most credible web hosts can provide merchants with materials outlining their respective responsibilities upon request, but ultimately it is on merchants to understand and meet these requirements. 

Regrettably, there is no “one size fits all” checklist. Your specific responsibilities will vary according to your merchant level (1–4, with 1 being the highest), which is generally determined by the number of credit card transactions your store processes annually. 

The general process for most merchants is:

  1. Identify, understand, and implement the appropriate PCI DSS requirements. 
  2. Complete a Self Assessment Questionnaire (SAQ). The SAQ is a checklist outlining the requirements. Depending on your level, some or all of them will apply to you. Level 1 merchants have the most requirements; level 4, the least.
    Resist the temptation to simply “check every box” in the SAQ. Doing so endangers your customers and exposes your business to liability. The PCI stands to lose money from breaches, and in response may investigate your SAQ and AOC.
  3. Submit to a quarterly scan by an Approved Scanning Vendor (ASV), an independent, qualified authority that performs external vulnerability scans on your systems. 
  4. Complete the Attestation of Compliance (AOC), a document asserting that you are both eligible to perform and have in fact performed the SAQ to the best of your ability.
  5. If classified as a level 1 merchant, you must take additional steps, including an on-site assessment. 

If climbing the considerable hurdle of PCI compliance doesn’t appeal to you, you’re not alone. Your hosting provider can answer questions related to overlapping responsibility, and third party Qualified Security Assessors (QSAs) can help businesses run the PCI gauntlet (for a price). 

Even businesses offering only PayPal, Auth.net, and other payment services as payment options must be PCI-compliant because those businesses must still transmit credit card data.

One universal component is the need to confirm that all of your service providers are PCI-compliant. This includes your hosting provider, but also extends to payment processors, payment gateways, POS providers, and any other entities that touch your customers’ cardholder data. 

Some PCI Essentials for Merchants

  • Maintain PCI compliance. Compliance requires ongoing awareness and daily application. Tasks range between daily and annual, but all are recurring.
  • Don’t just check “Yes” to every question in the SAQ. Due diligence protects your business and your customers.
  • Know your code, or use a developer that does. Implement best practices of deployment using staging and dev sites without exception.
  • Establish a secure password policy. Use complex, unique passwords and never allow your staff to share login credentials or use default passwords.
  • Enable two-factor authentication for all of your internal users, and consider providing it as an option for customers logging in to your site.
  • Use a web application firewall (WAF). At Hostdedi, we provide one for all clients and it’s enabled by default.
  • Don’t just take your hosting provider’s word for it. Confirm they’re PCI-compliant and competent by asking for (and getting) their Attestation of Compliance (AOC).
  • Keep your applications and extensions current to the latest stable release, and actively monitor for new threats and versions.

Beyond PCI

If PCI compliance were enough, breaches of high-profile organizations would be far less common. Compliant should not mean complacent.

In reality, PCI compliance is “Cardholder Data Security 101.” It is the minimum acceptable standard and a reasonable introduction, but PCI is far from infallible. Credit card companies require compliance. Merchants adhering to PCI standards will be more effective at protecting consumers than businesses that just pay them lip service, but PCI compliance is only the first step. 

The very nature of PCI — a large, curated document updated only periodically — makes it vulnerable. Standards deemed sufficient in the “current” version are often exposed as inadequate. It can take months or even years for PCI to “catch up,” and bad actors are well aware of its limitations.

The best protection is knowledge. At Hostdedi, we have team members that specialize in web security who stay well-versed in the newest threats, breaches, and countermeasures. Many merchants may be reluctant to enlist the services of a security expert. At the very least, we recommend subscribing to security notifications for your ecommerce application and following at least one credible web security news source. Both sources react much faster than the PCI, and following them will help you “spot the smoke” before it becomes a fire. 

We’re on the List!

Don’t forget, we’re “On the List” of PCI compliant providers officially recognized by the Visa Global Registry. That means we’ve shown a continued commitment to reviewing and improving our security policies to match and exceed PCI compliance requirements. If you’re looking for a PCI compliant provider, hosting with Hostdedi means you’re hosting with an approved and recognized provider. Learn more about the PCI compliant hosting with Hostdedi. 

For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.  

