Ecommerce

• What is Miva?
• I want to sell things from my site. What do I need?
• How do I use the shared SSL certificate?
• How do I install my own SSL certificate?
• I need payment processing from my website. I hear horror stories. Does PayPal really suck?

I want to sell things from my site. What do I need?
That's a complex topic. You should email me directly to discuss your circumstances.

But in the meantime, I have notes from a presentation to the Philadelphia Area Computer Society in April 2004. You can browse through them to begin to get an idea of the decisions to be made.

Do-It-Yourself Ecommerce Tools
http://gryphynmedia.com/pacs/

How do I use the shared SSL certificate?
SOME of the servers have shared SSL certificates on them, including Catfish, Octopus, and Sterling. Those shared certificates are harder to get than previously, so we may not be able to offer them indefinately. If you need secure pages, the cost of getting your own certificate is fairly low: $36/year for a static IP plus $30/year for the cert.

A shared SSL certificate is not a free SSL cert of your own, so you will not see it installed on your own cpanel for a particular domain. It is installed for access by any user on the server.

Shared certificate on Catfish:
secure23.dnsvelocity.com

On Octopus:
secure12.dnsvelocity.com

On Sterling:
secure9.gryphynmedia.com

Champion and Crown: not yet available

If you have a dedicated server, you MUST buy your own cert to be installed.

This is how you would reach a page securely:
https://secure##.dnsvelocity.com/~username/pagename

This is how you would reach your site securely:
https://secure##.dnsvelocity.com/~username/

The "username" is the username we sent you in your welcome email for your hosting account, the one you use to log into the control panel or FTP.

So, let's say you load up an order form called checkout.html on a domain hosted on Catfish... you would call it securely this way:

https://secure23.dnsvelocity.com/~username/checkout.html

If you just need to process a form securely, or collect some confidential info, this shared certificate is fine. If you need to run your own shopping cart, I would invest in your own certificate registered to your own site, so customers are not concerned that they are being misdirected. Open a helpdesk ticket to ask for help and pricing for SSL certificates.

How do I install my own SSL certificate?
We install them for you... no charge.

STEP 1: You will need a dedicated IP address for the account. Contact us if you did not already buy one for your domain.

STEP 2: We will generate a Certificate Signing Request (CSR)for you. Send us this information (cut and paste the questions into an email):

- Email Address for Cert (e-mail address where the CSR will be sent)
- Domain of account for the SSL (domain.com)
- Country (2 letter Abbreviation, i.e. US = United States)
- State (State where Company is Located)
- City (City where Company is Located)
- Company Name
- Company Division
- Email (Company Generic E-mail Address)
- Password (Alpha Numeric Password for the Certificate)

A Private Key and CSR will be generated for you and sent... then you are ready to purchase the SSL from any vendor you choose.

Your Vendor will want the Key and CSR information that you received in your E-mail. They will also ask you about the “Web Server Type.” MAKE SURE YOU CHOOSE APACHE + MOD SSL.

STEP 3: Once this is done you will receive the certificate from the Vendor... send it to us and we will install the SSL Certificate. You should then be able to access the SSL via the domain name at https://www.yourdomain.com.

I need payment processing from my website. I hear horror stories. Does PayPal really suck?
I don't have a "sucks" story about Paypal. I have been using PayPal since they went into business in 1998. I get good service, I get good value, and I feel confident about data security.

To put things in perspective, I have also read horror stories about nearly every other payment processor, third party processor, gateway, and merchant bank. I have had far more trouble with banks than with PayPal. One bank let me be charged every year for fraudulent magazine subscriptions I did not approve. Every year, I would file a chargeback and they would say it was blocked... until the next round. I even changed credit card numbers without stopping it. I finally had to close the bank account entirely. The bank seemed completely helpless to deal with the issue. They just threw up their hands and said, "Oh well, that's the internet."

To compare, I also once had a merchant account, that I paid a terrible amount to set up. They heldback 15% of my money every month against chargebacks; it took 60 days to get my first payout; they charged me a fee to send a check; they charged a fee to give me a report of my account; and they provided no account services to help me fight car fraud. And they charged a higher transaction fee and discount rate than PayPal.

