Choosing the right e-commerce package can be a minefield – on this page we try to summarise likely costs, snags and security issues so that you can make the right decision for your business.
A standard e-commerce website requires 4 elements:
- A webhosting package, comprising a server running a database, often with SSL certification to allow encryption of payment card data
- Customised software gives you a CMS and generates webpages from the information in the database
- A payment gateway to process credit/debit card payments
- A merchant account to accept credit/debit card payments
The cost of the above will vary with the chosen webhosting company and payment gateway, but for a typical new business selling 500 items per month, average value £20 each, you might expect to pay:
- Webhosting (Virtual Private Server, 200Gb/month traffic): £20/month
Optional SSL certification, annual cost: £10 to £900, depending on desired security level
- Free software (typically based on a MySQL database and PHP - see below)
requires initial customising: £1,000+
Occasional web developer fees for software modifications: £ variable
- Payment Gateway: £18/month
per item fee £0.099 (350 items free): £14.85/month
- Merchant account fee (£10/month min. or about 2% of transactions): £200/month
Monthly gross revenue: £10,000
Annual gross revenue: £120,000
Initial start-up cost
assuming basic software customisation, no SSL: £1,000
Monthly cost: £252.85
Annual cost: £3,034
Annual cost as % of sales (excluding start-up cost): 2.53%
Based on cobaltweb.co.uk hosting and CharityClear payment gateway.
SSL costs based on sslcertificate.com and Symantec products. The higher priced products include features like daily website malware scanning to ensure PCI DSS compliance - see below.
There are many popular free or very cheap software packages for e-commerce which are relatively easy to install with a webhost control panel, but for shop owners that can be the start of a long and painful road to successful customisation. Here we include links to reviews of these 'shopping carts' from actual users and developers, which are universally very mixed...
For these reasons we choose not to develop with the above popular but flawed solutions, and we recommend WordPress for a custom shopping site – don't be fooled by its blogging origins, do some background checks and you'll find it's a very capable CMS with plenty of e-commerce plug-ins (we also write our own). Please ask us for a quote based on your requirements for design and functionality.
A bespoke e-commerce site can cost considerably more than £1,000 to set up and maintain and you might wish to minimise this set-up cost and streamline your payments with an Amazon Webstore. The fees are at least double what you pay for hosting your own site, i.e. using the previous example they amount to 5.7% of £120,000 annual sales if you simply use Amazon for site hosting and payment, or over 7% if also advertising on Amazon (15% for books, music & video). Many companies value advertising on Amazon with its huge customer base and high search engine ranking, though this can be a double edged sword if other Amazon sellers undercut your prices. Competition could also come from Amazon itself – read this article from 2011 and you might reconsider...
"Complaints range from customer service issues to the inability to market to customers acquired from purchases on the marketplace to what merchants perceive as Amazon learning of hot products and categories by watching sales data from merchants in the marketplace."
And here's another blog echoing this theme...
"...all E-Commerce retailers understand the pain associated with selling on the Amazon marketplace. Whether it is feedback management, ASIN matching, paying seller transaction fees or my all-time favorite — the Undercut."
You might think a good strategy would be to start selling on Amazon, then change to hosting and managing your own webstore, but remember that you can not access your previous customers, and selling via Amazon means those customers never see a link to your own branded webstore, so you are effectively 'hooked' on the Amazon product.
This information only relates to an e-commerce site you are hosting, not an Amazon Webstore.
Any business handling card payments must be PCI DSS compliant. Sagepay, a leading payment gateway provider, gives the following advice on PCI DSS compliance:
"Penalties for not complying with PCI DSS range from an increase in security auditing, to facing an unlimited amount of fines"
"Becoming PCI DSS compliant can be a costly and time-consuming process. However, there are some simple ways to reduce the cost and burden of compliance, and of course your risk of a data breach. One of those ways is to avoid handling card data."
How to avoid handling card data? By sending customers to a secure page hosted by your payment gateway (which can be customised to show your logo at the top), where they enter their card details, and once these have been verified they are returned to your website and a 'Thank you for your order' message.
The costly alternative is to pay for an SSL certificate and firewall protection on your server, with frequent malware penetration testing.