I’ve added a new page on the site:

http://www.robertswebforge.com/payment_gateway_comparisons.php

which attempts to make it easier to figure out which payment provider to sign up with.  You need a provider to accept credit cards, and a gateway for online payments.  (Most offer both merchant and gateway accounts if you need them).

The fees charged vary, so I’m attempting to provide you a clear idea what you’ll be losing…err, paying each month from your sales.  It’s not 100% accurate, but should point you in the right direction.

I intend to add more providers to this list and update it as time allows – there  are a lot to choose from, but I will stick to the bigger ones that I trust.  I work with a lot of e-commerce sites, using various payment gateways, so I’ve heard the good, bad, and ugly about the process.

Hope this helps you in getting your e-commerce costs down!

There’s been a push over the past few years to move more and more applications “to the cloud”, and off of your desktop / laptop computer.  Google docs has been trying to convert MS Office users away from the traditional Word, Excel, etc. applications to use the online application.

The functionality is pretty good, and it’s neat to be able to store and share your documents online.  You can edit them from anywhere, right in your browser.   However, with all “cloud” applications, there is still the risk of downtime, as this article shows:

Google Docs Stumbles, Goes Down

I think google is trying to remedy this, but creating a hybrid approach, where you can store documents “offline” on your computer, and sync up with the online version.  This may be a solid approach that works in the long run.

However, it’s still a bit risky to store your documents online.  Security is another big issue.  If  someone hacks (that never happens, right?)  into the “cloud” where the documents are stored, your sensitive data could be at risk.  When so much data is centralized like that, it’s a huge target for hackers.  Also, since these platforms offer easy “sharing”, you need to be careful you don’t accidentally share a confidential document with the whole world.

In summary, I think Google Docs has its place, but for mission critical and confidential documents, I’m still sticking with local apps, and local storage.

If you are an online merchant, and you haven’t heard about PCI Compliance yet, you probably will soon.  Credit card companies are slowly pushing online retailers to tighten up their security to reduce fraud.

Maintaining PCI DSS compliance is a potentially a huge obstacle for online retailers.  This document provides some links to understand the basics of what you will need to do.  Essentially this requires two main steps: a questionnaire, and an external scan of your server.  Some scanning vendors are providing an “all in one” spot for you to handle both of these requirements.  We’re partnered with ControlScan, which provides this service for $249/ year.

Here are some links that will help you learn more about PCI compliance:

PCI FAQ: Click here – seems like most merchants will be level 4, which means you need to run quarterly scans from an “approved scanning vendor”.

Here’s a short blog post with video that explains PCI DSS.  It explains that this movement is largely to contain fraud, and stem losses being incurred by banks, businesses, and consumers.

Approved Scanning vendors: Click here

At this point it seems like few gateway providers are “pressuring” their merchants to be PCI compliant, which makes sense – the cost of becoming and maintaining compliance will cause many “hobby” merchants to pack it in, or move to a third party payment system (paypal, google, etc.), and cancel their merchant accounts altogether.  In the long term, I expect more hosting companies to offer and tout “PCI Compliant” server platforms.  Shopping cart vendors are also moving this way.  However, the burden will always be ultimately on the merchant to prove they are using a compliant setup, so I believe now is the time to get your site moving in that direction.

My recommendation at this point (if you are an online merchant) is to go through the process at least one time, to see how close you are to compliance.  Make changes based on the results to get as close as you reasonably can, then keep the documentation until your provider asks.  Then you’ll have a quicker path to pci compliance if you are required to be so.

When you use a public wi-fi hotspot, you need to realize that most of the data you are sending is going in “cleartext”.  This means there’s the potential for a hacker to grab some personal data, such as passwords, email messages, session keys (for websites you’ve logged into), etc.  With so many applications using the internet for communications these days, even if you are careful about using “https:” when checking email, or browsing, data can leak out.

One solution is to install a VPN on your computer.  This encrypts all data on your connection, and will prevent any theft.  One such VPN is http://openvpn.net/, (OpenVPN) which is free to use.

Once you set it up, all you need to do is connect to it after you get on the WI-FI hotspot network.  Then you do all your normal web activities as usual.

Here’s a nice site that will “grade” your website for search engine optimization:

http://websitegrader.com

For no cost, you can enter your website and get great report on areas your website can improve.  This site graded 44.  Plenty of room for improvement, eh?  Anyway, I don’t agree with everything on there, for instance, they mention things like keeping your domain renewal out at least 1 year.  Seems to be based on pure speculation that search engines will dock your site some points for having a domain that will expire soon.   Hmm..

Also, they mention the whole canonical host thing, which is basically how your site loads – with or without the www.  Some people put in redirects so that if someone loads www.robertswebforge.com it always goes to just robertswebforge.com.  The idea is that you don’t have 2 sites with the same content.  I think it’s pretty silly to think that google and bing would get “confused” into thinking they are two different sites with the same content.  It’s so common, I can’t believe they don’t make the connection.

Anyway, enough of that – go get your site graded, and start improving your SEO score!