Small Businesses and the Outsourcing of e-Commerce?

Zzzt asks: "I work at a very small advertising agency & production company, doing various electronic media projects, including small websites. In anticipation of our clients going elsewhere, my boss decided we should offer development services for commerce websites, complete with credit card transactions and the like. For those out there who have created these sites, is it worth it for a small company to take on such a project, considering maintanance, liability, and other issues that will come up? Or should we just outsource the whole thing? For a medium to low-end HTML programmer, are there pre-canned packages that will most of the work for me?"

Not to attack you in particular

[0x0d0a]

But I see more and more the trend towards businesses going toward the lowest bidder. That and the lack of certification of e-commerce service providers are, I predict, going to seriously inflate the degree of credit card number theft, as people slap databases and webservers on the same machine or trust the webserver, or improperly secure one or the other.

HTTPS is a joke for e-commerce. No one breaks into a router and sniffs for credit card numbers. They go after poorly secured databases of tens of thousands of numbers.

You're ready for this if...

[MegaHamsterX]

You're ready for this if....

Your willing to put your cc number on it, as well as your boss's, your mother's, a wealthy relative, all of your friends including the stock broker guy who survived the market.

Then post the URL on slashdot for security testing.

If you are confident your skills will prevent the compromise of the site, you're too inexperienced, but hey post that url anyhow.

I hate getting involved in this sort of work, there's just too much to go wrong and to secure it the way I prefer to costs more money than anyone is willing to spend.

Find a partner

[PinglePongle]

While most of the other posts have concentrated on the security aspects, the project management side of developing e-commerce sites is also a nightmare. Most projects I've worked on have caused either the customer to be unhappy because their (vague, unstated) expectations weren't met, or the supplier to be unhappy because their (inarticulate, overpriced) staff was working 80 hour weeks and they didn't get paid enough.

Developing in-house capability is hard - you need to have a bunch of expensive techies running around, someone to manage them and the client, and you get stuck with maintenance and support issues ("we're such a good client, could you not just change it for free ?").

I would look around for a local software development shop - ideally around the same size as you - and form a (more or less formal) partnership. If you have customers who want e-commerce capability, you bring the customer relationship, branding capabilities are and account management. The technical partner brings project management, technical skills and maintenance/support capacity.

That way, you are less likely to end up with unhappy customers - at least if you choose a decent partner - and you don't have to invest a lot of time, effort and money in an area you're not equiped to exceed in.

Read "eXtreme programming for web projects" to see some of the joy that awaits you - even if you do look for a partnership...