Of course I can see the "value" of eCommerce integration with DNN.
Then again, dependending who you ask such integrations are not always favorable. For example, some sites as well as some hardgoods suppliers are quite against forums, product user reviews etc. In fact, many a site will eliminate non-favorable product reviews as it results in items not selling.
When it comes to eCommerce our business knows its stuff.
Primary concerns related to a integration module for eCommerce is security. If such a beast uses for example the same database as DNN is using and ANY customer data sits in there that's a pretty sizeable risk to take. Should the database be compromised be that varied personal information(s) or worse yet account data, customer passwords that are used as well at perhaps Amazon lets say the proprieter can be in very (very) deep trouble.
While I've never heard of a webmaster/business held legally accountable for a security breach, ie: by law. I have heard of many where the proprieter's are held accountable by the end consumers (litigation) and more so by the card holders banks and associated card franchise.
Security on a "photos" website as you pointed out is not a biggie. Security even among some corporate presences web's may not be an imperative. When it comes to eCommerce however security is THE imperative. While a propriter may be able to go after the author/development house(s) who build xxxCART usually the disclaimer's in the user agreements attempt (and I do mean attempt) to remove them from any liability. Such agreements are not always really legally binding but that's another topic.
If DNN is to support integration of eCommerce then said integration best be secure. If it's not then that's of tremendous concern not only to end users or web masters, host firms etc. but DNN Corporation itself. Take a fictional event... Joe's DNN Sports Store which is a small business thats a success on the net gets compromised. A successful small business in bank terms is one that makes in the areas of 1.5-4 million in revenue a year, a little factoid. Let's say 7,000 peoples personal cards (debit/credit) are compromised as well as their personal information.
Legally a brick wall just was hit in many areas.
Knowingly for example utilizing a system that could readily result in consumer cards compromised (depending on what state one resides in) can result in many different zones. Injunction, effectively "done doing any business" until such a time as the courts figure things out (years). Liability, being responsible for appropriate reparations. Court order disallowing the company to engage in eCommerce period or even business period. Then we have the cardholders banks, card franchises.
Business wise it can be a complete kiss of doom.
Now lets take a host provider, yourself. You are responsible for selling Joe's the hosting, setting up DNN, built the site... the works.
Best to be sure your disclaimer protects your business and that said disclaimer REALLY DOES (as in REAL LAW when it "hits the fan" disclaimers often dont hold up AT ALL against District Attorneys, Banks, Card Franchises, Class Actions brought on by consumers and/or those representing them).
See... when it comes to peoples FINANCIAL information online a proprieter, site builder etc. MUST take into account the PRIMARY ISSUE of security. It often isn't (but should be) the PRIMARY CONCERN. Features, this/that are what is reviewed.
Now you might think that if such theft were so prevailing on the net you'd read about it all the time! If you choose to you can but you need seek it out. Most events are dealt with via plea bargains and somewhat quietly. For enterprise merchants such as say Overstock, Amazon, BestBuy etc. if consumer data is hacked you wont hear about it. The legal end of things are handled by firms that deal with catching perpetraitors and handling things PROPER. The reason comes from numbers of scale. Visa, MC etc have GOBS of money to loose, consumers interests not to mention the heaping gobs of money those businesses deal in. It is handled COMPLETELY different than Joe's 4 million a year revenue operation. His 4 million is nearly NOTHING to banks and card franchises, he exists as a small business. If he's under 1 million a year he barely exists at all in fact.
The fact is it is indeed a prevailing issue on the Internet. Millions (millions) of peoples cards are compromised every year and not just by phish or trojans etc. Unsecured eCommerce sites are a HUGE and growing issue, states AG's, DA's, Card Franchises and Banks are not treating it the way they used to in the early web years. They now come at it from a blood point of view. ie: IS the business entity competent and were they capable of PROTECTING information? No? Big trouble. Said business entrusted by contract the site, security etc. to a host firm and website creation firm. Were they competent and capable? No? Big trouble for them.
Things have changed and continue to change.
If you dont believe me then its simple... Give Miva Corp. a call, talk to their security/corporate legal people and they will spin your mind with "what happens on the web" and is also WHY they are/have been an industry leader in small business commerce. They dont take it for granted that their software is secure, they pound on it. They pound on it in a fashion I can assure you than DNN has never been pounded on and probably never will really. Not to be anti-DNN or anything. We use DNN for some work.
We can get more complex. Joe's takes orders globally. He has a merchant account (or even PayPal) and takes orders from lets say Europe. Site again has been compromised. 1000 of those people reside in England, Germany, France. eCommerce law various from nation to nation. Germany has very strict privacy laws. Those people file, they file with the card franchise, they file with German authorities, German authorites file formal complaint with the US Government. Odd's are when this hits the US Courts they will turn to you and go, "Hey! You engaged in International commerce and the fact you were unaware of the rules thereof for said nations is not an excuse. You are at fault." and whatever the judgement coming out of Germany was you will be hit for. This is WHY corporations such as Amazon have Amazon.uk, Amazon.this, Amazon.that. These are indeed Amazon but they are in fact seperate businesses and those entities sit in compliance with a given nations laws.
DNN is free. No "nation" in the globe (well perhaps a few) might try take out after DNN corp for an information breach, perhaps a few have tried. Dunno. Want add eCommerce to the mix and well... best make sure the right ducks are in the right rows. If the module is going to be purchased then again, more complex. It may well be fully compliant with US general expectations, doesnt mean its fit for Germany. As a store proprieter, web master, host firm building sites this is all VERY important.
See... we've been down some of these roads and experience is a good teacher.
Eventually we asked the help of a friend who literally worked at the Pentagon for Nortel Networks. We set up some carts and for the most part he knocked em' down. He was Nortels Lead Security Admin for the Northeast USA. He finally decided rather than us spending several hours setting up carts which his "tools" would knock down often in minutes to find us a commerce solution. He found us Actinic Catalog, comes from Europe where security is held far more imperative than the USA. While we have not upgraded it over and over thus I cannot say how it is now I can say it was BY FAR the finest eCommerce software we'd tried/used and we tried GOBS of em'.
Whats important to take into account here is that just bandying about the words "cart", "features", "ecommerce" is all well and fine. But whats important in such software/modules is not just integration, not just features but most paramount the security of customers.
In the case of DNN that to me as a developer/engineer means a seperate and secure database. It should not use the DNN database for ANYTHING other than Log-in information.
|