High Yield No Till Integrated Gardening means less work, lower cost, and more produce.
Click to Download Your Free Heritage Pickling and Culturing e-Book Now!
Instant Download, NO Registration Required!
I don’t have time to waste on CraigsList
I hear friends of mine recommend CraigsList to get business by advertising there. Frankly, I don’t have the time to waste. I’ve had several experiences with it, none of them good. The problems were enough that I find the entire venue to be a collosal waste of time.
First, I posted a business ad – nothing but spam came back from it.
Next, I posted several separate ads, for similar things, but distinctly different. In Canada, they were all allowed to remain active. In the US, all but one were flagged as duplicates, even though they were not. I got some spam from the ads, but nothing else.
I recently posted ads for three different laptops – Three different brands and model numbers, three sets of specs. One was allowed to stay, the other two were flagged as duplicates. An HP Pavilion laptop for $500 was flagged as being a duplicate of a Dell Inspiron for $300, and apparently so was the Dell Inspiron (different model number) for $200. No terms of use were violated in any way.
Oh, but before the items were flagged, I did have time to receive a total of six scam emails – CLEARLY scam emails, regarding the postings.
I don’t have time to wrestle with a careless company that can’t even determine when something is genuinely a duplicate post and when it is not. And I don’t have time for the spam.
One of my biggest gripes about it is that you can ONLY do local. Ummm…. Local for me is 300 people. My business is national. There is no way you can effectively use CraigsList if you have a national business. Let’s see… Pick one city in the US to advertise to. Just one. And you can’t advertise to another with anything remotely similar for another 30 days.
Who has time for that?
As a rule, I don’t usually post ads that expire in 30 days. I just don’t have time. Online ads are rarely effective anyway, and classifieds are some of the least effective.
And even if your ad DOES last for 30 days, nobody looks at it after the first three days. It takes time to write a good ad, time to get in there and post it, and then people see it for three days. Hardly worth the bother.
If you are in a small town, marketing nationally, or if you are selling something that people are not fighting over due to high popularity, CraigsList isn’t going to be an effective venue.
I never liked the idea of being thrown in with the prostitutes anyway.
UPDATE: I got half a dozen more responses from the remaining listing – all of them scams. Sloppy writing, incorrect English, and requests for a lot of information from me and promise of a cashier’s check if I ship it – not one mention of asking for more details, request for photo, or anything a real buyer would do. Classic for scams.
I am not an inexperienced seller – I have sold dozens of computer items on eBay and have an excellent feedback rating there. We bought and refurbished, then resold laptops for several years, so I know how to do so successfully. A complete lack of legitimate responses, and being flooded with scam responses is not typical for other venues where I have sold such items.
The Ethics of Education and Promotion
If you have an educational site, is it ethical to promote items on the site that you profit from, or is that a compromise of your informational integrity?
I have a business educational site. The purpose of the site is to promote scam awareness, educate people about what helps them really earn, and how to spot a good program or a bad one, the advantages of independent business endeavors, etc.
I have two clients that offer multi-level distributorship programs. There is no charge for either one. Both are ethical and have a good chance of returning a profit if someone works them.
I’ve toyed with the idea of joining both just for signups and sponsorships. One of them would require that I purchase items at least for my own use. They are items I am likely to use anyway. The other would not require purchases, and would allow me to function purely as a recruiter.
One consideration is TIME. Do I want to invest the time to really make them work. Since I have outlets that would allow me to plug in information to existing channels, I think it could work without undue effort.
The major consideration though, is ethics. Is it ethical for me to promote specific programs and profit for them on a site that purports to be unbiased?
The thing I’ve learned is that this is what people WANT. When they come to a “build a business” site, they want to be told, “Here are some honest choices.”
But I still wrestle with it. Still unsure of whether it lowers my credibility and makes me just another “work at home” site that exists to promote a program instead of to benefit the end user.
Don’t Be a “Harry”
That isn’t his real name. But we’ll call him “Harry” (no offense to anyone named “Harry”).
He seemed like a nice guy. Eager to get started with the project. We proceeded to install the site and work on the design. “I like this style” he said. We created that style. “Change that.” We changed it. This is normal. Harry liked to email every morning, demanding a status update for the day. This isn’t normal, but we replied anyway.
Harry also liked browsing the web, looking at his competitor’s websites and at other service provider websites. And it gave him ideas. Soon he began saying things like, “This site has THAT. I want it too.” Never mind that that business owner paid tens of thousands for their site, and his was a budget site. I made changes to the design when possible – some were deep coding changes, very difficult to do. One month into the project, the time was already over what we normally spend on a flat rate project. He added in another saying, “This site has THAT, and it will look great on my site!”. I’m sure it would, if he had the budget to afford it. When I protested, he said, “But you said satisfaction guaranteed, you have to do it!” I said, “I also said there were limits, and I’d tell you when you hit them, and this is one.”
With flat rate projects, setting limits is always subjective. If we have a motive for being willing to try something (so we can learn how to do it if it is new), or if we think the results may be terrific and look good in our portfolio, we may go beyond what is typically reasonable, and make exceptions. Project creep has a different meaning here, and it is always hard to know where to draw lines. If they are small things, we usually just shrug and do them.
With this client though, small things never STAYED small things. Harry liked to change his mind. And he wasn’t very good at making decisions either. “Let me see it this way.” “No, I guess I liked it better the first way.” “Change that color.” “Change it some more.” “Ok, that’s good.” “No, wait, I guess I don’t like it after all.” A simple thing would take DAYS to get exactly how he wanted it. He fussed over 1 pixel differences, the length of gradients, the precise angle of things, the thickness, the shade of the colors in a bevel, the depth of the shadow. EVERY single aspect of every single element was subjected to minute examination and criticism.
