If you build it they might come, but will they buy?
Running an e-commerce website is just as complicated as running your regular retail store. As you build your e-commerce site you should always figure out the best solution before just settling on whatever your programmer or consultant tells you.
When it comes to actual selling, you have simple options like BuyNow buttons from PayPal or Google, or various types of payment systems that will manage your shopping cart and the credit card processing. Having your own shopping cart on your website with your own merchant account and credit card payment system is the most difficult option to set up, but it's also the most flexible and the only real solution if you expect to seriously grow your business.
With your own shopping cart you can customize it to look like your website and include features that will help to grow your business. For example, you could tie in your wish list software to the cart, and you could track when people abandon their shopping carts.
You could also program in special types of discount codes or promotional offers that can detect when groups of items are in the shopping cart. For example, give someone overnight free shipping if they purchase 3 specific items, and only those 3 specific items.
Along with enhanced functionality you also have the headaches. Those include security and software upgrades.
Once you start capturing credit cards online, you will be required to perform regular security checks on your website. Your bank and the credit card processing company will require security reports to make sure the website cannot be hacked. Most independent retail jewelry websites will only need quarterly security testing on their e-commerce site.
This security testing is required to insure that your website will not inadvertently be the source of identity theft. Website testing is one small part of a larger security plan known as PCI Compliance. In reality all businesses in this digital age should have a PCI Compliance security plan in place, but your bank only enforces it on you when you set up an e-commerce website.
To become compliant you will have to hire an outside company that will attempt to hack into your website. They have to be certified in that type of testing. You can do a Google search for "pci compliance testing" to find company to do this for you. You will have to pay the security company monthly for this "scanning" service. They don't actually call the service "hacking" because they really are just snooping around your website looking for vulnerabilities. They won't actually hack you but they certainly have the skills to do it.
As I said, security on your website is only one small part of compliance. Once you get into this you will have to answer a self-assessment questionnaire that will probably frustrate you a lot. Here are just 4 small things that PCI compliance requires you to do:
1. Maintain a secure firewall in your store.
2. Maintain a secure wifi in your store if you have it.
3. Limit customer financial information only to employees who need access to it, i.e. you or your bookkeeper only.
4. Maintain secure passwords. Hint here: if your password is "diamond" or "diamond1" then you better go change that right now!
There's no way to avoid PCI Compliance if you want to run an e-commerce site. There's also no way to avoid paying for the security scanning service.
When you do finally set up the security scanning you should also put a badge on your website that shows the last time you were scanned and that you are secure. This badge will show the customer that you care about their personal information and some reports say it will help them decide to buy.