Disaster Recovery

Posted on September 22, 2010, 5:07 pm, by David Hills and received No Comments ».

Memories are always with you, but photos are the one tangible link you may have to some of the best moments in your life.  Portraits of children growing up can never be replaced.

From the Article – Apartment Fire Emergency: What To Take in a Hurry

Despite making it through a relatively wildfire-free summer here in the west, we recently had a wildfire spread to within 30 miles of our residence.  News video included shots of people evacuating their homes.  They were piling their cars with the items that were most important to them, including their pets.  My wife turned to me and asked, “What would we take if this had happened to us?”, and then quickly followed that question with, “What about all our digital photos?  Would we need to bring the computer? Are they backed up?”  Interestingly, I was going though the same thought process.

I may be a little paranoid about backing up my data.  I use both an external usb drive to backup locally and an online service to backup to the web (“cloud”).  Since our home computer is a desktop, I would just grab the external drive and, worst case, if we did not have time to even get that, my data would still be safely residing on a server somewhere.

It has been my experience that most merchants do not give any thought to backing up their data.  No doubt they assume their hosting company is doing a daily or weekly backup, and to be fair, it’s likely that they are.  But what if there was a problem with their backup or it had been a while since a full backup was done and the server’s hard drive crashed or you accidentally deleted all your products from your store?  It’s times like these when you wish you had a better backup plan than relying on your host!

In ShopSite there are three different methods for backing up your data.  First, if you are using ShopSite Manager or Pro, you can download all your pages, products, orders, and customers (in pro) to a text file.  If needed, you could use that text file to upload those same pages, products, etc. back into your ShopSite database and then republish your store.  To perform this download/backup go to Utilities, then to Database and click on the Download button to view your options.

The second backup option in ShopSite is called Backup.  Also in Utilities, Database there is a Backup button.  This makes a copy of the ShopSite database and stores it on the server.  This is a fast backup and, like the text download, saves all your pages, products, etc. that are stored and generated as web pages from the ShopSite database.  But, unlike the text download, this copy is stored on the server.  If the server’s hard drive crashes, your copy would not be accessible.  This backup is more useful to use when recovering from a mistaken deletion of your data.

The final built-in backup option in ShopSite is called Export (first available in v10 sp1.)  Like the other two methods, this is also found in the Utilities section.  The export function creates a compressed (zipped) file that downloads to your local computer.  As with the first two backup options, it also allows for the backing up/downloading of the ShopSite database.  However, some ShopSite data is not kept in the regular database.  Your shipping, tax, and gateway configurations as well as reports and any custom templates that you may have are stored elsewhere. This backup method provides options to download those files and databases in addition to the information contained in the previous two methods.  This backup option should be viewed as a failsafe for restoring your site from catastrophic server failure, as you would need to provide the zip files to your webmaster to restore (unzip) the files to the appropriate directories on the server.

Backup section of ShopSite dashboard

People sometimes need a gentle reminder to back up their files.  You can configure ShopSite to remind you to backup or export your data.  If you are running ShopSite v10 sp2 (service pack 2) go to Utilities then to Back Office UI.  In the Dashboard section of that screen you can indicate how many days between backups ShopSite should wait before issuing a warning that you are overdue.  On the new Dashboard screen, when you first login to ShopSite, if your backup is overdue you’ll get a red warning displaying the number of days since your last backup.

I hope that you never need to use a backup. But, if you ever do find it necessary, you will be glad to have a current backup available.

Say What You Mean

Posted on September 15, 2010, 3:04 pm, by David Hills and received No Comments ».

Do what they say, say what you mean
One thing leads to another
You told me something wrong, I know I listen too long
But then one thing leads to another.

–        The Fixx: One Thing Leads to Another

One thing does lead to another, especially when it comes to expectations being met or unmet.  During the past few weeks I’ve been let down by one vendor, had my positive expectations met by another vendor, and had my expectations exceeded by yet another vendor.

First, I’d like to talk about the let down.  I’ve been looking at getting a new smartphone.  I’ve had my Motorola Cliq for about a year now and, despite repeated promises that the OS for it would be upgraded from Android v1.5 to at least v2.1 (the latest is v2.2), nothing has happened.  I heard that my mobile company would soon be offering a phone that interested me.  They even have a web page dedicated to upcoming information on this particular phone.  The page says “Sign up to stay in the loop”.  So I sign up.  I don’t get a confirmation e-mail, but that is ok.  Then, last week, details on the phone are announced.  The problem is that I read about it on a tech web site.  That’s right, no e-mail from my phone company. Apparently, I’m not yet in the loop!  I go back to the web page to see if it has been updated. Sure enough, there is now a photo of the phone, but no other feature details!  I just don’t get it.  You have potential customers that are interested in an upcoming phone. They have signed up for information and expect to be “in the loop,” yet they have been ignored and, instead, the information is announced only to some reporters?  After that, I gave up waiting for the details and instead purchased a phone from another manufacturer!

