Comments on: 10 Steps to Magento Ecommerce on a (small) Budget http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/ Notes on Web Development Wed, 23 Dec 2020 09:25:05 +0000 hourly 1 https://wordpress.org/?v=4.8.15 By: Dave http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-9966 Thu, 04 Apr 2013 13:08:52 +0000 http://www.aschroder.com/?p=1074#comment-9966 I tend to agree with Dave. An E-commerce shop for under $1,000 will rarely get you the outcome you want. Not to mention, step 10 is misleading. There is a monthly and up-front cost to Payment Gateways. Payment providers require payment, as do tax providers. Payment gateways like Chase Paymentech and Authorize charge a flat fee per month, as do various tax providers like Avalara, etc. You also didn’t mention tax providers. Magento does have this built into their platform, but it’s still something to consider. Also step 11, Adwords, there is a cost here as well. Say you’re buying $300 worth of words per month, that’s $3,600 annually. Anything less than $200-$300 won’t get you anything. So you’re nice little price tag has now risen from an unrealistic amount of $1,000 to well over $5k. The article is well written but sets the wrong tone for anyone starting out.

]]>
By: GilCatt http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-9730 Sat, 02 Mar 2013 16:23:41 +0000 http://www.aschroder.com/?p=1074#comment-9730 I approve this article 🙂 Yes setting up an ecommerce shop can be done for less than $1 000.
And in less than a day, should I add.

What I wanted to say is that I actually had some fun proving a friend that I could set-up an e-commerce site for free in one single day. Not with Magento, though.
We’re talking about WordPress – I know what you think, but wait a minute: Magento is very badly coded, right?
Probably the most anarchical, undocumented, vaguely object oriented, piece of software ever developped: Frankensteincode.
Done with great marketing sense, I must admit.

Back to our common desire to build a working ecommerce website for – way – less than $1 000.
WordPress has come a long way from the super simple blog solution that made its reputation to becoming the most popular full blown open source CMS on this planet. Joomla is dead, Drupal is still doing fine.
At least with WordPress there is a real community of tens of thousands of developers, and the biggest open source community in the world.
The code is definitely better. And so are performances – admittedly not mind blowing out of the box, but still …. And the desired features are now there.

Check the free WooCommerce plugin, for instance – there are many others but this one isn’t half baked.
All you need is there, from catalog to cart to checkout to shipping to user management, follow-up marketing, gifts, vouchers, coupons…dozens of gateways and scores of plugins ( which usually are compatible, unlike many Magento extensions, and much much less expensive).
Very little coding is required, and none if you buy a proper theme – and these are definitely sexier than Magento’s as it is one of WordPress’ strong points.

And… it works.
And yes it is less buggy than Magento.
And yes it is faster.
You may not benefit from advanced, top heavy, third party integration tools, things like that, right..No SAP, no Salesforce and so on. (Even though you could, in theory, developping proper connectors are always a possibility since the code is open.)
But a full blown CRM suite or a warehouse management tool is not needed by 95% of ecommerce websites anyway.

The same set of features would require you to shell out more than $ 10 000 with Magento, as some are only available with their Enterprise edition.
And such ecommerce functionalities integrate very nicely with WordPress as a CMS, if you want a blog with your ecommerce shop. Which can’t be said about Magento, horrendous to use as a CMS.

For a small shop selling hand made potteries, that would be a perfect fit.
Without a doubt better than Magento, which I am afraid would be rather oversized for the task, if you ask me.

I would not recommend the use of WordPress to handle a large ecommerce site, but let’s say that for 95% of ecommerce websites (you know the stats, those making less than $1 M/year), it is quite sufficient to start with.

