Venturing into E-commerce: A Starting Point

Your boss just tapped you to start selling the company’s products through its website, and your only experience with e-commerce is as an online shopper. Where do you begin?

The process requires careful thought and planning along with an understanding of what your needs, goals and resources are.

A good place to start is by deciding how you’re going to accept payments. Many other variables will fall into place depending on your choice at this point.

Basically your options fall into one of two categories: either you will process e-commerce payments in-house or you’ll outsource transactions to a third-party.

How do you know which one to choose? It all depends on how you wish to deal with security issues. Whether you’re a national retailer looking to build an e-commerce empire or a small brick-and-mortar shop that wants to sell a few products online, all e-commerce merchants must comply with Payment Card Industry – Data Security Standard (PCI-DSS) requirements.

Regardless of transaction volume, any merchant that processes, stores or transmits payment cardholder data is responsible for adhering to this set of regulations – and may face stiff penalties for non-compliance. (For a more in-depth look at PCI compliance, check out the PCI Toolbox on

Both options have their pros and cons.

Handling payments in-house means that you take on full responsibility for transmitting, storing and processing your customers’ payment information. In return, you retain full control of the payment process. You also avoid paying overhead on your transactions, which is part of letting a third-party handle payment processing for you. If your company expects a significant percentage of its revenues to come from online purchases; if it’s willing to accept the responsibility of compliance; and if it’s able to dedicate the resources to creating a secure, in-house processing system, this option is worth considering.

Alternatively, you could turn the responsibility over to a third-party: a hosted payment service that will transmit, store and process your customers’ payment information for you. In this scenario, when customers fill their online shopping carts and go to check out, they’re redirected to a third-party payment service that handles the transaction.

A hosted payment service takes on the responsibility of meeting PCI compliance standards to protect your customers’ payment information. In return, you pay for the service, often with a combination of annual fees and per-transaction fees. In addition, you also are handing control of your payments and your customer information over to another entity (so do your homework and choose wisely).

Sometimes merchants sign on with a hosted payment service and think “Ahh! Now I don’t have to worry about security for my online store!” Not so fast. While a third-party can help you meet the PCI compliance requirements for payment transactions, you still have to think about your site’s overall security beyond the e-commerce portion.

This leads into deciding how your online shop should be hosted. At this stage of this rapidly evolving field, it’s fair to say that e-commerce is best supported by managed hosting. A dedicated hosting solution generally offers the best choices for control and security in e-commerce applications. While it’s possible for a hybrid or cloud solution to work for e-commerce, these options add more complexities to the process. Most compliance requirements do not lean toward shared environments, and all of the cloud environments are generally shared in one way or another.

Cloud hosting is growing quickly because of its affordability and scalability; but opting for the more proven (though more expensive) security and support that managed hosting offers could save you money in the long run compared to the costs of recovering from a security compromise on your website.

A qualified managed hosting provider can provide resources that will contribute to your site’s overall security. The shopping cart software you select for your online store will also provide security measures.

Next time, we’ll take a look at some of the shopping cart options available for your online store. In the meantime, to learn more about adventures in e-commerce, check out our series of e-commerce articles.

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at


Please enter your comment!
Please enter your name here