We really do try to please our clients. But Harry’s demands never ended. When he was informed that his home page content was part of Phase 2, and not part of Phase 1, he complained that if the content was not in, how could he tell the design was good? He demanded more and more, refused to pay the second Phase fee, and kept changing his mind. We have never, in more than 10 years of web design, EVER had a pickier, more demanding, more indecisive client. He didn’t just set a new record, he was so far beyond any other client demands that I doubt we’ll ever see his equal.
Our graphic designer created a logo for him. A painstaking process that took a week before he was satisfied – understand, he started by telling her EXACTLY what he wanted. She created EXACTLY that, and he still fussed, and agonized over the placement, shape, size, and edging on every single item, even becoming crude at one point. He finally declared it finished. One week later, he went back to her and told he he wanted something else instead – no mention to us that he was doing so, no mention to her of any kind of compensation for doing so. I think he thought we’d pay for it. When things finally fell apart (a month later) he was still picking and fussing over the second logo.
Two months into the project he began to complain. Why weren’t we done yet? How much longer was it going to take? I told him that as long as he had additional things for us to do, and as long as they were technically complex, it would take time. He began demanding a deadline. I told him that unless he could tell me definitively when he’d be satisfied, I could not tell him when we’d be done.
His demands begin to get silly – “I don’t have a link to my blog, just put in a dummy so I can see what it looks like.”, and “Don’t put the image on the site, email it to me so I can see it first.” That, even though the site isn’t live yet so there is NO reason not to put it up, and if I DID email it to him, he’d just say, “I don’t know, let me see it on the site.” On a frugal contract, every bit of wasted time counts, and he loved wasting time. He’d often say, “I don’t know which I like, make both and let me see.”
By now, I’m feeling dread each time I check my email. I’m waking up feeling dread over working because of him. I’m behind on my other clients because of the time he is taking. There were many reasons why we let it go on that long – partly because I gained some valuable reusable code from his requests, partly because it always seemed each was the last. I still sort of felt he was basically a nice guy, just indecisive and a penny pincher because of the industry he was in.
Then one morning he demanded a deadline, said that I WOULD give him one, and that I’d finish it up within this amount of time.
I’ve been doing a lot of thinking, business is good, and by now I’m thinking a refund will be a relief. I no longer care whether I please this client or not. I just want it to end, one way or another. I emailed back and said that there were three things left to finish. I would do them, and then I was DONE with Phase 1. Nothing more. That he could pay for Phase 2, or not. If he did pay for Phase 2, I would limit the time available. He replied that I could not do that, that the contract stated that satisfaction was guaranteed and that I had to do what he said.
Up until that point, I still thought he was just basically an indecisive, but decent person. At this point, it became clear to me that he was a manipulator, who had intended from the outset to try to push a low budget contract into a high end service by being demanding. I don’t like to believe bad of people. But his actions since then have left me little other conclusion.
Primarily the fact that he takes no responsibility for his own actions. He made choices, and those choices had consequences. When the consequences were not what he wanted, it was someone else’s fault. That is classic for manipulators.
This is NOT a typical response for our clients. We have VERY few clients who request refunds. If we had a lot – or if we had a lot of clients who complained of the things he was complaining of, I’d know we had something to fix.
He now informed me that I could not change the contract in the middle. I pointed to the termination clause, and said, “Yes, I can.” The contract allows me to terminate the contract in writing – he has the same right. He then has three choices – he can renegotiate for another phase, or he can go elsewhere and take it with him, or he can request a refund and have no rights to any of the items created so far. After sending that email, he disappeared for several weeks. I finished what I said I’d finish, and moved on with life. He has since requested a refund, demanding more than what is covered in the contract. We will issue what IS covered in the contract. His stated reasons for requesting the refund are unreasonable delays, lack of communication (daily emails weren’t enough), and failure to deliver a satisfactory result. Ummmmm Yeah…..
This client was the all time most difficult to deal with for us. So much so that his behavior has become an example in our training classes (name withheld), for spotting and dealing with difficult clients. His inability to make a choice, his unwillingness to be satisfied, and his inability to accept the consequences of his own choices caused problems that we, as service providers, dislike having to deal with – they are costly and emotionally difficult to deal with. Among our subcontractors, his name is legendary – they all know him by his first name, and when someone is being difficult, they will say, “I hope this isn’t another Harry.”, or if they are picky but not unmanageable, “At least this isn’t a Harry.” Sad, really.
The moral? When things are breaking down around you, and you are looking for someone to blame, look to yourself first. See what your part was in contributing to the problem – I recognize that I gave in at times when I should have set a limit early on with this client, but I also know there was little else I could have done to avoid things getting ugly. If things keep breaking down on you, and “People” keep failing to meet your expectations, it may be your expectations that are the issue. Own your part of the problem, and do something about it.
It is pretty sad to become the bad example, to have your name known and remembered with a shudder.
Don’t be a Harry.
Competition and the Wal-Mart Equation
I’ve heard people complain that “Wal-Mart comes into a town and drives small businesses out.” I do not think this is true. There are those who resent me for saying this. But I think it is simply a matter of competition.
People buy from Wal-Mart because they sell things people want. Any business can do that. Any business that fails to do that should not BE in business.
A town near here refuses to let Wal-Mart in, though the company has made multiple attempts to do so. The town has one grocery store that maintains a monopoly, and two variety stores with bad service and poorly maintained stock. There is a sense of entitlement in the town, and a fear of competition. The residents dislike being held hostage by these businesses, and people who live in outlying areas drive up to a hundred miles out of their way to avoid shopping in this town. The businesses in town succeed not because they are good, but because the residents have no choice. That hurts the town by driving away other potential business.