]]>
By: Vic http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-2116 Mon, 31 Jan 2011 20:46:55 +0000 http://www.aschroder.com/?p=1074#comment-2116 I agree: PCI compliance is a bunch of baloney. Ask yourself this question: If my store is compliant with the credit card industry then if something goes wary then the credit card company (who forced their compliance) should be responsible for the damages. Right? That will never happen. PCI is just a way to increase revenue streams across the board (c/c companies, banks, hosting providers, lawyers, etc). PCI seems to be intended to make doing business online safer but instead may be a destabilizing blow the ecommerce industry; especially for the small business owner.

]]>
By: rob http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1873 Sun, 19 Sep 2010 20:22:05 +0000 http://www.aschroder.com/?p=1074#comment-1873 Dave, you do protest too much and its not hard to guess why.
 
If someone has landed on these pages (nice remodeling by the way), and found this article they are showing definite signs of considering a DIY attempt. This article gives the confidence to do it – and reminds me I have built my store in a similar way but have failed to put it live – whilst messing with bells and whistles. Shame on me.
 
Typically small businesses even the best bricks and mortar independent retail stores start small and are bootstrapped not funded by venture capital. Often the money has to be spent on overheads and stock.
 
Great article, for people willing to have a go, and showing that you have options. It would be great to add in more steps on: Froogle which can be good for free traffic; links to SEO optimisation tips such as yoast; alternative transaction plugins, as some will already have a Visa merchant account; and finally advice about hosting, as a Brit I am always weary of the impact on SEO of hosting abroad.

 Remember it always feels good to pick up a paintbrush even if you can get a decorator’s quote.
 
Well done Ashley.

]]>
By: dave http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1836 Fri, 10 Sep 2010 15:41:08 +0000 http://www.aschroder.com/?p=1074#comment-1836 I find this to be a misleading article, as it sits on a very, VERY big set of assumptions; that you have the know-how and skill to perform all of the outline steps. If you dont have the skills required, you are going to need MASSIVE amounts of time to get them. I believe you get what you pay for, and under such instructions above, I believe you have a recipe for total disaster for somebody who has no idea about the technologies involved.

The bigger question needs to be mentioned with this article to be responsible and that is:

Should you as a business follow these instructions?

If I need a brain surgeon today to remove a cranial growth I dont pull out a “do-it-yourself” book.
There is waay too many books to read to perform the surgery correctly in the time required.
But I am sure the tools are cheap, and the total procedure is done in under 40 minutes.
I am not sure where to make the incision exactly (a minor detail), I will just cut somewhere and see what happens.

However credit is due:
Can you build a Magento online shop for less than $25000?
Yes. (I mean – hell- a plastic scapel costs 95 cents – what a bargain!)

So, should you?
Just ask yourself what is at stake for you and your business and the answer is simple.
If you are not certain, ask a surgeon if you should be performing dangerous self-surgery when you do not have the skill and know-how to do so. Take the surgeon’s answer. It will be the right one.

I wouldn’t recommend any business to “do it on the cheap”, I would recommend they seek immediate financial advice/help if they even look at business in such a way. They obviously have bigger problems. If you think cheap, you end up getting paid like you think.

Many businesses have problems stepping into ecommerce not because of the price tag per se.
It is because they do not have the skill, know-how and resources to do so. A shop that expects yearly 5+ digit incomes* do not worry about 5 digit start up costs, because you make it back in the first years. Those start-up costs should turn into a drop in the ocean after 5-10 years if your business is still around. If you are earning less than 5 digits per year from your enterprise, dont give up your day job. Re-think your business plan. (* western world figures)

Business is a risk. If you can’t risk, don’t do business.
If you do risk, try and minimize that risk by weighing up the pros and cons of endeavours to form workable/profitable solutions.

Access to digital tools have opened the gates to “amateur hour” and have changed the economic landscape, but good business sense has not changed for millenia, though it seems it is just harder to find it in the cacophony of progress.

I recently use Magento as a solution for some businesses to sell online, it is great, but I have been doing IT and business for 14 years, I put that experience behind my work. Though some businesses don’t need Magento to make money online, when only a small single page website with an address and telephone number would do the same job. With 14 years of experience I can still tell clients that sometimes, simple is better. They pay me $$$ to hear that, and I know *when* to say it.