Source link

Magento Events in September 2019

Magento Events in September 2019

With Magento Live Europe just around the corner, we’re gearing up for one of the biggest Magento events of the year. Before we pack our bags and head to Europe though, there are a couple of other events that we’ve been excited about attending all year, and that you definitely shouldn’t miss out on. 

Since September is one of the busiest Magento event times of the year, we’ve brought together the events we’re planning to attend, so you can pick and mix based on where your favorite Magento hosting company are going to be. 

If you can’t make it, we’ll be publishing what we think the main Magento takeaways are from each event. So keep an eye on our blog post-event. 

What to Know Before You Go

Magento events have a lot of opportunities for merchants, developers, and everyone in between. In order to take the most away from these opportunities, it’s important to know what they are and where you’ll find them. 

Before launching into the events themselves, we want to make sure you know what you can expect from each of them. 

Sessions

All Magento events have sessions. They range from highly technical to more business orientated, and are probably your best source of information at a Magento event. 

Before attending, take a look at the event’s website to see what sessions they have in place and which really speak to you and your needs. Try to manage a timetable where you can take advantage of all three things on this list, but prioritize the most important sessions. After all, you’re probably attending a Magento event to learn.

Sponsors

Sponsors are a big part of the Magento community, and almost every event has at least a handful of them. They’re great to talk to because they can potentially provide you with some awesome ideas for how to improve your Magento store. 

They’re also a really good source for keeping a pulse on the Magento community. Most of the time they know what’s happening, who’s who, and what the latest developments have been. Why not go over and ask they about their Magento experiences, if nothing else. 

We’ll be sponsoring several of the events below and will have our own booth. Come and talk to the team to learn more about how we’re a cloud company that has been with Magento since the start and will continue to support Magento merchants no matter what. 

Networking Events

We know, after a long day of listening to sessions and speaking to sponsors, you probably just want to go home. But wait, there’s still more!

Networking events often take place around Magento events. They offer a good place to meet fellow merchants and developers, and continue that conversation with that one sponsor. 

We suggest making an appearance and talking to a handful of people, at least. The Magento community is really helpful and supportive of newcomers and existing faces alike. 

These events also tend to come with free food and drink as well!

 

Meet Magento New York will take place September 5-6

Meet Magento NYC 2019

September 5-6, 2019

https://meetmagento.nyc/

Why Attend?

Meet Magento New York is the only Meet Magento event in the US. It provides existing and new Magento merchants with a space for meeting and discussing developments in ecommerce. 

It’s also a great chance to meet some Magento sponsors, discuss best practices, and just become a part of the community. 

This year, our very own VP, Josh Ward, will be discussing what Magento 1 merchants can do after the End of Life in June 2020. We’ll take a look at what you need to be paying attention to, how it’s going to affect the Magento community, and why even Magento 2 merchants should be keeping an eye out.

Interested in catching up on what happened last year? Fill out this form for access to all of the videos and presentations from 2018.

 

Mage X Austin will take place September 13-14

Mage X Austin

September 13-14, 2019

https://www.magex.us/

Why Attend?

Mage X events are the place to be if you’re looking to learn more about the application that underlies your ecommerce solution. As a space of learning, Mage X events tend to offer diverse sessions on business and technical topics. You’ll walk away from this knowing a lot more about Magento than you did coming in. 

Don’t forget to take advantage of everything on show this year, including a focus on PWA and Headless. Learn more about what it means to code headless or PWA stores, and how they benefit a variety of business models. 

This year, our very own Magento Master, Miguel Balparda, will be leading a panel about Community Engineering. Here he’ll talk about what it means to be a maintainer, and how you can contribute to an Open Source project too. 

 

 

Meet Magento Poland will take place 16-17 September

Meet Magento Poland

September 16-17 , 2019

https://meetmagento.pl/en

Why Attend?

Meet Magento Poland has been going since 2012, and every year the number of attendees only grows.

Just like any other Meet Magento session, Poland offers a perfect opportunity to learn more about Magento and meet interesting people involved in creating the ecommerce platform. 

Make sure to join in with the Q&A sessions and ask any questions you have. Also don’t miss out on talking to the Magento representatives onsite. With over 600 attendees expected to be present, it may seem like a busy event but it’s also very personable. 

