Throw off the plague of PCI when choosing a website platform
September 10, 2012 - Best Practices・Security
We invited the E-business Coach, Patrick Pitman, to explore how niche merchants thrive amongst the Internet’s biggest retailers. FoxyCart enables anyone to easily, securely sell online, and we’ve found in Patrick someone who similarly champions ecommerce entrepreneurs. But given our tools, how do you compete and thrive? Here’s part 2 in an occasional series…
Publishing matters so much to the niche ecommerce merchant. I argued in a prior post that it’s the dog that ought wag the tail, not vice versa. But the necessity to “publish” can be frustrated by the cookie cutter constraints of many hosted ecommerce solutions. While merchants may attach a blog to their ecommerce website, it’s not enough for those who want to distinguish themselves in competitive markets.
Ecommerce decision-making in reverse
When choosing a platform, the priorities can be hard to balance: on the one hand the desire to woo the customer with great story-telling, to cast a spell of fascination about the brand / product / experience / target audience; on the other hand, the more mechanical task of sorting among products and ordering online. Which comes first? Which matters more?
Publishing stories does come first — if you embrace the uniqueness of being a niche merchant and want to get beyond shouting ‘sale’. Romance the customer, then get their card number, in that order! But do we choose ecommerce platforms with that order in mind? Often no.
There’s any number of ways to romance customers, and I teach a strategy of stories-not-discounts. But your capacity to follow through on a vision of story-oriented, discount-minimizing, niche-celebrating ecommerce will hinge on the platform that powers your website.
The plague of PCI when choosing platforms
Is it PCI compliant? is a question that matters to any merchant. But it’s a question that ought come later, running down the checklist of must-have features that concern the mechanics of order collection. The PCI preoccupation becomes almost a plague upon the planning process for ecommerce websites. Let me explain.
In recent years, whether a platform is PCI compliant became a central question that would drive selection of hosting vendors. It forced a lot of consolidation among ecommerce merchants into big, hosted, software-as-a-service ecommerce vendors like Volusion or BigCommerce that had the momentum to get PCI certified and essentially take the load off the individual merchant’s compliance burden. Okay, fine. I’m all for securing sensitive data; it’s ultimately positive to upgrade all of those “iffy” carts that were languishing on unsecured shared hosting plans from the early ’00’s. So that’s progress, in a sense. But what has this PCI-oriented progress resulted in that benefits the niche ecommerce merchant, the one who must distinguish his or her product selection from the Big Box store online?
VISA may be feeling better seeing this platform consolidation / standardization, but it’s not been a great outcome for many merchants who must distinguish themselves through great story-telling. That can be harder now. Today there are a million ecommerce stores running the standard category and product template pages that come with these pre-packaged, hosted cart solutions. Granted, designers’ ability to customize with CSS has shown improvements, but it’s still shopping ‘inside the box’ — the same box out of which every other niche retail merchant is operating!
Don’t worry, we’re search engine friendly!
And neither is it a sufficiently search engine optimized shopping box — despite what vendors of hosted shopping cart solutions will tell you. The code can be “friendly” to robots spidering by, but that’s a quarter of the game. SEO is ultimately about content. It’s about popular (link / share worthy), informative (descriptive in multiple media formats) content. So do you have an accessible content management sytem to help you a) distinguish yourself by fascinating customers and b) cast a spell over search engines? Probably not if you’re stock in the “all-in-1 hosted ecommerce solution” box. One PCI compliant merchant I know struggles to feed new content into his site through a tangled web of spreadsheets linked by ID’s. To top it off, uploads and downloads of this content need pass through a GPG encryption filter. Overheard: okay, now where’s that darn public private key pair so I can update the FAQ’s? It’s not pretty. It’s a major chore. Publishing frequency and presentation suffer. But he’s got that PCI thing checked off…
The problem in this instance is the control grid of PCI has been overlaid upon a content publishing scheme and the content suffers as the people who must work within it are ground down by procedures to govern sensitive data. This is not progress.
Stuck in the box
The end result of these trends is that too many ecommerce merchants are selling undifferentiated stuff out of similar (but secure!) boxes, hoping for better search rankings but more often just paying for more Google AdWords. Is it any wonder that many shopping cart solutions offer you a free $100 on Google AdWords when you sign-up? It’s a clue, I say. It’s a clue to where you’ll be spending more. Count on it for traffic to your non-SEO, PCI-compliant, cookie-cutter storefront showing the predictable grid of thumbnail photos. VISA and Google are fine with this arrangement, I’d imagine. Are you? I’m telling you this isn’t a recipe for thriving, Mr. or Ms. ecommerce merchant. It’s a “me, too” game that can lead to discouragement if you’re not really hustling and optimizing and busting your chops. I know there are success stories, but it can be a grind to differentiate and thrive under such constraints. I’m for less grind, more thriving.
Forget about keeping up with Amazon.com
I remember years ago when merchants would ask me to emulate features on Amazon.com, as if that set the standard for shopping usability and functionality (2004?). Granted, in ways it did, and still does. But I also remember the refreshing observation of one merchant who finally concluded (2008?) that if Amazon was doing it, that might be reason enough to do something different. Yes. Yes, because what, in the end, distinguishes your product selection from Amazon’s? For your sake, for the sake of avoiding a discount death spiral, for the sake of more thriving small business owners, I’d hope there’s more to distinguish your catalog than price and selection. The latest feature from BigCommerce, playing catchup to Amazon, isn’t really going to move the needle for you… So what can you do? How can you differentiate yourself?
My choice of content management systems
I’ve compared ecommerce to being more like a ‘novel’ than an ad, saying it’s a long-form medium. But with video and photography and jQuery magic, plus the promise of HTML5, the ‘novel’ comparison just doesn’t do justice to the potential to entertain and amaze shoppers. Pair inspired story-telling with the multi-media, search-engine friendly options available today in the best content management systems — then you’re onto something! Then you’ve got the beginnings of a recipe to thrive.
The possibilities open up before you when you’re building a site on a world-class, flexible content management platform. Which one you choose ought be determined by your ambition and vision and resources, but the choice ought be yours. Then, yes, attend to PCI, too.
At the moment, I’m running an experiment for a luxury brand. We’re going to push WordPress to the limit (big media, responsive design, tablet & mobile friendly) while testing a catalog plugin that plays nice with FoxyCart. We’ll see how it goes, and I’ll be measuring everything come Christmastime. But I know already that the SEO-friendly spell we’re going to cast over customers, romancing them to a fan frenzy, won’t be limited by my PCI compliant cart platform. That’s because for my experiment I’ve got FoxyCart in my back pocket, doing its mighty job out of the way, but there when I need it: cha-ching!