I have always maintained that any business that does their job right has no need to fear the competition. You can’t always do the job cheaper, but you can usually do the job better than a company that is focusing on doing it “cheaper”. For every person who will doggedly go to Wal-Mart to buy, there is one who refuses to, and another who will go where they feel best about buying. Wal-Mart can’t put any business under that is paying attention to the market, and really giving the customer what they want.
A town in the opposite direction from the first one has three major grocery stores – one of which is Wal-Mart – and a K-Mart, and many other thriving businesses that overlap into those businesses. The service level through the town is much better, businesses are better maintained, and most are thriving. The two other grocery stores have specialized – offering variety that Wal-Mart does not offer (they spotted that Wal-Mart only carries what is most popular, in volume). They simply adapted, and went on doing what they did best – creating an environment where their customers feel good about shopping. Two other grocery stores went under when Wal-Mart brought in the grocery department. They had been struggling to begin with, and their corporate model was too similar to Wal-Mart’s. Wal-Mart simply did it better, and the others could not compete (in fact, one of them went under and was sold out as a corporation around that time).
My competition isn’t Wal-Mart, it is GoDaddy. The big, inconsiderate, cheap and shoddy company that outguns every small web service provider on marketing. I can’t compete with them on their terms, and I don’t even try. I just do the job better, offer better value, and give my clients personal attention that a big corporation can’t begin to compete with.
Any business can do that. They often get caught up in price wars though, which puts them in a losing position to begin with. You can’t compete with big business on their terms. You can’t fight fire with fire in this instance. You have to figure out how to fight fire with water – do it differently than they do it. Do it better where they CANNOT do it better. Corporations operate within a set of strict limitations. They have their course, their methods, their policies. Changing them is like trying to turn a ship under full steam – it doesn’t happen very fast, and it can only happen in small degrees. If they try to compete with you on terms other than their existing corporate policies, they will capsize and undermine their entire success model. So it is pretty simple for you to adapt and maneuver into a position of successful competition, just by doing what they CANNOT do.
When businesses blame Wal-Mart for driving them under, they’ve misplaced the blame. They didn’t go under due to the presence of another business in town. They went under because they did not respond in an effective way, and chances are, their business model was flawed to begin with. When people have no choice, they’ll settle for mediocre. When they have a choice, they won’t. High quality and truly good service DO win out even in a highly competitive market. A good business model will succeed in spite of competition, a bad or shaky one can only succeed when there are no other options.
Look to yourself, and stop blaming the competition.
Legality of Cash Gifting
A lady called me today. She sounded worn, a little scared, and uncertain. She wanted a website – but you could tell she was not certain about even asking – not sure she could afford it, probably. I gave the standard reply: “Depends on what you need.” Then I asked her the standard exploration question: “What is your business?”
She said it was a Cash Gifting Program with a replicated website. I didn’t think much, I just said what I knew. “Ummm, those are illegal.” Then I followed with, “That kind of program is illegal, and you need to report this to the FTC.” She said “Thank you” a bit stiffly and hung up – I’m not sure if she thought I was nuts or deluded, or if that first sense of disaster was just sinking in. I wish I’d have thought to stop her, talk to her a bit more, help her know what to do.
Then I went on a research hunt to find documentation of what I knew. Well, a Google search for “cash gifting legality” returns all sorts of deceptive information. Claims left and right that cash gifting IS legal, based upon reports or information from the IRS.
Frauds! The IRS is NOT the issue here.
- Cash gifting to friends and family is legal.
- Cash gifting SCHEMES are NOT legal! They are nothing more than pyramid (Ponzi) schemes! CLEARLY forbidden by US trade laws. They fail on EVERY point!
Don’t believe me?
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt056.shtm
Such schemes use various methods to try to get around the laws using clever descriptions, but their descriptions are NOT what matter – the way in which the LAW describes it, and the INTENT of what they are doing is what makes it illegal.
By IRS definition, a Cash Gift is something given by a PERSON, to another person, with no expectation of return.
By FTC definition, an illegal pyramid scheme is one in which there is no legitimate product or investment going on, and which depends upon the recruitment of an ever larger group of people in order for anyone other than the top members to realize a good return on investment.
Any time an organization exists, formal or informal, for the purpose of Cash Gifting, the purpose and intent is no longer giving with no expectation of return. When you give someone money, and expect to MAKE money from it, it is not a Cash Gift, it is an investment, and you are a business. And this is a business with no product, no real investment occuring, and which only pays if more people join and pay into it. Pyramid Scheme, plain and simple!
These schemes, no matter how cleverly described, and no matter how slippery the leaders, get shut down. They are illegal, and no amount of claiming they are not will make them legal. No amount of “lawyer approved” claims will make them so – in fact, if they CALL it a “Cash Gifting” program, it is illegal, because Cash Gifting for profit is in itself illegal.
The thing is, why would you want to take the chance? People who create these are not “nice people who just want to help others”. They are scammers who want your money!
By participating, YOU are participating in an illegal scheme. If you DID make money at it, you would be liable for prosecution!
Why in the world would you want to take the chance of doing something that is clearly illegal, just because someone says, “Oh, our version isn’t illegal”? There are SO MANY things you can do that WORK to earn money, why would you throw away your money on such a thing when you know deep down that it just isn’t going to end happily?
Scamming is two sided. A scammer cannot take someone for their life savings unless there is someone on the other end of it who is greedy enough to want something for nothing – or unreasonable returns on their life savings. The person being scammed has to be WILLING to take the RISK of being scammed.
Ignorance accounts for some of it – but I don’t buy that most people who are scammed are ignorant. I think that they may be a little that way. But I think that in most cases, a little voice in the back of their head warned them that it probably wasn’t legit, but they let their greed or sense of desperation silence that little voice.
Don’t let greed overrule common sense. That little voice that warns you is the strongest protection you have against being scammed.