This year, we’re going to be attending, so keep your eyes out for Hostdedi team members walking the floor and joining you in the sessions. Don’t be shy, come and say hi!

 

Catch Us Around the World

Interested in knowing what events we’ll be attending in the future? Check out our events page and stay up to date. You can also catch us on social media, either through our Facebook, Twitter, or LinkedIn accounts. Keep an eye on our timelines and we’ll let you know when our next event is. 

Source link

WooCommerce Is The Ideal Solution For B2B Sales

WooCommerce Is The Ideal Solution For B2B Sales



WooCommerce has gained massive popularity in the B2C eCommerce market, but it is also an excellent choice for businesses that sell primarily to other businesses.
Compared to consumer eCommerce, B2B eCommerce developed along a different path because it was subject to different pressures. B2B buyers expect more interaction with salespeople, buyers spend more and more products are bought at the same time, and B2B buyers, especially in larger corporations, have requirements that consumers do not. In consequence, B2B eCommerce was slow to take off and was often built on “enterprise” eCommerce solutions with a hefty price tag.
But, in recent years, B2B sellers have adopted many of the lessons learned by their colleagues in the B2C space. Millennial buyers, when appointed to buying roles within their business, expect the same convenience and customer-focused approach from B2B as B2C. The rise of B2B eCommerce makes comparing and assessing suppliers easier than ever before. The double pressures of a fluid market and greater expectations have influenced B2B sellers to up their game.
As Michael Del Gigante puts it, “With so much of their bottom line on the line, B2B e-commerce companies need to start evolving their businesses by reorganizing their websites to serve their business clients as consumers.”

B2B with WooCommerce?

One of the ways B2B eCommerce users can adapt to B2C-shaped expectations is through the tools evolved to serve the needs of consumer-focused eCommerce businesses. Estimates vary, but about a quarter of the eCommerce sites on the web use WooCommerce, and, although primarily designed to serve the needs of B2C retailers, WooCommerce can easily be made into a powerful B2B sales platform.
But what does it take to turn WooCommerce into the ideal B2B eCommerce application? Not a lot. Out of the box, WooCommerce is secure, reliable, and battle-tested. It is capable of supporting many thousands of products and product variants. Its category and tag hierarchies allow for complex custom catalogs. It is free but so popular that support is widely available. If vendor support concerns cause hesitation with WooCommerce adoption, you needn’t worry. Many businesses exist to provide that support.

Bringing B2B Features To WooCommerce

WooCommerce lacks some features that are necessary for B2B and wholesale selling, but they are available as free or paid extensions. As a WordPress plugin, WooCommerce benefits from both WordPress’ massive plugin ecosystem and its own range of extensions.
Dynamic Pricing adds the ability to configure bulk discounts. It includes custom configurations for building finely graded pricing plans that can be applied according to volume purchased or to specific groups of buyers.
B2B sellers often need to restrict categories of products to groups of buyers. There are several WooCommerce extensions for restricting product access according to various criteria. With WooCommerce Protected Categories, sellers can password protect product groups according to category and lock-down product categories by role or user. The extension can be used to create private areas for individual clients and separate B2C and B2B or wholesale areas. The related WooCommerce Private Store can lock-down a store to create a members-only WooCommerce site.
WooCommerce, with the addition of a small number of plugins, is a robust and reliable B2B sales platform, capable of growing as your business grows and adapting to its changing needs.

Source link

The Best One Step Checkout Extensions for Magento 2

The Best One Step Checkout Extensions for Magento 2

Lengthy checkouts annoy your shoppers and send them to your competition. 

The default checkout page for Magento 2 fails to solve this problem. Fortunately, there’s plenty of extensions in the Magento 2 marketplace that attempt to fix this problem. However, sorting through the available candidates is no small task, so keep reading to help narrow the field.  

What Is One Step Checkout?

Optimizing the shop experience is the most reliable way to increase your conversion rate and prevent abandoned carts.

Properly executed, one step checkout removes the annoying hoops between your customer and the Place Order button. The name of the game is quick, easy, and painless.

