We are often asked about the most basic things involved in the creation of an online store. To help you find answers to most beginners’ questions, we describe below one of the easiest methods of creating an online store and tell you about the costs and technical knowledge associated with that method. This brief tutorial is intended for those who probably have only a vague understanding of how to sell goods or services over the Internet and simply do not know exactly where to start.

In this article we will describe how to open an online store using the WebAsyst™ online services, a very affordable and easy method for anyone who cannot make large investments at the very beginning and who is not very technically savvy.

1. What to sell

First decide what you will be selling in your online store. Consider the following issues to make the right choice for you:

• storage and delivery expenses
• necessity for customers to try things on (e.g., clothing or footwear)
• probability of repeat orders of your products
• necessity to provide post-sale support to customers
• strength of competition in the chosen market
• actual demand of your products on the Internet.

2. Create an online storefront

An online store is a website controlled by a special piece of software (e.g., Shop‑Script™). The software can be either purchased and installed on a special web server, or used as an online service via a web browser.

After you have gained experience with Shop-Script as an online service, you can later purchase the software for personal use. As software, Shop‑Script must be installed on a web-hosting server; e.g., provided by GoDaddy, iWeb, or another company. Instead of paying for the online service, you will then pay for web hosting.

Shop‑Script offered as an online service can be used free of charge for small stores. Payment is necessary only if you are planning to sell a large number (over 100) of products or to process quite a few (over 25) orders a month. You can begin with a free account and later switch to a paid plan at any time (and also change it back to free).

In our experience, owners of 95% of newly opened online stores are satisfied with the most affordable plan at 9.95 USD/mo. Note that even this plan allows you to register your own domain name as described below in this article.

Shop-Script as an online service is pre-installed on WebAsyst servers, which are specially set up for correct functioning of online stores. To begin using the Shop-Script online service, you only need to sign up (free of charge) at http://www.webasyst.net/signup/?app=shop.

Creation of an online store using the WebAsyst Shop-Script online service is shown in detail in the video below:

3. Product catalog

Create a product catalog and add useful information to your products: names, prices, descriptions, photos, etc. Adding products is easy: click on the “Add product” button, enter the product name, description, price, specify other product properties, and then click on “Save”.

4. Payment and delivery

Arrange payment and order delivery for your customers. To accomplish this, you may need to open a bank account and execute contracts with payment gateways and courier companies. You will find useful information about it in the WebAsyst knowledge base. Once these arrangements have been made, set up the corresponding payment and delivery options in your online store to make them available for choice during checkout.

5. Domain name

An online storefront created using the Shop-Script free online service is available at quite a long address: storename.webasyst.net/shop/. Should you want to change it to something shorter and more attractive (e.g., storename.com), you only have to switch to a paid plan and then register a domain name using the WebAsyst online services. A domain name is registered (and later renewed, if necessary), for 89 USD a year.

6. Advertising

To attract visitors to your online store, you need advertising. Advertising can be free or may require payment; e.g.:

• registration in search engine databases
• placing links to your storefront on other websites
• search-engine optimization
• offline advertising, i.e. dissemination of information through channels other than the Internet; e.g., printed media, television, radio, personal contact with prospective customers.

You will find some advice on the initial search-engine optimization in the WebAsyst knowledge base.

Advertising on the Internet is also often one of the most important expense items. Note that advertising and search-engine optimization will require significantly more time than the actual creation of an online store. Be prepared for the fact that competitors often spend large amounts of money to make links to their websites appear in top search results provided by popular search engines. To beat the competition in some markets, you may have to invest similar funds and efforts.

7. Support and development

Once you have an online store up and running, do not stop! Operating the business successfully requires constant attention to all details.

Keep analyzing your customers’ feedback and visiting other popular online stores in order to make your own storefront more and more convenient, informative, and visually more attractive. Remember that, aside from simple convenience for visitors, logically arranged information on a website usually results in better indexing by search engines and, as a consequence, in the growing number of visitors and in higher profit for your business.