And beware of people who use supposed loopholes to try to persuade you that the thing that is illegal is somehow legal because THEY are doing it. If they have to use loopholes, they just aren’t good people. They are going to bend the law and look for loopholes with YOU, just the same as they are telling you they are doing with the government.
Good business doesn’t need to tell you that they are “legal because…”. Good business is CLEARLY legal.
Signs That Your Network is Dying
Forums and networks are HARD to get started. And once you get them going, it seems to be very difficult to KEEP them going.
We all like to think that when we begin an effort to get people together for conversation that there are millions of people out there who want to discuss the same things we do. But others rarely have the same agenda, even when they SAY they do.
Forums and conversational venues RARELY take off spontaneously. Getting them going takes a LOT of effort, and so does keeping them going. There are longstanding tactics that everyone uses – which sometimes are successful, but more often, just feel tired.
- Regular moderator posts.
- Encouraging members to spread the word.
- Contests.
- Controversy.
- Daily “topics”.
- Allowing ads one day a week (the result of which is, that usually, one day a week, you have lots of posts, which nobody reads, and that this is the ONLY day each week that you have posts).
We all do these things on our networks in an effort to keep it going. It may or may not help, and often it does not.
How do you know your network is dying?
- When the only posts are ones you make yourself (or your moderators make).
- When the only posts are on “ad day”.
- When people ask questions and nobody replies.
- When nobody ASKS questions anymore.
- When the majority of new signups are hit and run spammers.
- When your long time users no longer post.
- When your moderators start dropping out.
- When the only members you have that regularly do anything are the same people you associate with everywhere else online. Without new blood, networks die.
People online, as a rule, have a short attention span. While it is hard to get a venue going, it is even harder to keep it going for more than a year or two if you do manage to get it going. The initial burst of enthusiasm that people have over something new is short lived – about two months. You often find that once they lose that, there is nothing left and they wander off to see if someone else is more interesting.
Once you see those signs above, it is very difficult to bring it back from the edge of extinction. Oh, you can try, but often you are just beating a dead horse.
Nobody likes to admit that something didn’t work. But more venues fail than ever succeed, and the statistical difference between success and failure is monstrous. Perhaps one in a thousand ever even gets off the ground, and perhaps only one in a hundred of those keep going for more than a few months.
- A heavy marketing campaign can help.
- Listening to your users can help – if they talk. Often they don’t.
- Intense involvement on your part, and recruitment of other helpers can help.
But there’s no magic formula, and there is sometimes no way to rescue a venue that is in decline – the perception of decline can be almost impossible to reverse.
Often, it is simply best to go on to the next thing.
When the Customer is Not Right
Circumstances in my business have given me a lot of reason to think about customer service, satisfaction policies, and refund policies. Having always felt that a business owner gives MORE, not LESS, and having been raised on the philosophy that you just accept hardship and cope with it, it has taken a great deal of thought, and reasoning to create some new policies which set a limit on how far certain types of clients can push me.
We charge flat rates, so we often have to set limits on what can and cannot be done within a contract. With the average client, a polite, “I’m sorry, but the technical difficulty of that feature is beyond what your contract covers” is enough to let them know where that limit is. And typically, we don’t have to issue refunds, because when problems are encountered, we can address them and help the client move past them.
Two situations recently made me start really thinking about when the customer ISN’T right, and when a refund should NOT be issued. Those are hard things for me to define, and I dislike it intensely when someone is displeased with the outcome. But when the problem is not one that I caused, but which the client brought on themselves, I am not responsible for making it right.
In one situation, the demands of the client became such that it was interferring with my ability to keep up with work for all of my clients. I eventually said NO, because it was unfair to the rest of my clients for one client to demand so much time and work that it was impossible to keep up with the reasonable requests of the others. I had one dissatisfied client. But to satisfy that one, I’d have had a dozen dissatisfied clients. And it needs to be stated, that this involved a fairly low priced contract, for which I had already delivered about 5-7 times the amount of work agreed on. This client would make requests that wasted time, and think nothing of it. “Just make two copies of that graphic so I can compare them and decide which one I like.” or “I don’t have the right text or image yet, just make one up so I can see what it might look like.” Those things waste time, and cost extra work that is not reasonable when time is not charged hourly.
In the other situation, the client asked and was informed about the amount of work their part of the contract would entail. They assured with enthusiasm that they were up to it, and were ready to get it done quickly. This was a half-priced contract where we were responsible only for install, design, payment processor setup, and support – we would do personal training on request at no extra charge. The client began the work, then lost interest, and changed their mind. We offered a training session – which they scheduled, then canceled. They then accused us of not informing them of the amount of work needed (which we had done both in person and in writing), and demanded a full refund of all money paid. Since we did not have a refund policy for this specific service, we looked at our general policies (which they had agreed to during the payment process), and offered a refund based on those terms. This meant half of the setup fee was refundable. The client said that was not acceptable, that they had never agreed to any such thing, and that we needed to refund the whole thing or they’d file a complaint with the payment company. We promptly refunded the amount of half of the setup fee, as we had stated we would, and informed them that they HAD in fact agreed, showed them the document, and informed them that since the services agreed on HAD been completed and delivered, and that there was no issue of either non-delivery, or misrepresentation of services, they had no justifiable reason to file a complaint.
In both instances, there were strong reasons for setting a limit with the client, in spite of having strong customer service ethics. It came down to sustainability and what is reasonable and fair. To satisfy ONE client in this instance, would have done long term harm to our business.
In the first instance, keeping this client and answering all his demands would have undermined our entire business. We over delivered, and he got far more than his money’s worth. He was angry that I refused to do more without additional pay. But this, again, was not something we caused, and was beyond reason to expect on his part. It was better to have one dissatisfied client than to allow one client to destroy our business.
