The Third Degree for Your CSP
Companies new to e-commerce typically can count on significant savings by outsourcing part or all of that new business to a Commerce Service Provider (CSP). Once outsourced, however, it often becomes prohibitively expensive to change course. We've put together a list of questions merchants may want to ask when evaluating a CSP. The importance of each question will, of course, depend on the individual budget, security, service and other requirements of the particular business.
Examine overall CSP infrastructure, matching it to your needs:
· What OS, Web server, application server, commerce software and payment system does the CSP use?
· Does the CSP specialize in custom hosting, or does it rely on a specific set of services and products?
· Does it specialize in business-to-consumer or business-to-business commerce?
· Can CSP software be easily integrated with corporate databases or ERP systems?
· What language is used to achieve back-end integration? Java? CGI? JavaBeans? Javascript?
· How scalable is the CSP architecture? What will the CSP promise to deliver in terms of scalability?
· If customer support isn't supplied exclusively through HTML, will the bulk of customer browsers support the language/script used?
· Does the CSP provide unlimited e-mail forwarding and autoresponders?
· Does the CSP provide marketing services to advertise your site or services, such as online meeting places for customer retention?
· What responsibility does the CSP take for ensuring ongoing hardware/software bug fixes?
· What standards are supported? Open Buying on the Internet? EDI?
· What help-desk support is provided (hours of operation, average number of calls handled, number of employees per shift)?
· Will the CSP provide account execs at your corporate location?
· How large is the staff dedicated to operations? How about to design?
Check out network performance/reliability in advance:
· What is the aggregate bandwidth at the hosting location?
· Is average bandwidth no more than about one-third of total bandwidth?
· What promises is the CSP willing to make concerning demand surges, both with and without forewarning?
· With which Internet backbone providers does the CSP have its own peering agreements and at what locations?
· What products are provided to let you perform advance and ongoing stress testing? What is the average packet-loss rate?
· Does the CSP continuously monitor traffic to pinpoint hard-to-detect router loopback problems that can radically cut into traffic volume?
· Are servers shared or dedicated? If shared, how many sites are on a typical server? If dedicated, are they dedicated to a site or to an individual application?
· Can the CSP provide full backup to a second site? Is there server redundancy? Load balancing? RAID?
· What type of UPS support is provided? What percentage of hosting customers can be supported on backup generators?
· How often is data backed up?
· How extensive is redundancy (servers, power, UPS, generators, sprinklers, network and so on)?
· Are service-level agreements available? What are their terms?
Ask pointed security infrastructure questions:
· Is SSL supported? VeriSign?
· What strength encryption is used?
· How is information sent back to merchants from the CSP protected?
· If, for security policy reasons, you rely exclusively on port 80, will the CSP honor this requirement?
· How does the CSP store certificates or credit- card information (right on the server with password protection, or in special, secure hardware)?
· What additional physical security is afforded for certificates or stored credit-card information? Is this information in a locked room? Is password access limited to a specific set of employees? Is there an automated log of changes to these servers?
· What physical security exists for the site as a whole?
· What provisions are made for certificate management and revocation?
· What firewall products are used? Is a single firewall used, or are there separate firewalls between applications?
· How often does the CSP check out security through its own audits or audits by third parties?
· How often are servers updated to reflect the latest known security holes?
· Is e-mail scanned for viruses?
Don't underestimate the importance of ongoing site maintenance:
· What Web authoring tools can be used?
· Can the site be updated from a browser or a template, and will you be restricted to one or the other?
· Is special software or expertise required to update a site?
· How difficult/costly is it to update a site?
· Can you delegate multiple levels of authority for site upgrades among employees, each with his or her own password?
· Are you limited to FTP (and not Telnet) to make server updates?
Be aware of hidden costs and multiple billing models:
· If you don't already have a business plan, will the CSP help you develop one and, if so, at what charge?
· What special fees are charged for setup, monthly service, transactions, data transfers, online credit-card processing, server backup/mirroring, application use (such as shopping carts, catalogs and so on), secure servers and vaulted servers?
· Are special fees collected according to number of catalog entries, server disk space allocation (for example, application, e-mail, orders, databases), number of e-mail accounts, ability to stress test the performance of the site or SLAs (service-level agreements)?
· What is the cost for design and back-end integration? (Bear in mind that these charges are the most likely to be underestimated.)
· Is there a fee based on overall site revenue?
· Does the CSP or its partners provide warehouse management or fulfillment services? What are the fees?
Check out consumer/business partner billing:
· Does the system support routing by billing type (credit card, check, invoice)?
· What payment systems are used (such as CyberCash, Veriphone)?
· Does the system support purchase orders/invoices?
· Does it support personalized billing, coupons or other customer-specific services?
Explore customer-care services:
· Does the CSP support online calculation of delivery costs automatically for services such as the postal system or Federal Express?
· Does the system generate mail to you and/or your customers when an order is placed or an item is shipped and received, as well as the name of the person signing for it?
· What personalization services are possible?
· Is the CSP help desk available to answer inquiries from you and your customers (and during what hours)?
· Can the CSP track membership for organizations or associations?
· Does it offer bidding or other specialized services?
Don't forget back-end reporting:
· Can the CSP provide site-traffic analysis, aggregate sales data and statistical analysis?
· Can it provide customers' order histories?
If buyers are outside the United States:
· Does the CSP provide multilingual/multicurrency support?
· Does it provide automated calculation of costs, including international shipping and tariff considerations?
· Are there limitations on the above services that would make it more practical to limit sales to North America?
· If international support isn't automated, is it provided in a consulting capacity?
· Does the payment system support debit cards (popular outside the United States)?
· Does the CSP support strong encryption globally?
|
REPORTS
ANALYTICS
Follow 
