NPI's Cascadia Advocate

Offering commentary and analysis from Washington, Oregon, and Idaho, The Cascadia Advocate is the Northwest Progressive Institute's unconventional perspective on world, national, and local politics.

Sunday, October 20th, 2013

Marco Rubio is wrong: Setting up a website where people can buy something is not simple

This morning, Senator Marco Rubio of Florida appeared on Fox Noise Channel’s Sunday morning show to talk politics with Chris Wallace. One of the topics the two men discussed was the rollout of the Patient Protection Act’s online exchanges, which unfortunately hasn’t gone too well. (Many people have tried to use the exchanges, only to be foiled by glitches and errors).

During Rubio’s appearance, Wallace asked if Republicans were perhaps overstating the extent of the problems. Rubio replied:

No. You know, they need to get 7 million people on this thing. So, at the rate they’re going, even by their own numbers, it’s going to get there. Of course, many of these people that are filled this out certainly had made mistakes. Many — some won’t qualify.

Beyond that, you know, there is a lot of work to be done, in terms of getting other people on there, and there is no mechanism for them to be able to do that.

And let me tell you why that’s concerning — if enough people don’t sign up for this program, certain background in terms of health and so forth, the premiums on this program are going to become unaffordable. It gets into the sort of debt spiral where the premiums keep going up and then the whole program collapses.

And that’s the direction that we’re headed in.

But, again, I… the point that I wanted to make was, setting up… in [the] 21st century, setting up a Web site where people can go on and buy something is not that complicated. People do this every day. The inability of the federal government to set up a Web site where people can go on and buy something like health insurance does not bode well for the much more complicated elements of this law that are yet to be rolled out.

Emphasis is mine.

To me, Senator Rubio’s comment shows just how out of touch he is. I bet he’s never had to set up a website where people can “go on and buy something.” I have, and I can say from experience that Marco Rubio is wrong. Setting up an ecommerce storefront and getting it to work properly is a complicated endeavor.

Let’s consider what is involved, shall we?

We’ll begin by discussing the difference between just publishing something on the Web and doing business on the Web.

Web publishing is easy to do. If you want to publish something for the world to see, all you need is a computer or a device that can connect to the Internet (which most Americans have or can get access to). You can set up a blog or a web page in minutes using any number of different platforms. You can also establish an account on Facebook, Twitter, or another social network.

Doing business on the Web is not as simple as publishing to the Web. Why? Well, because when you buy or sell goods and services on the Web, you exchange sensitive information with other people. Typically, that includes your name, address, phone number, email address and your payment details, including credit card number. Or maybe even your bank account number and bank routing number.

This information needs to be properly stored, and handled with care while it is in transit. This is where encryption comes in.

Ordinarily, when you connect to a website, you do so over an unencrypted connection. In other words, the bits flowing between your computer and the remote server (i.e. nwprogressive.org) are being transmitted in the clear, which means your communications can be easily intercepted and read by others.

Most web browsing happens over unencrypted connections. There are those who believe encryption really ought to be the default, and we are among them.

However, encryption is the default for ecommerce sites already. It has to be, because otherwise that sensitive information would be transmitted to and from websites in the clear. It is ridiculously easy to eavesdrop on unsecured web traffic.

To guard against snooping, we have SSL (Secure Sockets Layer) and TLS (Transport Layer Security). These protocols scramble traffic before it goes over the Internet so it can’t be easily read. SSL and TLS aren’t foolproof – in fact, we recently learned the NSA has compromised them – but they nevertheless provide important protection against snooping and eavesdropping. SSL and TLS are used by ecommerce sites large and small, from Amazon and Newegg on down.

An entrepreneur not worried about branding or having full control over their users’ experience can use a site like CafePress to set up a store. CafePress is essentially an online marketplace that lets people buy and sell merchandise. Sites like CafePress take care of all of the hosting, maintenance, administration, and security.

But, if you want to set up “a website where people can go on and buy something”, as Senator Rubio put it, you become responsible for those things.

To get started, you need:

  • a domain name for your website that reflects your brand or company name
  • a web hosting account that supports secure hosting and comes with a unique IP (Internet Protocol) address
  • a secure certificate
  • shopping cart software to run your storefront (either a standalone solution like Zen Cart or a bolt-on ecommerce plugin like WooCommerce for a content management system like WordPress)
  • a theme (set of templates) to control the look and feel of your store
  • optionally, addons to allow your shopping cart solution to talk to your payment processor and simplify order fulfillment

Nearly all of these things cost money, so the first order of business is really raising money to set up the store. Minimally, an entrepreneur needs a few hundred dollars for the above. That doesn’t include any other startup costs.

People expect to be able to pay by credit card when they shop online (it’s the standard) so if your intention is to operate an online store that does a lot of business, you simply have to have the capability to take credit cards. To do that, you’ll minimally need a bank account and a payment processor.

You can outsource payment processing to PayPal, but serious merchants avoid PayPal because PayPal isn’t a bank and doesn’t have to follow federal banking regulations. It’s better to have a merchant services account and use an alternative payment processor that can integrate tightly with your shopping cart. That way, you have complete control of the checkout process.