Now for the good example.  As anyone with teenage boys probably knows, the latest video game in the Halo series was released this week (on Tuesday at 12:01 am.)  I admit that my son and I are fans of the series.  I pre-ordered a copy from Amazon, as they promised to deliver it on release day.  Sure enough, it showed up on Tuesday, as promised.  This is exactly what I expected, as previous pre-orders of popular items (such as the Harry Potter books or more recently “Mockingjay” of the Hunger Games book series) also showed up on release day.

Coordinating shipping so that everyone gets their book or game on release day is, I imagine, a whole lot more complicated than sending an e-mail to announce a new phone!  My cell phone company wasted a marketing opportunity and, while their goof did not cost me anything and I still use their service, I do feel that they tarnished their reputation and will think twice before signing up for any of their promotions.

Now, most merchants do not have the size and resources of Amazon or a phone company.  That being said, whatever you promote and announce, you should deliver.  And, because you are a small business, you can deliver that “personal touch” that larger companies cannot.  A recent example of a business that exceeded my expectations came when I recently ordered some snorkeling equipment online for a family vacation.  The equipment came as expected, but inside was a handwritten note thanking me for the order and wishing me a wonderful snorkeling experience!  I was so impressed by this simple, yet thoughtful gesture that I had to immediately show my wife the note!

Do what you say you are going to do is good advice for all merchants.  If you can’t deliver on your shipping, return, or privacy policy, don’t display those promises.  It’s always better to meet expectations (even if they are a little lower) and sometimes exceed them than to meet them most of the time (even if they are a little higher) but occasionally fall short.  Set your bar at the appropriate level and you and your customers will both have a positive experience.

Keep it Secret, Keep it Safe

Posted on September 9, 2010, 10:22 am, by David Hills and received No Comments ».

“Keep it secret, keep it safe”

–        Gandalf from the movie Lord of the Rings

Just like Gandalf instructed Frodo to carefully guard and protect the ‘One’ ring, merchants are expected to protect their shopper’s credit card information.  The Payment Card Industry (PCI) has standards that all of us (merchants, hosting providers, shopping cart vendors) must follow.  In fact, there is a validation process that carts like ShopSite have to be independently audited for.  Even if you are using a validated application like ShopSite, there are still configuration options that you must use (such as using SSL/https) if you accept credit cards in your cart.  For more information on configuring ShopSite to support PCI, see the online help.

Of course, even the most secure manner of entering and storing credit card information is not safe if you allow everyone at work the opportunity to access or print out the information.  Even storing the data unencrypted on your pc for later processing is dangerous.  The best way to protect a shopper’s credit card is to never have access to it.  For example, if you use PayPal Standard, PayPal Express, or Google Checkout, the shopper enters their credit card information directly on PayPal’s or Google’s servers and you never see the credit card information.  Even if you log into your merchant account (virtual terminal) on PayPal or Google, you cannot see the shopper’s credit card information.

PayPal and Google are great options for protecting both the shopper and the merchant (see Don’t Tug on Superman’s Cape), but many merchants also want to directly take credit cards with their cart.  By default, if you set up a payment gateway like Authorize.Net AIM, ShopSite encrypts the credit card information, which can then be securely viewed in the ShopSite backoffice (merchant interface.)  Of course, the shopper’s credit card information can now be accessed, which is what we are trying to avoid.  In the ShopSite backoffice, under the Orders tab, click the Security button and then the Credit Card Storage button. From here, you can instruct ShopSite not to store the credit card information.  Now, when a shopper securely enters their credit card information in the shopping cart (using SSL), it is sent to the payment gateway without being stored in the ShopSite orders database.  Just as you bill for the order in Google Checkout using the virtual terminal, you can do the same thing in your payment gateway’s virtual terminal.  And, likewise, you never need to access the shopper’s credit card information.

Note that, from a PCI point of view, entering a credit card directly in your shopping cart does involve your server, even if it is just long enough to send it to the payment gateway.  So, your online store does have access to the credit card, if only for a millisecond and you still need to follow PCI guidelines for your server (having your sever scanned for vulnerabilities, etc.)

There are two payment gateway integrations in ShopSite where the credit card information is entered directly on the payment gateway’s server.  First, there is Authorize.Net with the SIM api.  When the customer goes to enter their credit card, they are clearly taken away from your cart to the Authorize.Net server (similar to PayPal Express) and then returned to your cart once the credit card information has been entered and validated.

The other solution is Braintree, where, to the shopper, it looks like they are entering credit card information into your cart, but it is actually being entered on the payment gateway’s server.  In either case, the merchant never has access to the credit card and it never touches the merchant’s server.

Whatever methods you use, you can’t be more secret or safe than not having access to the credit cards in the first place!

« Older Entries
Newer Entries »
ShopSite Online Shopping Cart Software BlogShopSite Online Shopping Cart Software On YouTubeShopSite Online Shopping Cart Software On TwitterShopSite Online Shopping Cart Software On FacebookQuestions?888-373-4347E-commerce Blog