Today there are LOTS of excellent shopping cart solutions available to merchants big and small. Recent updates here in the forums are few and far between, so for the benefit of those looking here, here's the state of the E-commerce market at the end of 2011. I've included my own personal anecdotes, otherwise this is just a long list
PCI: It's real!
Times have changed since the carefree days of yesteryear. Merchants have to be concerned with PCI compliance and it can be a real headache.
It's best to avoid PCI altogether. If you're using a 3rd party payment solution like PayPal or 2Checkout, congratulations, there's no need to worry about PCI. If you're using an Internet merchant account that processes payments on its own hosted page, then you're also "outside the scope of PCI" and have very little to worry about. If you're using a hosted shopping cart (shopping cart + hosting rolled into a monthly fee), then you also have little to worry about. For those daring merchants among you that insist upon hosting your own shopping cart and keeping the customer on your site for checkout, tread carefully!
Hosted solutions: carefree sales
Using a hosted solution (one where hosting + shopping cart + updates + support are rolled into a monthly package) eliminates much of the hassle of E-commerce. For a reasonable monthly fee, someone else has to worry about PCI-compliant hosting, PA-DSS application certification, and shopping cart updates. There are a number of players in this field, but some of the best known are
BigCommerce,
PinnacleCart, and
Volusion. Although the monthly fees may seem high relative to a standard hosting account elsewhere, these hosted solutions are a real bargain if you're confronting PCI. Disadvantages of a hosted solution are generally: limited customization (you don't control the platform), more limited SEO ability (although sites can rank very well on these platforms, you may hit a ceiling, due to limited customization), and fixed feature set. These solutions can work very well for typical merchants and especially merchants that lack the time, budget, or expertise needed for a self-hosted option.
Among the hosted solutions, BigCommerce is what I recommend.
Self-Hosted solutions: commercial offerings
A self-hosted solution is one that you host on your own server / hosting account. Commercial offerings are typically more polished than open source / free offerings and are also a good option for merchants with limited time, budget, or expertise. Popular solutions in this area include
Interspire's Shopping Cart (this is the software that powers BigCommerce),
PinnacleCart,
http://www.x-cart.com/,
CS-Cart. and
CRE Loaded. Don't let the marketing fool you, PinnacleCart is the only one of these that is PA-DSS certified.
If you're using Authorize.net, the only way to avoid PCI is to utilize the SIM or DPM payment methods. Of the above listed carts, the only one I know to have SIM integration is X-Cart. A
3rd party X-cart DPM payment module is also available. We are presently completing a DPM module for PinnacleCart, but nothing is officially available at the time this is posted.
CRE Secure does offer a PCI-compliant hosted checkout for CS-Cart that may solve your PCI issue with Authorize.net.
Among the self-hosted solutions, CS-Cart has a lot going for it, although PinnacleCart is my preferred solution due to ease-of-use and auto-update mechanism (PM me if you would like a major pricebreak on PinnacleCart). If you're using Authorize.net and insist on a commercial solution, X-Cart is currently your only easy route to PCI compliance.
Self-Hosted solutions: open source offerings
Open source offerings have come a long way and there are numerous choices these days. There are the old standbys
http://www.oscommerce.com/,
osCMax, and
http://www.zen-cart.com/. There are also several notable newcomers, namely
Prestashop,
OpenCart, and
Magento.
Many of these support Authorize.net SIM.
CRE Secure offers drop-in modules for osCommerce, Zen-Cart, and Magento, but can be branded for integration into most of the others.
Of this current crop, I'd avoid osCommerce and Zen Cart for security reasons. Although Magento is very popular among this group, I recommend choosing Interspire for a similar feature set, a straight up commercial license (Magento has a confused licensing model), and a smaller server footprint. OpenCart would be my recommendation for US-based merchants and Prestashop for merchants outside the states.
Other choices
There are a LOT of options I've left off, because they aren't mature, offer less than their more popular counterparts, or I haven't heard of them. I haven't, for example, included any .NET offerings. I also haven't included E-commerce plug-ins for WordPress or smaller PHP carts / checkout forms (not my area of expertise). One thing all of the above carts have in common is that they are designed for products or virtual products (e.g. eBooks). If you are marketing a service then there is an entirely separate batch of offerings (mostly targeted at Internet-related services), notably
WHMCS,
AWBS,
HostBill,
Plesk Billing,
ClientExec, and
Blesta. For online billing,
Freshbooks is a hosted solution and
Pancake is a self-hosted solution.
In closing, research your options and find a solution that meets your current needs. Too often merchants focus on the most feature-rich platform available and end up with a complex platform that they can never successfully manage, is too expensive to maintain, or gets compromised. Don't get too caught up in the initial sticker price. You need to focus on the long term costs (don't forget that open source solutions have maintenance costs that can easily exceed those of commercial offerings) and how extensively you will need to customize your solution (an area where open source offerings often excel).
Happy New Year Everyone!
-Matt
p.s. i know the message is old, but….
Linear Mode