In the second instance, we were dealing with a situation that we did not cause – in fact, we try very hard to ensure that clients purchasing that type of product KNOW that it will take work. She changed her mind. That wasn’t something we caused. This is a service for a direct sales company. Had we just given the refund to make her go away without being upset, then she would tell her downline to go ahead and order a site from us, that if they changed their mind, we would refund. That would do a lot of harm long term. We were fair and honest with her, and the problems were not things we caused, and we offered several options to try to help her overcome the problems, but she did not want to even try.
I really struggled with figuring out the appropriate thing to do in both of these situations. In normal circumstances, I am more than willing to go out of my way for a client, and to do more than they paid for. We typically include a certain amount of wiggle room in our flat rate quotes, and I expect to have to work hard for what I earn. I generally LIKE my clients and want to give a lot for them. But there also has to be a limit. Otherwise a business is not sustainable.
Because of these two clients, I now have a new refund policy for the one particular service, and I have a new guideline for myself, to know when it is better to “fire the client” than it is to continue working with them. Neither of those things are handled lightly – I never want a dissatisfied client if I can avoid it. But I also recognize that some clients never WILL be satisfied, and that beyond a certain point, it is THEIR choice, not mine. When I have done all I should have done, and more, then it is ok to let them be unhappy, and to walk away. It still isn’t a nice thing to have to deal with, and I don’t think I will ever be able to do that without a lot of thought and analysis of the situation, to make sure that I was in the right in doing what I did.
I don’t know if I have a point in all of this, except to share the experience and maybe the bit that I did get out of it. If I have a point, it is maybe that when you ARE doing it right, this kind of decision generally WON’T be easy. It wll always cause thought and discomfort. But that lines must be drawn for problem clients, to keep the business sustainable for the GOOD clients.
When you did not cause it, and when you did more than was reasonable to try to make it work, it is ok to let the client choose to be dissatisfied.
WildFire DSI Released Today
I rarely make product announcements, but am taking the liberty of doing so today. We’ve been working on a nifty little script for about 9 months now, and it is finally ready for prime time.
WildFire DSI is an auto-installer for Open Source or Custom website Scripts. DSI stands for “dynamic script installer”.
It works with our hosting billing manager (WHMCS), and on Cpanel/WHM reseller accounts, VPS, or dedicated servers. It has a lot of features which make it really cool, if you don’t mind my tooting my own horn for a bit.
The neatest thing is, that it can install just about anything. We have templated install files for Joomla, Joomla with VirtueMart, WordPress, and CRE Loaded/OSC. If it will install those, it will install practically anything. And it can install as many different ones as the web service provider wants to install.
In plain English, this means a client can go to the ordering system, choose from a list of website packages, for example:
- Joomla with no frills
- Joomla with a directory
- Joomla with Virtuemart
- CRE Loaded
- WordPress
- Joomla AND WordPress together
- Magento
- Or just about anything you want to offer them.
When the client purchases the site structure, the system identifies the one that was chosen, and automatically installs it. Instant website.
Our coder was truly brilliant about how he created the functionality. It is so flexible you can even make it personalize an install for the client.
We love this, we’ve been using it in our own business, in one form or another, for about 6 months. It allows us to pre-configure the install packages, which saves us so much time on the installations we do most often. It has also allowed us to tap into some fairly lucrative vertical markets (targeting a website service for a specific industry).
It went live today, at http://www.dynamicsiteinstaller.com, complete with affiliate program.
I really didn’t even want to sell this. It is such an advantage for our business, and such a powerful tool, I wasn’t sure I wanted to let to go to empower my competition. I sort of wanted to keep it just for our students and our own business. People keep asking for it though. And I guess I want to share my knowledge and tools more than I want to hoard them.
Online PCI Compliance Simplified for Small Business Owners
If you’ve been researching this very much, by now you are probably thinking, “When is someone going to just give me a straight answer about what I need to do?” Ok, that’s exactly what I’ll try do.
For small business owners that accept payments online, there are special considerations, and some limitations that you must observe in order to be PCI Compliant. I’m assuming that if you read this, you know that you DO have to be compliant if you accept payments online. If you don’t know that yet, then you just need to know that you can be fined by the CC company, or sued by your customers in the event of a breach of security with sensitive credit card or debit card data, and in some cases, if you have been warned, you may be held criminally liable as an accessory. Some companies will tell you they can cancel you for non-compliance even if there are no evidences of theft of data.
There are two basic things you need to do:
1. Make sure the WAY you take payments is compliant.
2. Make sure your policies regarding your site management, site access, and site software are compliant.
We’ll tackle the first item first.
The big thing about accepting payments online, is HOW you accept payments. And small business owners are prone to taking shortcuts here, thinking that there are shortcuts that will save them money. The issues are not simple – there’s a lot of technical stuff going on here. I’ll try to simplify it, but may not be able to simplify all of it.
There are three ways that site owners typically choose to accept payments online. I’ll list those, along with the costs, and risks.
1. Collect credit card numbers online, and then process them offline. To be PCI Compliant, you MUST NOT DO THIS! In fact, if your credit card company finds out you are doing this, they’ll slap you hard. The ONLY time you can do this is if you have a third party hosted shopping cart that is PCI Compliant (so you don’t have to bear the burden of it). Don’t assume it is!
This is NOT the least expensive way to do it, and it is terribly risky. You have to store the credit card numbers on your site, and therefore YOU are responsible for all risks associated (even if you use a third party hosted shopping cart). It is expressly forbidden by the PCI Compliance rules unless you meet VERY stringent security standards. You can’t. They are too expensive. Think a couple hundred thousand dollars.
If you are collecting credit card numbers online, and processing them (or handing them to someone else for processing, such as a direct sales parent company), STOP. Immediately. To continue to do so is an unacceptable risk, with potential civil, or even criminal penalties if someone else gets hold of those numbers.