An effective one step checkout extension limits the process to one page, and: 

  • Suggests a delivery address
  • Allows customers to add a comment 
  • Includes a field for coupon codes
  • Allows store owners to configure checkout fields
  • Supports varied payment methods
  • Provides clean address, shipping method, payment method, and order review sections 
  • Identifies the shopper’s IP address to expedite future checkouts
  • Optimizes the page for mobile
  • Provides checkout analytics and reports
  • Has a prominent Place Order button

Each of the Magento 2 checkout extensions provided in this article achieve the above. Let’s take a closer look at what each has to offer.

How We Narrowed the Field 

At time of publication, the Magento marketplace has 19-and-counting one step checkout extensions available. We’ve narrowed the field to five options that support the latest stable relase of Magento 2 Community Edition, which is currently version 2.3. This version was released in November 2018, and any extension still not compatible is arguably the victim of neglect by its developer.

If you’re sticking with Magento 1 despite it reaching official end of life in June 2020, here’s what you need to knowIf you’re running Magento 2, but not the latest version, we recommend that taking immediate action to patch your store. Unpatched software can degrade your store’s performance and expose your customers to significant security risks.

  When deciding whether or not to purchase support for any extension, remember that support also includes updates to that extension. Keeping your extensions updates is one of the most reliable ways to keep your safe and secure.

Cost: $299
Support: 3 months free, then 12 months for $120
Installation Service: Not available
Front-End Demo
Back-End Demo

Aheadworks front end demo image

Featuring a two-column design, Smart One Step fuels auto-address suggestions with GeoIP  and Google, and allows unregistered guests to make purchases.

If you’re looking to further expand functionality, Aheadworks offers other extensions for coupon code generation, gift cards, reward points, and store refunds. Between companies, extensions don’t always play nice with one another, but you can prevent some headaches as long as you don’t mind fully hitching your wagon to Aheadworks.

Installation service is unavailable, although Aheadworks provides a one-page installation guide.

Cost: $570
Support: 6 mos $105/12 mos $140
Installation Service: $85
Front End Demo
(Back End Demo Not Available at Time of Publication)

OneStepCheckOUT AS front end demo

With 150 reviews in the Marketplace for their Magento 1 extension, One Step Checkout AS has a well-established reputation in the community. This experience comes with a hefty price tag. In theory, however, a good extension will drive sales and provide value over and above the cost of acquiring it.

If you want the streamlined, barebones experience for your shoppers, you can certainly give it to them. The extension also offers CSS compatibility and fully embraces a modular approach to customization. 

If you’re planning to use multiple extensions, OneStepCheckOUT promises easy compatibility. If you’ve enlisted their support service, they also promise to help you integrate troublesome third-party extensions for no additional cost.  

Cost: $199
Support: 6 mos free/9 mos $180/12 mos $300
Installation Service: $99
Front End Demo
Back End Demo

Mage Delight One Step CHeckout Demo image

If you want one-step checkout but don’t necessarily need heavy customization, MageDelight’s One Step Checkout may be a reasonable choice. Customization is limited to field selection and interface color, which will be enough for owners just looking for consistency with their storefront. 

Options like coupon generation, refunds, and other features not already listed in the What is One Step Checkout section will require additional extensions. 

Purchase includes 6 months of free support. 

One Step Checkout by Templates Master (Swiss Up Labs)

Cost: $189
Support: 1 yr Free, then $588/yr
Installation Service: Free
Front End Demo (2-column)
(Back End Demo Not Available at Time of Publication)

Templates Master 1 step checkout demo

The purchase of One Step Checkout by Templates Master includes free installation, 1 year of support, and free integration of third party modules. However, the cost of support after that first year jumps to $588 annually.

As for layout, store admins have full control over checkout fields and can select one, two, or three columns. Four different checkout page skins are included, and it’s possible to customize your checkout page with JavaScript or HTML.

Cost: $299
Support: 3 months free with free lifetime updates/6 mos $79/12 mos $129
Installation Service: $59
Front End Demo
Back End Demo

Amasty 1 step checkout front end demo

One Step Checkout by Amasty has something to offer both layperson store admins and seasoned developers. The former can easily and quickly tweak layout, colors, and fonts. For users wanting more control, the extension provides CSS and LESS support.

Notably, this is the only offering on this list to provide free lifetime updates. 

Advanced options include gift options, header and footer promo information, delivery date and time, and others.

One Step Checkout Extensions At a Glance

Following is a summary of our findings at the time of publication. The policies, prices, or functionality of these products may have since changed. 

Source link