I need to host ecommerce websites: general advice needed.

[OM2]

I'm going to host ecommerce websites for a few customers.
I haven't done this before.

Are there any things that I need to watch out for?

I assume credit card processing is not a problem... since the paying of money will be done at the credit card company... i.e. like Worldpay.

How about storing customer data??
I would be looking to store only names, emails, address and other contact details.
(Not looking to store credit card information.)

How easy is it for others to steal data from databases?

I'm hosting my websites on shared hosting.
Is it safe to have ecommerce websites with customer data stored on shared hosting?

Is there ANYTHING else that I need to be concerned with??

Any feedback would be appreciated.

Thanks.


OM

[ASP-Hosting.ca]

I would not keep customer data in a shared hosting account.

[OM2]

why...?
if i have a database...
then surely the data is encrypted?

let me know.

thanks.

[ASP-Hosting.ca]

Because you do not control the server. You don't know what the security on this server is like, because somebody else is responsible for that. You have the responsibility to keep your customers data safe.

[Tech_32]

You would need to set up at least one secure.server.com so that your *shared hosting clients can access SSL through their carts.

Some payment gateway providers require SSL on the parent server (your server) before they will allow any gateway communication to take place between your server and theirs.

We are a small company and host many eCommerce enabled solutions. Secure Server Is A Must.

Once you've installed SSL (128bit) then you can run your shared hosting account carts through your cert.

You may also considere offering Dedicated IP Assignment so that your eCommerce enabled client can fly solo......each being responsible for their own security cert.

Either/or.......set up secure.yourserver.com first, before you do anything else.....you can then offer your ecommerce enabled clients SSL Shared if they want, for free, or for a monthly fee.....it's your call.

Keep in mind that you, offhandedly, won't have anything to do with your client sites.....it's up to them to protect their customer data.....if they are running shared cert through you, then you can about be sure that everything will be fine........

The only credit card info you need to concern yourself with is your own domain transactions. You will not be viewing your hosting clients customers credit card info at all in most cases...

[ASP-Hosting.ca]

I agree. Buy SSL for your domain and get dedicated IP address.

[5meodmt]

I'm going to host ecommerce websites for a few customers.
I haven't done this before.

Are there any things that I need to watch out for?

I assume credit card processing is not a problem... since the paying of money will be done at the credit card company... i.e. like Worldpay.

How about storing customer data??
I would be looking to store only names, emails, address and other contact details.
(Not looking to store credit card information.)

How easy is it for others to steal data from databases?

I'm hosting my websites on shared hosting.
Is it safe to have ecommerce websites with customer data stored on shared hosting?

Is there ANYTHING else that I need to be concerned with??

Any feedback would be appreciated.

Thanks.


OM

make sure u go for linux servers as u can do mod_rewrite on dynamic urls and make them search engine friendly

[chadking]

Dedicated IP is a solid first step.

SSL certificate is a must. Here are a couple places to get SSL's:

- GeoTrust
- VeriSign

I'm assuming that even though the server is a shared server, you actually have control over the whole thing? If this is so, and you are running you content on the server as well, make sure that your encryption system is setup correctly and you follow any steps it might require to encrypt the date routinely. I only say this, because some systems require additional steps to enrcypt the data after is received, and I've seen sever people not know this, or forget to do it, and leave customer data sitting unecrypted for a while.

If you're using a complete third party processor, such as WorldPay, they will take care of most of the hardwork. If your using an individual merchant account, or if one of your clients are, you'll need to follow any rules they set for transactions, records, and representation.

Here are a couple good sized places to get merchant accounts:
- E-OnlineData
- Wells Fargo
- Card Service International
- Many brick and mortar businesses already have merchant accounts they run their cards through, and many times the banks that issue these merchant accounts also provide online card processing options.

If someone anticipates using their own merchant account, they'll also need access to a secure gateway. The most recognized gateway online is Authorize.net

Beyond those basics, it will come down to what programs everyone is running, and how they interact with the processor or internet gateway. After you get the process down once, it will be easy to replicate. When dealing with sensitive data and customer relations, if you have a question it's best to err on the side of caution. If you have questions, keep asking until you get an answer.

Do that and you'll be in good shape.

Hope this helps!

Chad