If you have a website where numbers are passed to a gateway (Authorize.net, PayPal Pro, etc), then check to make sure that a “store credit card numbers on server” setting is NOT set to ON, ANYWHERE in the site configuration, because if it is, you may be accidentally doing this when you did not mean to.
2. Use a standard gateway, such as Authorize.net, PayPal Pro, LinkPoint, etc. This option is less risky, and less costly than option #1, but it does have ONE major requirement to it that makes it become costly. You MUST pass quarterly security scans. And those scans will cost you at least $350 per year. This option will not be affordable for most small businesses, in part because of the cost of the scans, in part because of the security enhancements that the scans will tell you that you need.
This option requires PCI Compliant Hosting, a PCI Compliant shopping cart (no, CRE 6.4 does not qualify), and PCI Compliant SSL. These enhancements will prove too expensive for most small businesses.
In this option, credit card numbers are COLLECTED by your cart, then PASSED to the gateway where they are processed. So you are responsible to ensure that the COLLECTION and PASSING processes are secure.
3. Use a hosted gateway service to process payments. This is similar to Option 2, in that it plugs into your shopping cart to accept payments, with one HUGE difference. That is, ALL collection, and processing, take place on the service provider’s site. Your cart is then required to meet reasonable security standards (to keep someone from diverting the traffic to a fraudulent site), but that is all. And MOST carts already have the goal of maintaining that kind of standard security measure.
In this kind of setup, the visitor adds items to the cart, hits checkout, and after reviewing shipping information, is taken to the processor website to finish the transaction. Only the CART CONTENTS are passed to the processor, NOT the financial data, presenting MUCH lower risks.
This kind of system includes the following processors:
- PayPal Standard – when the order is placed, the shopper leaves your site, and goes to PayPal’s website to complete the transaction.
- Authorize.net SIM – Be careful here! Authorize.net has TWO ways that it can be set up – one that falls under the process of option #2, and one that qualifies here. The shopper MUST leave your site before entering in ANY credit card data to fit in this category of risk and cost.
- YourPay Connect – Again, be careful! This service can be set up more than one way. But it CAN be set up to accept payments on THEIR site instead of yours.
- Google Checkout – Takes the visitor to Google’s site to make the payments. NOT RECOMMENDED. Google collects AND USES information regarding your sales, and it DOES affect your site traffic (that is what they are all about). I won’t use this, they really don’t need to be THAT INVOLVED with my business.
- 2CheckOut – Also takes the shopper off of your site to make the payments. Reputation is questionable, this service is used by a lot of scammers.
- Any other system that takes the shopper OFF your website before any credit card information is entered in.
- This is what CRE 6.4 does, and the category it falls into, it just does not allow you any other choice but their proprietary gateway for transaction processing.
Basically, what you are doing here, is OUTSOURCING the PCI Compliance. You are taking the worst of the headache and letting someone else handle it. Not a bad option. Credit card companies will then typically remove the requirement for quarterly scans, and require only that you fill out a form each year, IF that. If you use only PayPal Standard, or 2Checkout (or a few other all in one systems), you won’t even be required to fill that out.
When you hand the headache back to the credit card company, they can NEVER penalize you on that portion of PCI compliance, because it is THEIR headache, not yours.
Drawbacks may be that the site feel changes when they go to the payment processor. This is a common thing though, and generally does not significantly impact sales for small businesses (the equation may be different for big ones). Most systems of this kind (including PayPal) have the ability for you to brand your processor pages with your logo, and to choose between two or more layout options.
If you use this option, we recommend turning it to your advantage – state in your Privacy Policy that payments are not processed on your website, and that it is to protect the sensitive financial information of the shopper. Turn the disadvantage to an advantage.
So, those are your three options, and the rough idea of what is involved in achieving PCI compliance with your shopping cart. There are several other factors which you must also be aware of, to be fully compliant, and they involve things besides just how your cart is set up.
1. Choose software that is updated regularly, and that is not inherently risky. Avoid Resale Rights software for ANY kind of cart functions (TERRIBLY risky!), and avoid creating a shopping cart in FrontPage (it is outdated, and the code it produces is vulnerable), or Dreamweaver (for the same reason). The more popular Open Source carts are usually acceptable, though we cannot recommend OSCommerce or other dinosaurs.
2. You must ensure that security updates are done for your software. Generally this means having a policy to check for and install updates, or contracting this out.
3. You must have a policy for your business that minimizes risks. This policy should include two important elements:
- Avoid sharing site or financial data access with anyone unless there is truly a need, and they are trusted. In other words, don’t be careless with passwords and information.
- Don’t share passwords. Set up individual accounts for anyone who does need access to private information or to the site structure. This allows you to delete users if they leave your employ – very important if they leave with less than positive feelings.
It comes down to minimizing the risks where you can minimize the risks.
Much of it is common sense. Meeting the requirements need not be hard. The simplest strategy is this:
- Choose website software that is reasonably safe.
- Use PayPal Standard (or Authorize.net SIM or YourPay Connect if you are in a high end market that does not respond well to PayPal).
- Keep your website software up to date.
- Don’t share passwords, and limit site or hosting access to necessary personnel.
Those four items will pretty much address the need for very small businesses to be PCI Compliant.
Now, there are people who will tell you to get around all this by just having people phone in orders, and take the CC data over the phone. Not only will this pretty much make having a website useless, but this is MORE of a risk, not less, and the Credit Card companies require you to have a PCI Compliant policy for THAT as well.
This consists of security for handling of the CC data. It cannot be written down and left laying around. It cannot be written down by hand, or on a computer, and stored insecurely. Companies that DO this regularly have a secure software program and a payment gateway in that, OR they manually enter numbers into a terminal, so the numbers are NEVER stored in their facilities. They may store a name and last 4, but any storage of data must be secured, no matter WHERE it is.
