Small Businesses and the Outsourcing of e-Commerce?

Zzzt asks: "I work at a very small advertising agency & production company, doing various electronic media projects, including small websites. In anticipation of our clients going elsewhere, my boss decided we should offer development services for commerce websites, complete with credit card transactions and the like. For those out there who have created these sites, is it worth it for a small company to take on such a project, considering maintanance, liability, and other issues that will come up? Or should we just outsource the whole thing? For a medium to low-end HTML programmer, are there pre-canned packages that will most of the work for me?"

Not to attack you in particular

[0x0d0a]

But I see more and more the trend towards businesses going toward the lowest bidder. That and the lack of certification of e-commerce service providers are, I predict, going to seriously inflate the degree of credit card number theft, as people slap databases and webservers on the same machine or trust the webserver, or improperly secure one or the other.

HTTPS is a joke for e-commerce. No one breaks into a router and sniffs for credit card numbers. They go after poorly secured databases of tens of thousands of numbers.

Outsource billing only

[nandix]

my advise would be to outsource the billing process only. it wouldn't be profitable for your company to set up
a billing gateway, so go for one of the many alternatives out there (authorize.net, fraudless.com, trustcommerce.com, et al).
as for the rest of the e-commerce development (shopping cart, tracking requests, etc), i've used osCommerce (oscommerce.com) with sucess. AFAIK, it's the most complete open source e-commerce suite out there, very well written (it's php code), and easy to extend (you can write your
specific modules for billing, shipping, etc).

has both a public part (called the 'catalog') and an admin interface for the
merchant (this one allows tracking of users, orders, products, etc).

check out the oscdox.com site for documentation
on installing and customizing the package

(note: i'm not related to them in any way, i'm just a satisfied programmer:)

happy hacking

As someone who's done this...

[legLess]

...recently, I'd say outsource it. If you're not a programmer, you don't want to learn how to do it from scratch. The programming's the smallest part, though: dealing with the banks, cert vendors, hosts, etc. is a royal pain. Securing your system is the most important thing, and this is an area where you cannot skimp. Period.

Run the numbers, though. You should be able to hire someone with e-commerce experience specifically to implement this. You want someone who knows the space, how can pick a good off-the-shelf system and customize it for your clients, and who is security-conscious. As someone else in this thread said, HTTPS and certs are blue smoke and mirrors compared with unpatched or poorly-maintained servers.

Bring this up to your boss and see how much he *really* likes the idea. With the prospect of paying a new hire (or a contractor) to work on this, he'll either get more serious or less serious, both of which are good news for you.

osCommerce looks great!

[Futurepower(R)]

osCommerce looks great! This is what the world needs, in my opinion, a standard method, so people don't have to invent their own. This is the first time I've seen it, so thank you nandix and Slashdot.

However, the osCommerce documentation and source sites are disorganized enough that it seems like osCommerce is not ready for wide use. For example, the documentation project site calls the software by a different name than the software site: OSCommerce vs. osCommerce.

OSCommerce 2.2CVS Documentation

OSCommerce 2.2CVS Pretend product catalog

Short description: About osCommerce

830 sites use osCommerce, and are registered.

Find a partner

[PinglePongle]

While most of the other posts have concentrated on the security aspects, the project management side of developing e-commerce sites is also a nightmare. Most projects I've worked on have caused either the customer to be unhappy because their (vague, unstated) expectations weren't met, or the supplier to be unhappy because their (inarticulate, overpriced) staff was working 80 hour weeks and they didn't get paid enough.

Developing in-house capability is hard - you need to have a bunch of expensive techies running around, someone to manage them and the client, and you get stuck with maintenance and support issues ("we're such a good client, could you not just change it for free ?").

I would look around for a local software development shop - ideally around the same size as you - and form a (more or less formal) partnership. If you have customers who want e-commerce capability, you bring the customer relationship, branding capabilities are and account management. The technical partner brings project management, technical skills and maintenance/support capacity.

That way, you are less likely to end up with unhappy customers - at least if you choose a decent partner - and you don't have to invest a lot of time, effort and money in an area you're not equiped to exceed in.

Read "eXtreme programming for web projects" to see some of the joy that awaits you - even if you do look for a partnership...