Brilliant Thinking

Contents

The hosting is the space where the website lives. It also includes the provision of email services and webmail facilities so that you can check email wherever you may be. Although we prefer Linux for reliability in the web environment and offer our own hosting facilities, the choice of hosting should be dictated by your business requirements - performance, scaleability, etc.

Please also refer to our longer article: Types of Hosting.

Our next article looks at the infrastructure, or how you connect all the different aspects together into a whole.

As an ecommerce systems provider, VAT is always an “interesting” subject of debate. A client recently asked me to enable the ecommerce system to charge VAT at the VAT rate in the purchasing EU state, and not at the UK rate where they are based.

I know there has been talk about going down this route in the 2005 VAT proposals documents, but as yet this is not law. I spoke to the VAT people on the HMRC help-line today and they confirmed that VAT works as follows:

1. You charge VAT at the rate in your country
2. If you are supplying outside the EU and have proof of export, the VAT rate is 0%
3. If you are supplying inside the EU and have the VAT number of the purchaser, the VAT rate is 0%
4. If you are supplying insite the EU and you don’t have the VAT number of the purchaser, VAT is at the standard rate

UK standard rate VAT is either 0%, 5% or (most usually) 17.5%.

If you need to check if the VAT number supplied by a purchaser is valid, there is a handy tool on the European Tax website: http://ec.europa.eu/taxation_customs/vies/en/vieshome.htm

Choosing the right kind of hosting can be a minefield for the uninitiated. So, before you decide that you can buy a hosting account somewhere else more cheaply than your web company is offering, consider the risks and factors involved before you decide to “go it alone”. You should think carefully before you decide how your web hosting will be delivered.

The following diagram shows the different layers of hosting - the green bars show the responsibility of your chosen partner compared to the type of hosting; for example, dedicated hosting means that you provide and manage everything from the business process layer down to the operating system layer and your hosting partner provides and manages the rest.

A lot of hosting companies do not own the data centre layer and many do not even control the networking layer. Instead they rent space from the data centre and install and run their own servers. This is the device, operating system and application infrastructure layer. Although this falls under “managed hosting” on the diagram, service level varies significantly. How many servers, what type of server and how many customers they share on each server all affect their levels of pricing and reliability. Web companies (like us) generally specialise in the application and business process layers and outsource the rest.

The important message is that unless you are an IT professional or hosting expert, have a dialogue with your web company so that you make an informed decision and not just one based solely on price - after all, you get what you pay for!

Here is a summary of the different types of hosting you may have heard about.

Shared Hosting (aka Virtual Hosting)
Shared Hosting is a hosting account where you rent disk space on a server which is partitioned and shared among many different users (websites). This is the most common form of hosting that you can find on the Internet today and is a cost effective way to getting started but there are pros and cons. Prices for shared hosting start from as little as £50 per year.

Pros:

• Inexpensive
• Easy to purchase
• Requires zero management (in most cases)

Cons:

You are competing with other unknown websites on the same server websites for access, which means:

• You may experience slow performance at times when other websites are very busy (big databases, high visitor volumes, large emailings)
• Abuse of virtual hosting accounts can cause spam to block shared email queues meaning not all email will be sent or arrive (aka a denial of service attack)
• If one of the other websites crashes, it might crash the whole server meaning you’ll be offline until the ISP resolves it
• You have limited control over what you can achieve on the website which can make more complex websites harder to implement.
• Possible exposure to security risks - shared environments with large numbers of unknown websites can create unexpected security risks; think carefully about the information you capture on shared hosting
• Many virtual ISPs don’t offer anything more than email support. Response is improving, but in some cases we know people have waited 7-10 days for a response. What if this was for an urgent “the server is down” request?
• You have no control over who else is on the server with you - some ISPs host pornography and gambling sites, and these will cause you no end of problems with downtime, poor performance and general inconvenience; read their terms and conditions carefully!
• Check carefully that the package you want has all the right operating system and application infrastructure - when you hapilly give your FTP details to your web company you might find you have bought completely the wrong package and have to start again (I have seen it happen a few times)

Virtual Private Server (VPS), aka Virtual Dedicated Server
The next level up is a virtual private server. This is a technology that allows hosting companies to partition a server into a small number of completely separate virtual servers. So, although you are still sharing a server with other sites, this configuration ensures you have a completely isolated environment with dedicated resources - which means you effectively have your own server at a lower price than if you rented a whole dedicated server. Virtual Dedicated Server hosting starts from £350 per year.