A few weeks ago Facebook developers introduced the ability to embed iframe applications (e.g., online storefronts) as tabs in user accounts next to “Wall”, “Photo”, “Discussions”, etc. This new feature allows shoppers to proceed to the storefront without leaving the online store’s main Facebook page. Before the feature was added, online storefront opened as an ordinary application, i.e. still within Facebook but outside of the store’s main account page.

In order to embed your storefront as a tab on your online store’s main Facebook page, follow our detailed instructions (see section “Main Facebook page of your online store”).

To see the difference, look how an online storefront was embedded in Facebook before:

… and how it can be embedded now using this great new feature:

By the way, owners of WebAsyst Shop-Script based shopping carts have already begun to embed their storefronts as Facebook tabs; e.g., http://www.facebook.com/MegaPodarki

Announcing this year’s special Springtime offer:

10% off Shop Script and WebAsyst Help Desk

15% off Ecommerce application bundle

20% off Ecommerce Plus application bundle

The discount is valid from Mar 15th through Mar 31st both for the first and for any further purchased WebAsyst Shop-Script licenses. Be sure to buy WebAsyst scripts while this special offer holds!

Our company has been accepting bank card payments for 5 years now and during this time we have gained some experience in avoiding chargebacks which should be useful for beginners. We do not use automatic fraud detection tools because of their inability to provide very accurate and timely results and have instead assigned this task to human payment inspectors. This decision has been yielding very good results.

Because of the ambiguity of the payment verification procedure, fraud detection and prevention is more of an art than a science; however, there are specific rules you should follow to foil fraudulent credit card attempts. The first criterion is whether a customer previously purchased something successfully. If no orders have been processed from a customer’s email address in the past, it is necessary to apply other tests. We use the following checklist for additional payment verification:

1. Order price. If a customer orders the most expensive product, especially without testing the item or corresponding with our support team, chances are high that the person is attempting to use a stolen card and additional review should be made.
2. Payer’s IP address. We use special online services to determine the country name corresponding to the payer’s IP address. It is always suspicious when the payer’s country does not match that of the cardholder.
3. Payment time. After identifying the country name, we note the payer’s time zone. Any order placed between 3:00 am—6:00 am is suspicious, as it is extremely rare for a genuine customer to be purchasing during those hours. As a rule, true purchases and payments are made during the day, or at least before midnight.
4. Email address. If the customer’s email address is hosted by a free online service like Gmail, AOL, or Yahoo! and contains meaningless abracadabra before the @ character, that is a good indication of fraud. On the other hand, if a valid email address is based on an existing company website’s URL, and has the form sales@… or payment@…, etc., it probably belongs to an employee of an existing company; the probability of fraud is negligible in this case.
5. Number of declined transactions. We always review transaction history for each new payment. If a person has made several unsuccessful attempts to pay for an order, this is a red flag indicating possible fraud. Even if a card is finally accepted after several declined transactions, we perform additional verification in such cases.
6. Requests to the support team. If a customer “suddenly” decides to buy something without asking a single question (especially when other customers send an inquiry at least to ensure that we have an actively functioning support service at all!), this is suspicious, especially if combined with any of the other factors listed above.
7. Related information about the customer’s company. If a customer has specified his/her company name during checkout, we often perform an additional search on the Internet to find out whether the customer’s name and his company name are mentioned somewhere and are really associated with each other. If no evidence of such relationship is found, the transaction is flagged as suspicious.

If a payment inspector suspects a certain transaction to be fraudulent, he or she sends the so-called “verification request” to customer. This is an email message with standard content, requesting the customer to provide a scanned copy of an identification document as well as a scanned image of the bank card which was used for payment. If the provided documents identify the customer as the real cardholder, then the payment is accepted and the ordered items are delivered to customer. Scanned documents are always carefully reviewed for signs of alteration. We have seen cases where criminals, a.k.a. “fraudsters”, actually send requested “proof”, but the scanned or faxed documents turn out to be false.

