Small Businesses and the Outsourcing of e-Commerce?

Zzzt asks: "I work at a very small advertising agency & production company, doing various electronic media projects, including small websites. In anticipation of our clients going elsewhere, my boss decided we should offer development services for commerce websites, complete with credit card transactions and the like. For those out there who have created these sites, is it worth it for a small company to take on such a project, considering maintanance, liability, and other issues that will come up? Or should we just outsource the whole thing? For a medium to low-end HTML programmer, are there pre-canned packages that will most of the work for me?"

Not to attack you in particular

[0x0d0a]

But I see more and more the trend towards businesses going toward the lowest bidder. That and the lack of certification of e-commerce service providers are, I predict, going to seriously inflate the degree of credit card number theft, as people slap databases and webservers on the same machine or trust the webserver, or improperly secure one or the other.

HTTPS is a joke for e-commerce. No one breaks into a router and sniffs for credit card numbers. They go after poorly secured databases of tens of thousands of numbers.

As someone who's done this...

[legLess]

...recently, I'd say outsource it. If you're not a programmer, you don't want to learn how to do it from scratch. The programming's the smallest part, though: dealing with the banks, cert vendors, hosts, etc. is a royal pain. Securing your system is the most important thing, and this is an area where you cannot skimp. Period.

Run the numbers, though. You should be able to hire someone with e-commerce experience specifically to implement this. You want someone who knows the space, how can pick a good off-the-shelf system and customize it for your clients, and who is security-conscious. As someone else in this thread said, HTTPS and certs are blue smoke and mirrors compared with unpatched or poorly-maintained servers.

Bring this up to your boss and see how much he *really* likes the idea. With the prospect of paying a new hire (or a contractor) to work on this, he'll either get more serious or less serious, both of which are good news for you.