So even if you don’t want to deal with an online cart, a merchant account demands certain standards of compliance.
If you have needs that dictate functioning beyond the payment options listed, then you will require a fairly high budget to meet them. That is the reality.
But by following these standards, and simplifying your processes, you can meet the need for compliance without additional expense. The expense and demands will only become prohibitive if you move outside the simpler payment options.
DISCLAIMER: This is my interpretation of the basic requirements. There are those who may disagree with my interpretation of it. Your merchant account provider is the final arbiter of precisely what is acceptable and what is not. If I have made any errors in my interpretations, I invite those with superior knowledge to correct me. I will correct and print any validated information which is other than what I have printed here.
CRE Did It Again
CRE Loaded just released version 6.4. They are selling 6.4 as a “PCI Compliant Shopping Cart”. They are claiming that there is no extra charge to implement the change. Both of these claims are false at heart. I know, I just threw down the gauntlet, but my statements are factual.
They didn’t make CRE PCI Compliant at all! They just avoided the issue in the same way that many other small businesses have already been doing. Their solution lacks originality, and is nothing new in concept. The software is not any more compliant than the previous version. It is still buggy, the same potential vulnerabilities exist. It is no more secure than any other Open Source shopping cart.
All they did is create a third party gateway service, and a wrapper. They achieved PCI Compliance by moving it OUTSIDE the cart. So it isn’t the cart that is compliant at all! And to reach their claims, you have to use THEIR service.
You can do the same thing using PayPal Standard, Authorize.net SIM, YourPayConnect, Google Checkout, 2Checkout, or dozens of other services, and if you use them, your cart is already just as compliant as 6.4 can be. And this is true of Zen Cart, OSCommerce, CubeCart, X-Cart, Magento, PrestaShop, and every other Open Source Shopping cart!
They are touting this as a revolution, when it isn’t even an evolution that offers anything worth getting excited about. The wrapper technology is the only new aspect, and even that isn’t that much of an improvement over existing solutions which DO allow you to coordinate branding (CRE implies that they don’t in their marketing).
That is deception number one.
The second deception they are perpetrating is “free”. They claim the service is free. But when you read the fine print, there are (obscure) indicators that put the lie to that claim. Things like “free when you use one of our merchant account partners”, or “save $69 to $149 per year over the cost of PCI scanning services”. PCI scanning services cost between $350 and $800 per year. Hmmm…. Seems that there’s too big a gap between those numbers to qualify as “free”.
In the same breath, they say that you can use it with your existing merchant account (conveniently leaving out any mention of fees). But they do not say you can use it with your existing GATEWAY, because they are replacing it. And that is all that they have done. They have created a GATEWAY service. They claim they have put a vast amount of money into the system, but what they put the money into was the integration of the service into the cart, and the creation of the wrapper system.
The sales pages for the gateway (CRESecure) do not have a chart of fees, they do not have terms and conditions where you can review them, they have no options but to signup. This means many people are going to be in for a nasty shock when they get far enough into the signup process to read the fine print – or perhaps that CRE is hoping they WON’T read the fine print until they get the bill! The wording on the pages makes it obvious that someone went to a great deal of trouble to cloak the hidden costs and to make it appear to be something other than what it is.
There is no way to compare options – instead they wish to make it appear that there ARE no other options. If theirs really is best, why don’t they allow you to freely access the information you need so that you can make an informed choice? Do they really think that forcing people into a situation where they have to make a blind choice is the best way to maintain customer satisfaction?
The service is now so tightly integrated into the cart that the new version of the cart does not even offer you the option of NOT using it for a new install. This means that CRE has gone the route of attempting to FORCE people to contract a service from them in order to use their cart. Now, I’m sure they will tell you that you can still use the cart WITHOUT using their service. But they have gone to great lengths to make it appear that you cannot, or should not! And the install process is replete with dire warnings if you don’t!
Their current marketing of the cart consists of misleading statements with the goal of scaring you into using their solution. If you question them, they show you the PCI compliance documents (confusing and intimidating to the average site owner), and to make it appear that you have only TWO choices to achieve PCI compliance – use their service, or spend thousands of dollars to do it on your own.
The fact is, you can use one of the existing services (PayPal Standard, Authorize.net SIM, 2Checkout, YourPay Connect, Google Checkout) and achieve the same level of compliance – ANY established and reputable payment service which processes the credit cards on THEIR site instead of within your cart achieves the same degree of compliance as the CRESecure system.
They have promoted this in a dishonest fashion. Call it what they like, and twist it how they wish, it is still dishonest, and misleading, and it creates a dependency between the cart and the company’s services that is unacceptable for small business owners who need full ownership control of their websites.
Get honest, CRE! Growth doesn’t come from forcing people to do it your way. It comes from openly and freely offering CHOICES, and in being up front and honest about what those choices REALLY are.
It really does make one weary. Because it seems that each new version comes with the same longstanding issues, and new layers of what was a bad idea last time. You can explain, complain, and question, and they still doggedly stick to their unsustainable and unwise course. The problems don’t get fixed, because the philosophies never change.
Update on eFront – A Student Speaks
I asked my friend and associate, Kerry Crawford, of WhoMadeYourSite.com run a test on the student interface in eFront. This is her commentary:
Here is me trying to get to a lesson in a course.
1) Took a minute to work out how to register. The button says “I don’t have an account” rather than something like “No account yet? Register here for site access.” A small thing but may confuse some people.
2. Once I was in, I got a green checkmark with “You have registered successfully”. Should also say something about now that you’re registered, please choose your course from the list below and add it to your cart.