Let us look at the situation from a different perspective. When genuine customers (not fraudsters) place an order on our website, they complete the order form, type in payment credentials and contact details, and simply wait for the order to be shipped. It may be an irritating obstacle for this person to receive a payment verification request, preventing the person from completing the sale. Besides, sending copies of personal documents over the Internet may make this person uncomfortable, even with key data blacked out on scanned images.

For this reason we rarely send payment verification requests if the expected risk of fraud is minimal. We have adopted an internal rule which says “if there are no clear indications of fraud, payment will be accepted and product shipped”; it works well because of the high professional level of our personnel. Even though this principle may occasionally result in a chargeback, it ensures that we treat our good customers well. Experience often gives immediate insight into what may be a potential fraud and which orders are genuine, and inspectors who have processed many orders are very good at telling the difference.

Remember: it is very important for online merchants to perform scrupulous verification of incoming bank card transactions, and this effort to stop fraud is well worth the rewards to their businesses as it is to ours.

If you decide to publish an email address on your website to receive customers’ inquiries, it is inevitable that you will very shortly begin to receive spam messages mixed with real support requests. You will then wonder whether there are efficient ways to protect oneself against unsolicited advertising and to receive only messages from website visitors and registered customers? The answer is “yes”.

We have been providing customer support services for more than five years and have never changed the email addresses of our support team. During this period anyone could have added our addresses to spam mailing lists, but we receive very little unsolicited mail.

The first line of defense is our mail server, which rejects over 90% of incoming messages at the mail pre-processing stage! Mail pre-processing involves several filtering steps:

1. The sender’s IP address is checked against the spammers black list; the presence of the correct DNS record on the sender’s mail server is also verified.
2. Message headers are checked for compliance with RFC standards and an additional check is performed to find out whether the sender’s “From” address actually exists on the outgoing mail server.
3. The message contents are scanned for spam-like text.

If negative results are returned on any of these steps, the mail server rejects the message and returns the appropriate error code to the originating server.

As expected, not all incoming messages which pass this filtering system are genuine customer requests. According to our statistics (collected during 3Q 2010), 9324 messages passed through the spam filter. Only 3056 of them (almost one third!) were later confirmed by their senders, which means approximately 6000 messages remained unconfirmed.

Summary of statistics:

What does “Not confirmed by senders” mean?

This corresponds to an additional spam filter in our customer tickets processing system. Every time it detects an incoming message sent from an email address which has not yet been registered in the customer database, it sends back an auto-response that asks the sender to click a special link to confirm the sending of his/her request. The confirmation link must be clicked only once for each email address; doing so automatically registers the sender’s address in the database. All further inquiries sent from the same address will be received directly by the support team and the confirmation link will no longer be sent to their author. This special spam filter is integrated in WebAsyst Help Desk application which we use to process support requests from our customers.

The majority of messages saved in the database (5939 of 9324, approximately 64%) were not confirmed by senders; therefore, they are categorized as spam. Additionally, 329 messages were manually deleted by our support team.  Although those messages had either been confirmed by senders or were received from registered email addresses, personnel identified these as duplicates or spam.

In addition to email, we also receive customer inquiries from a web form completed on the website and from customers’ personal online accounts. For more details on these three support request methods, see the article “Customer Messages – Stop Losing Them!“. Requests sent via web form or from an online account are directly saved in the Help Desk database; therefore, the mail server’s spam filter is not applied to such messages. The web form has its own means of spam protection:

1. CAPTCHA — an automatically generated image with several characters which a website visitor must type into a special text field to send a request successfully. CAPTCHA helps protect the website from spam robots trying to automatically submit messages using the web form.
2. A confirmation link is sent back to non-registered email addresses (similar tactic to that used for requests which are received by email).

The most reliable method of spam protection is the use of personal online accounts by customers. Since access to an account is provided only to registered customers and is possible only after successful authorization, the probability of spam sent by account users is negligible.

The table below shows the statistics for the three described request receiving methods during three months. In column “Email” data are provided for comparison with similar parameters of the other two methods: the web form and the online account.