If you accept credit cards, you must comply with Payment Card Industry Data Security Standards (PCI DSS). PCI DSS is essentially a set of mandatory best practices for handling cardholder information that evolved from five separate standards created by Visa, MasterCard, Discover, JCB, and American Express. The requirements are complex – the document explaining them runs seventy-five pages.

Some businesses must also comply with federal laws like HIPAA and Sarbanes-Oxley (Sox or Sarbox) if they take/store certain kinds of sensitive information.

Before you can do any test transactions, you have to set up your bank account, merchant services account, and web hosting account.

As mentioned above, your website needs to have its own unique IP address. This is because older computers and smartphones running older operating systems don’t understand Server Name Indication. (SNI is a technology that allows multiple websites to share one IP address for secure connections). Because IPv4 addresses are scarce, getting a unique IP often costs extra money.

You also need a secure certificate so that users don’t see an “Untrusted” warning in their browser when they visit your store. There are many different types of certificates available to choose from. The ones with the most bells and whistles are called EV (Extended Validation) certificates. If you get one of these, users’ browser URL bars will turn partially or completely green when they visit your online store, signifying a secure and trusted connection.

After you buy a certificate, you’ll need to install it, just like everything else.

Once you have all of this, you need to decide what shopping cart software to use. Again, there are many choices. Some solutions are more feature-complete than others. WooCommerce, for instance, is a free plugin that lets you set up a store inside of the content management system WordPress, but you’ll have to buy add-ons to make it work with your payment processor and your courier of choice.

Shopping cart solutions are designed to help you do the following (and more!):

  • Set up product pages and upload product images
  • Create promotions and optionally promo codes
  • Manage product inventory; disallow sales of a product when the existing inventory has been depleted, or switch the product to backorder/preorder
  • Calculate sales taxes or other taxes and add these to the total
  • Calculate shipping charges and simplify order fulfillment if you’re selling a physical good of some kind that will need to be delivered
  • Perform address verification and transmit credit card information to the payment processor for authorization and capture
  • Email the customer a receipt after they complete a purchase

Even though shopping cart solutions cut down the amount of work that’s involved, they still need to be configured. Most software packages come with a large number of controls to accommodate users who want to be able to fully customize their stores. Learning what all the different controls do can take some time.

People do, as Marco Rubio said, set up online stores every day. But that doesn’t mean it is easy. Is it as complicated as, say, rocket science, to use the cliché? No – setting up an online store is easier than stepping into the shoes of a NASA engineer or scientist. But it’s not a piece of cake, and it can’t be done in a day, even by someone with a lot of experience. There’s just too much work involved.

Think about all the decisions that go into setting up a business and a store. There are some big ones. Choosing a bank or credit union. Choosing a merchant services provider and payment processor. Choosing a web host. Choosing the software that will run the store. Choosing a courier or couriers.

I have set up donation infrastructure for nonprofits and ecommerce infrastructure for for-profits. Every project I’ve done or helped with has been complex.

I’m guessing Marco Rubio has never set up an online store, otherwise he would not have gone on national television and said “setting up a Web site where people can go on and buy something” is “not that complicated.”

Because it actually *is* that complicated.

I’d wager that if Rubio had to create his own online store from scratch, even with a small team of technical advisors and consultants at his side, it would take him weeks. Even if he was doing it for a firm that had already incorporated.

There’s no question in my mind the rollout of the exchanges could have been handled better. In the software world, you don’t release to manufacturing or go gold until you’ve done a sufficient amount of beta testing.

The Obama administration is realizing this. They weren’t prepared enough for October 1st. They’re now bringing in programmers and Web infrastructure specialists to help make healthcare.gov and its associated websites work better.

It would be nice if Republicans were interested in being constructive and making the Patient Protection Act work. But instead they’re bent on repealing it. They would rather make political hay out of the online exchanges’ glitches than fix them.

Adjacent posts

  • Donate now to support The Cascadia Advocate


    Thank you for reading The Cascadia Advocate, the Northwest Progressive Institute’s journal of world, national, and local politics.

    Founded in March of 2004, The Cascadia Advocate has been helping people throughout the Pacific Northwest and beyond make sense of current events with rigorous analysis and thought-provoking commentary for more than fifteen years. The Cascadia Advocate is funded by readers like you: we have never accepted advertising or placements of paid content.

    And we’d like it to stay that way.

    Help us keep The Cascadia Advocate editorially independent and freely available by becoming a member of the Northwest Progressive Institute today. Or make a donation to sustain our essential research and advocacy journalism.

    Your contribution will allow us to continue bringing you features like Last Week In Congress, live coverage of events like Netroots Nation or the Democratic National Convention, and reviews of books and documentary films.

    Become an NPI member Make a one-time donation

One Comment

  1. Nice job schooling Senator Rubio. He and his staff probably won’t see this, but you’ve certainly demonstrated he doesn’t know what he’s talking about.

    # by Michelle Heng :: October 29th, 2013 at 11:20 AM