Knowing *which* tool to use when and how to use it, is why clients should pay you $$$. They don’t pay you for the tool, the SSL cert, the PCI compliancy, Magento, OSCommerce, XHTML, CSS, JS, OOP, PHP, SMTP, jQuery, Flash, Adwords, Zend, Varien, Apache, MySQL, DNS,Google, PayPAL, CVV, encryption, public-keys…. blah, blah, blah.. (I could rattle off hundreds of IT invented constructs) these are meaningless words to your clients at the end of the day, even though it is your responsibility to know them… they pay you for the outcome of the tool, proportional to the success they will have with it. The bigger the potential for success and with greater complexity of implementation, the more they should be paying.

At the end of the day a person who offers ecommerce solutions is just selling a mechanism for success for the customer. If your customer succeeds you will succeed as well, and you have done your job.

If you think the $25000 price tag is for the Magento implementation only, you have been coding waaaaaay too long. Get some sunshine, and think about how you can do better business for your clients and yourself.

They will pay you much more if you can show them how they will succeed. 😉

my 2c.
Dave.

BTW if you are a kid selling lemonade on the side of the street and you have *NO* idea about internet technologies, let me know when you have made your first Magento install and I can buy some online. I am thirsty after this post. 🙂

]]>
By: J.T. http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1833 Fri, 10 Sep 2010 09:18:16 +0000 http://www.aschroder.com/?p=1074#comment-1833 Just to bang on about the topic ad nauseam…

I think it can be summarised as following.

If you use PayPal-like payment processors where you and your website/server never get to see/process/store/handle card details, you still need to be PCI compliant by completing (in most cases) SAQ A. Because if you weren’t going to claim compliance, how else would they have a record of how you claim to process card details? It’s an attestation of compliance they need whether you process cards OR NOT.

If you don’t process/handle/store cards, they still need to know.

]]>
By: J.T. http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1826 Thu, 09 Sep 2010 10:25:56 +0000 http://www.aschroder.com/?p=1074#comment-1826 I’m also in favour of SSL for any login page. No matter which payment processor you use. For the little money it’s a big gain IMO, though potentially tricky to set up for non-techs.

And yes, your eBay example make PCI even more complex. You could argue you are still a merchant and your success or even failure of trading still evolves around people being able to pay by card. So if a lawyer were to find it fun to examine the depths of PCI DSS legal spiel, I’m pretty sure he’d find that even those need to be compliant. Remember the goal. Protecting card data. ‘They’ don’t care how you sell. As long as you are uber careful with card data. So it makes sense that they’d want everybody who sells stuff to be aware of the basics. Eg SAQ A. Because that still helps John Doe newbie eBayer to think about passwords, virus scanners and wifi security.

But indeed, it’s not clear. But if you have a website and a business, PCI is part and parcel. If yuo don’t have a website and use eBay and don’t have a business because you sell the books from your loft-clear-out, then who knows, you may be exempt from PCI. But still have an netizen obligation to know about security.

]]>
By: Ashley http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1823 Wed, 08 Sep 2010 21:20:15 +0000 http://www.aschroder.com/?p=1074#comment-1823 @loopion – Don’t get me wrong, this list totally ignores your own time as the person setting up the store on purpose. If your time is valuable, like a $5k/day heart surgeon, I wouldn’t advise tinkering with your own Magento store on your nights and weekends – just hire someone to do it. Likewise if you have a big business that’s already making lots of sales offline. But if you’re a small business that can’t afford the big upfront of an agency, then what I’m saying here is that it can be done on the cheap, if you’re prepared to work at it.

Regarding SSL – if you are using hosted payment options, you’ll probably not need SSL for any actual security reasons. You’re right though, in that some customers might feel safer if you add some SSL ‘flair’ to your site footer. I think people refer to them as ‘trust badges’?