We recommend the following means of efficient protection against spam when receiving customer requests online:

1. Offer a protected online account for each customer from which he/she can send requests to you. This will ensure almost 100% spam protection.
2. Place a web form with CAPTCHA on your website so that non-registered visitors can send their requests to the support team.
3. If you want to receive inquiries via email, set up a spam filter on your mail server and send auto-responses with a confirmation link to each new customer.

Shop-Script update featuring integration with Facebook is available!

Facebook integration

Integration with Facebook allows Shop-Script-based store owners to publish their online storefront directly inside the social network and to receive orders from Facebook users. Storefront embeds into Facebook as a native application:

Facebook users will be able to view the list of products and place orders without leaving the social network interface. Customers’ orders will be saved in your database exactly as if they were placed within the main storefront.

This feature should be particularly interesting for online store owners seeking new sales channels! Use of Facebook targeted advertising may be very useful for the promotion of Facebook optimized storefront and result in higher sales.

Take a look on how we embedded our demo store into Facebook: http://apps.facebook.com/shopscript/. Your online store may have a similar appearance inside Facebook.

Here is a detailed user guide on the integration setup: http://www.webasyst.net/support/help/shop-script-facebook-integration.html.

Version #300

This update is version #300. It is released within the current generation of Shop-Script. In addition to the new functions, we have also fixed several bugs detected and reported to date. See the full list of changes in the new version in the update log.

Facebook integration module is now a part of the base Shop-Script installation package, and is not to be purchased additionally. Simply update your online store to the latest version, or buy Shop-Script with the new functions already integrated.

Shop-Script users, this is how to install this update:
1. Update your installation using WebAsyst Installer (as you do on a regular basis).
2. Enable access to the new “Tools — Social” backend screen using “Users” application.

A note about the new Shop-Script

This update is not that redesigned version of Shop-Script much anticipated by our customers and announced before. At this time we do not declare timeframes of the new version’s release. We understand your desire to receive it as soon as possible, and we are doing our best to make it meet your expectations, but for now we still have a lot of work to be done on the new version. We will publish its preview as soon as new version’s release candidate is ready.

There are several methods of receiving inquiries or support requests from your website visitors and customers to ensure efficient handling.

Method 1: via email. To use this method, you may simply publish a special email address on your website; e.g., support@mycompany.com.

Method 2: using a contact form embedded on your website. Contact or feedback forms usually contain several fields where a visitor enters his/her name, email address (to receive response), the subject, and blank space for message content.

Method 3: through a personal online account. Users must register themselves prior to sending an inquiry.  A protected online account may also contain useful information such as  order and contact details, a link for quick access to the knowledge base, etc.

Which method is best greatly depends upon your website’s purpose and what kind of inquiries you expect to receive from your visitors. If your website is a simple personal page  about your hobby, then placing your email address on the home page (method 1) would be sufficient.  An online store selling technically complex products which require post-sale support and maintenance should choose method 3 to facilitate efficient customer request handling. (more…)

To ensure unambiguous compliance of Shop-Script with the recently enforced international cardholder data protection standard (PCI DSS), several payment modules have been removed from the distribution. The essence of the standard’s requirements is that online resources that store, process, or transmit to third-parties sensitive cardholder data must complete obligatory validation to prove compliance with the standard.

In order that every online merchant using Shop-Script can be absolutely sure that his or her web store is not in the scope of the standard, payment modules which might potentially require the compliance validation has been removed.

Should you desire to use the removed modules in your online store, you may download and install them individually as described at http://www.shop-script.com/features/integrations.html. Please remember that in this case you may be required to complete the PCI DSS compliance validation procedure.

More details about this update of Shop-Script are available in the WebAsyst knowledge base at http://www.webasyst.net/support/help/shop-script-pci-dss-compliance.html.

Watch this video to find out how to create an online store using WebAsyst Shop-Script within a couple of minutes:

Read more about creation of an online store on the Shop-Script website.

Announcing this year’s special Summertime offer:

20% off Shop Script

The discount is valid from Jul 19th through Jul 30th both for the first and for any further purchased WebAsyst Shop-Script licenses. Be sure to buy WebAsyst scripts while this special offer holds good!