Pros:

• Guaranteed resources - no competition for bandwidth
• Greater flexibility - You should have root access which allows you to install your own software, set up cron jobs and build a complete application with total flexibility and no restrictions (application infrastructure layer)
• Greater security - You have your own ring-fenced environment
• Greater reliability - Somebody else’s code isn’t going to affect your site

Cons:

• More expensive
• Requires greater technical knowledge, though most VPSs come with a good control panel to make things easier
• Easier to break things if you’re not sure what you’re doing

Where to Find a VPS Hosting
There are now plenty of VPS Providers. You can find many by searching Google for “virtual private servers” or “vps hosting” or looking in one of the many web hosting directories or forums. Virtuozzo by SW-Soft is the main commercial software that web hosts use to run virtual hosting services, but there are others. For instance vserver is similar in principle to Virtuozzo but is not as widely used. Open source vps systems exist in the form of OpenVZ (a subset of Virtuozzo), UML (User Mode Linux) and more recently Xen.

VPS hosting used to be the prerogative of the smaller web hosts primarily looking for a more geeky market but recently the bigger mainstream web hosts have moved into VPS’s. You’ll get a much more generous bandwidth allowance compared to shared/virtual hosting, and none of the problems that go with a shared host. Usually you get multiple IP addresses that are exclusive to your sites, which you will need for SSL certificate hosting and for running your own nameservers if you want to register domain names.

Many hosting providers will offer “premium” or managed support which includes a bit more hand holding - this is definitely recommended if you don’t have much experience with Linux, and are not confident about keeping your VPS updated. It’s worth talking to your web host about updating and installing software. If its a Virtuozzo system, the web host will have preinstalled templates for common applications such as Coldfusion which can be rolled out across many VPS’s thus cutting down on disc space inside your VPS and well as saving memory and resources on the “hardware node” it runs on. Quite often the VPS provider can roll out operating system updates and bugfixes across all their VPS infrastructure.

Dedicated Server, or Co-Location
This is where you have a whole server to yourself. In the co-location scenario, the server is purchased by your company directly and then installed at an ISPs data centre. In the dedicated server scenario, you rent the hardware directly from the data centre or hosting company.

The pros and cons for a dedicated server are similar to the VPS above, but you are responsible for everything that happens on the server, from the operating system upwards. This can have a significant management overhead, especially if something goes wrong and you need to fix it and don’t have the skills.

Prices for dedicated servers start at around £1000 per annum, and from about £4000 per annum for zero-downtime versions (depending on how critical your applications are).

In-House Server
Some people consider that running their own server on the end of their broadband connection at their office is a good option. Especially if they have had poor performance with any of the other options. However, running your own in-house server means you are fully responsible for the whole spectrum of infrastructure layers, from the cabling and access to the server, through UPS (uninterruptible power supply), hardware, operating system, application infrastructure, application and business process layers.

Pros:

• [A feeling of] Control

Cons:

• Performance will reduce dramatically when you have more web traffic (ADSL only has a small upstream bandwidth)
• You will need additional bandwidth to accommodate busy sites (SDSL is expensive)
• You need the IT skills to support the infrastructure, or outsource to get somebody to manage it - remember that you are a single server and this cost could be high as you are a single environment; hosting at a managed data centre spreads the cost as the team are on-site 24×7
• Security - you need to make sure your web server cannot breach you internal network.

About 4 years ago, we developed our first ecommerce system prototype for a client. We decided to host it at one of our satellite offices on a broadband connection as a demonstration project. However, after we applied a little SEO magic to the site, traffic jumped and very soon the ADSL connection became totally clogged with traffic - visitors could not access the website and we couldn’t access the Internet from the satellite office. We very quickly moved the site to a hosting facility who had plenty of bandwidth and decided to concentrate on what we were best at - the application and business process layers only. Remember that the more data your website responds with per visitor, the greater the peak bandwidth load will be, and an ADSL connection does not handle multiple concurrency well in such circumstances.

Trading online has its risks as does any business, but if approached professionally with open eyes you can minimise your exposure to fraud with a few straightforward procedures. This is relevant to any online store, but particularly for people selling high priced items.

Step 1 - Get a “proper” payment gateway

This is all about finding the right tool for the job.

There are numerous third-party systems available that accept credit cards on your behalf (called payment gateways, or Payment Service Providers - PSPs). This is excellent because it minimises your risk of exposure to credit card details theft (see “so you want to store credit card information on your site“). High street banks also offer payment gateways and may be a suitable option depending on what you are trying to achieve with your site.

The important thing to do is to find a payment gateway that offers levels of fraud detection that you are satisfied with. Systems such as MasterCard Secure and Verified by Visa are becoming more widespread and a payment gateway that offers these options is an advantage over those that don’t because their use shifts the liability to the credit card issuer away from you, the merchant in the majority of cases. But it’s not a silver bullet, so don’t assume that just because you’re using them you’re covered - remember “eyes open”.