3. I really like that you can hover over a course name and get a brief syllabus.
4. if you click on the course title you get an add button with a price. This is good – assuming there is an instruction added to choose your courses and add them. Do not like the course topics are listed here because when you click on one you get an add to cart button that makes it appear as though this is something in ADDITION to the main course rather than PART of the course. Also when you click on a course topic and get the add to cart button you also get a list of lesson content items that don’t do anything when you click them. Would like to see topics and lesson content items hidden so all you see it the course title withsyllabus on hover and the ability to add it to cart when you click it.Moving Along…
So I add the free expert certification course to my cart (cart is not obvious- would like to see a cart image or a big YOUR CART or someting) and then I click Continue. I get taken to a page that says Please Log In To Complete Registration (which is a bit confusing considering the green congratulations message I got earlier). Nonetheless, I log in.
I get a blue bar that lists the course I chose and shows a blue Free Registration button. I think I have already registered but okay – I’ll click it. Now I see 2 courses – the first is Marketing Plan – which if I click it I see I can register for for $25. The second is my course and all of the 9 topics are listed. Would like to see my course at top and Other Courses You Can Take underneath or to the side
I click on the first topic in my course – Protecting your domain name. I get a screen that lists sub-topics for that lesson – which it turns out cannot be clicked – and a message saying that I already have the course Website Ownership. Huh.
After some thinking I click on My Lessons on the left – there is no reason to click that because no lessons are listed. But I click it and lo and behold a list of the 9 lessons comes up. I click on the first lesson and the sub-topics come up. I click on the first sub-topic and it opens.
SO if you are very persistent you can get there. But it is illogical to say the least. I like Moodle about a zillion times more than this system. If you don’t like Moodle there has GOT to be something more intuitive than this out there. Yikes!
I am going to try to address these concerns, and hope that I can do so. The other things have not been complete show stoppers. This could be.
I was able to set up the Groups with an access key, and that seemed to work on my test runs, and it was easy to spot – though the name doesn’t really tell someone what it IS. This feature is a big thing for me, because this is the one major thing that eFront offers that none of the other LMS packages even hint at.
So far I’ve not seen much in the way of organizational or layout flexibility, though I’ll dig and see. The lack of helpful documentation for things that people actually DO is getting in the way of knowing what the system IS fully capable of. This is common with Open Source, and we expect it to a certain degree, though a more functional forum search would solve much of that (and not just for eFront).
The Twitter Implosion
No, I’m not talking about Twitter collapsing under it’s own weight… not literally anyway. I’m talking about the process and change that any popular app goes through, and where Twitter is in the process.
Online, highly popular things seem to go through a process:
1. New and fresh. As such, EASY to get found, if the application is gaining popularity. It is easy to ride the crest of the wave, because you have relatively little competition, and a growing audience base.
2. Commoditization. It becomes common, others start building businesses off the side of it, and people start producing reams of “how to” instructions, touting the benefits, never mentioning that the environment they used to achieve the success is now no longer the same environment because it has grown so much. At this point, everyone is trying to jump on, it becomes a huge fad, and people say good things about it even if they are no longer true, because they are just DOING it, believing that it HAS to be good, not really analyzing the real effect. The company may go corporate at this time, instituting changes that are subtle, but which have major effects.
3. Exploitation. With popularity, comes exploitation. Spam follows any success. And it is not really controllable. As the communities respond to reduce spam, the spammers devise ways to circumvent the limitations. The environment usually ends up being about 10% what you want, and the other 90% trash. During this time, the company may respond to adjust the app to compensate – often doing so kills the spark of originality that made it grow so well in the first place.
4. Implosion. The combination of increased competition, and increased spam and corporate compensation for problems, combine to vastly reduce the effectiveness of the environment. It still grows, but the legit growth actually begins to decline, and the number of people using it in daily life for useful purposes declines. The spam growth continues to escalate, which makes it appear that it is still successful, but close analysis reveals that it is actually declining in real popularity. The big movers and shakers will become bored with it – some will hang on peripherally, maintaining a lackadaisical presence, others will wander off to the next promising thing.
5. Equilibrium or death. Somewhere, after going through all these phases, a state of equilibrium may reached, where either the spam is controlled enough that a sustained legit user base can be either mainained, or increased slowly, or, the venue gradually declines in legit use and the spammers take over. Alternately, the combination of uncontrolled exploitatin, corporate policies which strangle value, and loss of popularity gradually kill the environment. We’ve seen this happen with many online venues and with many marketing tactics. Only some really ever recover from the implosion, and those that do often do so at the expense of the value to the legit users.
I’m not predicting doom and gloom. Nobody knows WHAT Twitter will be after the implosion. But I think that it is either close to this point, or in the middle of it now. With very popular things online, it is inevitable. FaceBook has already been hit, and seems to be surviving, though the value is decreased due to the spam attacks and high competition in the venue. Linked In hasn’t really hit the Implosion stage yet because it hasn’t really taken off with that rabid popularity. YouTube is surviving it, though with reduced value, and MySpace has passed it and gone into slow decline. Google hit it, and is now in a slow decline, due largely to corporate policy which is strangling the value.
I don’t Twitter. I don’t have time. But if it were not for this impending implosion, I might have decided it was worth my time to try it out. But having watched many venues go through this, I knew that the value was temporary as it was at the time, and that if I neglected to get on board, it would pass, and something else would come along. If you miss out on Twitter, no biggie. There is more to life than Twitter, and something else will come along to replace the hype.
In general, the bigger the faddishness of it, the faster it fades into oblivion after implosion.
And if Twitter is your life, then you need to learn how to live!
Gardening doesn't have to be that hard! No matter where you live, no matter how difficult your circumstances, you CAN grow a successful garden.
Life from the Garden: Grow Your Own Food Anywhere Practical and low cost options for container gardening, sprouting, small yards, edible landscaping, winter gardening, shady yards, and help for people who are getting started too late. Plenty of tips to simplify, save on work and expense.