PayPal has no set-up fees, low transaction rates, lots of fraud prevention, instant cash availability with a debit card, and loads of fraud prevention activity. They have even let me carry a negative balance occasionally, with NO penalty or fee... a bank would never do that. Once instance was years ago, when a charge had to be reversed because the card was stolen, leaving me $500 in the negative. They did not freeze my account... they let me continue to accept payments until the balance came back up. A bank would have frozen my account until I repaid the negative balance from some other source.

I have the direct phone number of a PayPal Small Business advisior who was assigned to me, and an 800 number on the back of my debit card, which I have used with success. I have always been able to get phone help when I needed it, and they have been cooperative when I have had trouble with vendors charging me incorrectly. I did have two incidents where I was paid with a stolen credit card, but I was not blamed for that, and PayPal helped resolve the problems.

I have NEVER heard of a PayPal data security breach. On the other hand, CardService International, a huge processor, had a huge breach last year that exposed millions of cardholders.

I believe that many people who have trouble with PayPal often play a role in the trouble themselves. Often, they seem not to have understood what they signed up for, and don't understand how it is different from a bank. Or they are victimized by a phishing scheme, and blame the crime on PayPal. Large banks also have phishing and identity theft victims that lose money, credit, and are terribly impacted. If PayPal were truly fundamentally flawed, it would have fewer users. By far, the vast majority of users do not have serious trouble.

PayPal did lose a lawsuit about how it handles account closures, and had to give a dollar to a lot of account holders, and a larger amount to a small number of account holders. They have revised their policies regarding account closure, to more closely align with banking law. They are in a weird place that is bank-like and yet not a bank. PayPal is unique, built entirely around the Internet.

By far, the biggest problem I have had with PayPal is with other users who don't know what they are doing. They sign up for the service and don't keep track of the user/pass info, or they let the email address lapse and don't even recall what it was. They infrequently use it, so they forget they have it, and are baffled when we try to open a new account and PayPal says, "You already have an account... just log in." Or it turns out that their spouse/partner/child/employee opened an account with their CC, and they have no access to the account, nor can they remove the CC without access to the account.

But, Paypal does let merchants collect CC payments without signing up for an account, via invoices we send out, or via website payments. They also have NEW options, Web Payment Pro and the Virtual Terminal, that allow you to collect CC payments online without ANY reference to Paypal, even if the person's CC is registered to a PayPal account. I have been using the Virtual Terminal, which allows me to take CC payments by phone, fax, or live anywhere I have Internet access. It's $20 a month, and has been worth it for me. Transactions deposit the payments right into my PayPal account. Clients don't know who processed the card payment, any more than they know who processed their payment at a restaurant or store. My business name appears on their bank statement. I don't keep CC info, and so I do not have to worry about data liability.

Tips for success:

-- Don't leave large amounts of money in your Paypal account. Spend it down, take it out via debit card, or transfer it to your bank account. Nothing bad can happen to money that is not there. Paypal is not a savings account.

--Don't attach your PayPal account to a bank account with a huge balance. I attach mine to a small account with a debit card. That way, if something bad happens, I have limited the impact. You can easily find a free checking account, even a free business bank account.

--Never clink on a link to Paypal in an email or on a website. Always type the address in your browser, or use your own bookmark. I don't save the password on my computer, and my password is different from anything else I use. Yes, there is a high level of phishing targeting PayPal users, but it is not hard to avoid it.

--Pay attention to your account records. Watch for mistakes and overcharges. I had trouble with GoDaddy double-charging me for a while, and PayPal helped solve it.

--People selling merchandise from shopping carts are much more at risk for fraud than consultants and other service providers accepting payments from clients.

--Immediately apply for the free Mastercard debit card, so you can use it to pay from your PayPal account in stores and online where CCs can be used. I pay almost all of my business and personal bills and vendors online, from car insurance to datacenters. Using the debit card has even gotten me business from store owners seeing 'PayPal" on my card and asking what I do. There are eBay users everywhere, and they recognize it.