Remember to differentiate between services such as PayPal, Nochex, etc which - although they accept credit cards - essentially store cash in an online account for you which you can download, and true PSPs which handle the transaction and deposit received funds in your bank account automatically. The former services often have transaction limits which could limit the number of online sales you can make in a given period.

Next, look at the buyer and seller protection policies that the PSP offers. There may be some automatic coverage, or there may be additional insurance you can take out to guard against fraud. This usually means you pay a higher transaction fee (for example +1%) on every transaction for the safeguard that fraudulent transactions will not be your liability. Remember to check the small-print too.

Step 2 - Do you need an Internet merchant account?

Many true PSPs require you to have an Internet Payment Account (or Internet Merchant Account) with your receiving bank. These are separate accounts to standard merchant accounts, so if you accept credit cards in your shop it doesn’t mean it will be automatic online. Remember services such as PayPal don’t need this as they are essentially “cash stores”. Some PSPs offer a “virtual” Internet Merchant Account for you, meaning you don’t need one with your bank. However, they usually offset their risk by deferring payment to you. Check the small print.

Step 3 - Don’t rely on the technology

Technology is fantastic at automating repetitive tasks. However, people are inventive at circumventing the abilities of the technology. It’s a game of cat and mouse.

Use the fraud detection systems that the PSP offers - you should look for a PSP that provides a report so you can see transactions and how fraudulent the PSP thinks they are, e.g. “safe”, “possible fraud”, “don’t touch it with a bargepole”. This provides you with guideance about which transactions you should be avoiding.

However, your own visual review of the transactions can often show a pattern that might not be visible to the fraud tools the PSP provides - for example a single customer putting through different transactions in short succession, each of which appears OK on its own but ollectively form a fraudulent pattern. (Read Neil Kugelman’s story about his online jewellery store.)

There are additional checks and balances you can implement to reduce your risk of fraud. Here are some:

• Don’t offer separate shipping address for International customers
• Check address for card transaction matches delivery address manually - for example, contact the buyer and ask them to fax a copy of a recent utility bill. You can then double-check this reference with the utility company
• Check the phone number - see it matches the buyers location. Also, avoid mobile phones
• Avoid shipping to countries that are high risk
• Be careful of remailing addresses, fraudsters use forwarding addresses
• Check their email address actually works by sending them a personal message
• Capture their IP address and verify it is in their quoted country
• Don’t be in a hurry to ship, especially if the buyer is

I was just reading through the transcript of a “just published” Marketing Sherpa Ecommerce study which I contributed to and thought that one paragraph was very interesting and bore repeating:

Anne: I think this really shows you another thing as well and that is, that consumers are treating Ecommerce sites, and you see on the next slides as well, consumers are treating Ecommerce sites in a very different way than they treat print catalogs and in a very different way than they treat brick and mortar retail stores. What you’re seeing is very little browsing activity. I mean, I know when I sit down with a catalog and in fact there are eye-tracking studies in the catalog industry, that if you are sending a catalog, in particular to your house list. They’re really looking at the images. They’re really examining it. They’re saying, “Hmmm, should I buy this…” They’re really enjoying that browsing, shopping activity. The same thing happens with a lot of shoppers in brick and mortar, depending on the type of store you have. But they’re coming in and enjoying the environment. They may be examining a lot of different things. You know, you’re in the mall, it’s Saturday afternoon. You’re enjoying yourself. This is almost an entertainment activity. It doesn’t seem to be the case with online Ecommerce according to the eye-tracking studies. Now we studied eight different Ecommerce stores including Amazon, eBay, a whole bunch of them. Most of them you didn’t see that kind of entertainment activity and what I think is interesting is that a lot of/some Ecommerce marketers are making the assumption that the entertainment mindset is there. Certainly Bombay with that big gorgeous picture is sort of thinking, “Well, we know our Bombay shopper. They love to look at these big beautiful pictures.” But indeed, people barely glanced at it. What are people doing instead? They’re looking at the navigation. And we see consistently, people going zooming right to the navigation. Pretty much ignoring anything else. So they’re treating the Ecommerce site as a search engine, as a search tool. You are not a store; you are a search tool to get to where people want to go.

So, you can forget the bells and whistles when it comes to designing the core of your ecommerce site. As the latest Marketing Sherpa study shows, unless you can get your visitors from where they enter your site to what they’re looking for quickly, you’ll be passed over for other sites who do. Ecommerce is not about browsing, it’s about finding - and fast.