@J.T. – I can’t argue with that! It’s a bit of an interesting situation though. What if I sell my old fishing rod on ebay – where the customer pays *me* with a credit card via paypal – would I need PCI for that? What if I import and sell 1000 fishing rods via ebay? Or what if I sell my old books on Amazon, and then affiliate link to the Amazon listings on my blog? Are these situations any different in the eyes of the PCI-club than a merchant using Paypal or Amazon Payments? If so, why? It’s all very confusing to me – but it seems I need to fill out some SAQ forms – right after I fix this Google Checkout VAT bug I’m working on!

]]>
By: loopion http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1822 Wed, 08 Sep 2010 20:24:27 +0000 http://www.aschroder.com/?p=1074#comment-1822 The time consumed by yourself is maybe missing and as J.T. explained we have labor on it (price per hour).

For example, configuration is about 4 hours of work (including cronjobs, backups, etc…), inserting all products can take you days if you don’t import it using the importation tool and most of the time you have management to make on with your Elance guy’s recruited, preparing documents, preparing tasks, etc..

So, finally I think that if you are a techie guy (like me 🙂 ) I would do it my self along my evenings but otherwise you will need to take someone to take care of your website.

Between 10 and 11 I would add SSL Certificate $70/per year that is really important to gain trust with the customer. (even if you make some AdWords if you don’t have the customer trust you wouldn’t have some orders)

]]>
By: J.T. http://www.aschroder.com/2010/09/10-steps-to-magento-ecommerce-on-a-small-budget/comment-page-1/#comment-1821 Wed, 08 Sep 2010 16:11:03 +0000 http://www.aschroder.com/?p=1074#comment-1821 Ashley, I think your Google link to the guy claiming PCI is not applicable is wrong.

I may be wrong too but it makes sense to me that everybody needs to be PCI compliant, all merchants that is. If you sell stuff and people can pay with cards, you need to be compliant. It just so happens to be that if you have outsourced all of that, to say PayPal or Google, your attestation of compliance is extremely straight-forward. It becomes a statement of “I’m compliant because I don’t handle cards”. Without that statement, they have you as non-compliant.

I base that on the official website, which I’d take any day over an unnamed guy in a forum. For that same reason, your readers shouldn’t trust my judgement either as they don’t know me from Adam either. But let me back up my thoughts:

https://www.pcisecuritystandards.org/saq/instructions_dss.shtml#instructions

SAQ Validation Type 1, key quote: “Card-not-present (e-commerce or mail/telephone-order) merchants, *all cardholder data functions outsourced*.” My emphasis. That needs SAQ A. That’s the easy one, no scan required, done in 10 minutes.

Who do you file your compliance statement with?

https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml

See “Approved Security Assessors”. Go through the process with them and then copy your bank/acquirer (if you have one) in too. Possibly even your business insurer. Better safe than sorry.

So based on my extensive checking, EVERYBODY who sells stuff and their customers can pay by card needs to be PCI compliant. The fact your system doesn’t see, hear, smell or feel card details is no excuse. You still need to tell the governing bodies that that is the fact. No cards = not applicable = not true. In fact, it’s no cards = still applicable = very easy process. And mostly free.

How Amazon Payments fits in I don’t know. But I would do this. Which is the procedure for any payment service.

1. Try it out on a website that uses it already or set up a dev environment. Go through the checkout and take note of the URL of where you enter the card details. If that’s not your URL, you should be OK for simple PCI.

2. Confirm that with the payment service provider in question as well as with the developer who built the payment bridge/module. Ask “Does your system/code cause my site/server to store, handle or pass card details?” If the answer is No from both, your’re good for simple PCI. If yes, you’re in for a more tricky ride beyond the scope of this post and its comments.

3. Now complete PCI-DSS compliance with an approved assessor from the list above.

Simples 🙂

But it is still confusing despite their best efforts to make it simple. But I think I’ve seen enough proof to think that everybody needs to be PCI compliant and submit the attestation, whether you use PayPal or not.

]]>