Prestashop Review & Suggestions

[wbclassics]

I've been involved with eCommerce websites since the mid-90s when our company first launched a small store that used a CGI perl script and a flat file text file to hold product / session data.  Since then, we upgraded to a customized osCommerce in the early 2000s, and have been building on that.  However, for anyone that has worked with osCommerce knows, it is a mess to configure and customize.  We've been looking to ditch osCommerce for about 18 months now.

 

I've been watching Prestashop and Magento closely, and feel that Prestashop is the better solution for our business.  Magento is quite frankly a resource hog with many special needs, it is also incredibily (overly?) complex to configure.  Magento is better than osCommerce.  Prestashop on the other hand is quick and has a small system foot print, and is also easily tailored.  In fact, one of the things I liked the most about Prestashop is the rather generic plain, but simple and clean, theme it comes bundled with.  It is very easy to alter Prestashop's look and feel with less work than it takes to alter oSc / Magento / others.

 

I recognize that Prestashop, like Magento, is being developed by a commercial software firm.  The obvious implication is that Prestashop's developers will use Prestashop as the basis for the eCommerce sites they build for clients.  They'll also reap the benefits of people that want to purchase predeveloped customizations (modules, themes, etc).  Giving the software away for free builds thier user base, the larger the user base, the larger the potential market for the modules / themes.  Magento is doing the same thing, and plenty of people sell custom osC modules and themes.

 

As I've said, I think Prestashop is the best choice out there for an easy to use, "full featured" shopping cart platform.  However, some basic features still need attention before Prestashop can be considered a real option for people looking to migrate to a new shopping cart or those setting up a store from scratch.

 

I.  Payment modules.  Almost all of Prestashop's competitors come with more payment modules as standard.  The ability for a customer to pay for a purchase is one of the most basic functions of the store, if the customer can't pay, no sale occurs.  Prestashop essentially has only one built in payment processing module, PayPal (which according to many on this forum, does not work correctly).  The bankwire and cheque modules are of limited value to most merchants as they don't do business online through those means. 

 

For Prestashop to be viable to the largest audience, it needs at least a payment module that collects credit card information for offline processing.  This would be for established or new business with their own credit card processing machines onsite, where they can simply input the customers collected data as they would say a phone sale.  PayPal is not an agreeable solution for most companies, especially if they already can process credit card data on their own.  This basic credit card data collection module should be included with Prestashop free of charge at part of the base bundle.  (The CC collection module needs to work with SSL)

 

Additional payment modules (Authorize.net, LinkPoint, 2CHeckout, etc) should be modules that individuals pay for if they require these highly customized and specific modules to process payments in real time from their shop. 

 

II.  More focus on large markets that require specific geographic subsections.  I am of course mentioning this because of the need for the USA individual states to be included in the customer billing / shipping addresses and for tax reasons.  Canadians would also have similar neesd.  I know the Prestashop team is French, so the focus may have been more on the address standards of the European nations, but North America is likely to be one of Prestashop's largest markets so attention needs to be spent on the proper implementation of the states/regions features.

 

III.  Prestashop's developers / owners shouldn't forget about marketting their software.  This is one area where Magento's team has done extremely well in my eyes.  They've managed to get Magneto bundled into some server control panel software (Plesk), as well as partnering with large hosting companies to offer Magento installations for customers.  What an EASY way to increase your base, the hosting companies get to offer a new piece of software as part of their package, and Prestashop gets new users. 

 

The overall exposure that proper marketing creates is important also, at any given time (since March 31st) one can find 400+ individuals on the Magento website.  Contrast that with the "Most Online Ever: 75" users that have been on the Prestashop forum section.  It is obvious that Magento managed to create the bigger buzz, even though when the too products are compared, many people would prefer Prestashop.  The Magento guys sure do blog a lot, perhaps Magento's devlopers should be blogging more and creating more hype. 

 

That'll round out my overall review.

 

The only thing keeping me from implementing Prestashop for my company is that it is currently in release candidate status, the inability to handle USA States (for shipping & taxes), and the lack of a basic credit card data collection module.  I can wait for other features like the Wishlist, CMS, GoogleCheckout, Product Reviews, etc... none of those greatly impact the ability of the customer to pay for a purchase, nor will a customer leave a store because they can't write a review.  Those are nice features, but as I explained, having basic payment modules is a much higher priority.

 

Hopefully the developers will appreciate this feedback.  I will continue to help the Prestashop community and developers by looking for bugs and reporting them, and helping when I can.  I realy like Prestashop, so I want to see it survive and grow! 

 

Thanks Prestashop Team!

[Pursuant]

THANK YOU! Someone said it! I have been here for about... 4 months and have been unable to get a simple module for offline CC processing. It is a really simple request that has gone unanswered. It shouldn't be that hard, should it?

[revehead]

Yes, i am missing the most used payment method in Europe: cash on delivery. It was included in v0.9.7.1 but now it is missing...

[moonpies]

wbclassics:  Thank you for taking the time to write this thoughtful post.  You have made some excellent points.  These things have been in my thoughts as well, but I was not sure this forum was the place to air them.  (A similar post at M's forum was deleted but is still available through google's cache.)

 

Your analysis is spot-on.  I consider PrestaShop the best solution for my business, too, and I have carefully investigated what is out there.  M has an unacceptable loading time, and as far as I can see, it always will have an unacceptable load time, at least in part because it is based on the Zend framework.  It is also extremely difficult to install (understatement).  

 

I.  Payment:  I fully agree about the payment module.  Many of us, especially small merchants, cannot or do not want to deal with the added security necessary for directly collecting cc info and protecting a database with cc info in it (and the liability which comes along with it).  We will probably go with services like Authorize.net, First Data, CCNow, CDG, MerchantPlus, 2Checkout, LinkPoint, etc.

 

But, companies like yours, who either already have a brick-and-mortar or who have already invested in the necessary online security (not a small investment!), should certainly have the module you described as a standard part of the package.

 

PayPal.  I understand that not offering PayPal may take a bite out sales, as there are many out there who only use PP for their online purchases.  I am very leery of this unregulated company.  The higher fees charged by CCNow might be worth it, if one wants to avoid the PayPal nightmares but still offer PP as a payment option.   Personally, I'll either go with CCNow or not offer PP as an option, so I don't care about PP integration myself.

 

Google Checkout: Would be nice, but not a priority for me.

 

Bankwire and electronic cheques:  I think these will become increasingly popular in the US.  The CC companies won't like it, of course.

 

SSL:  Needed for collecting any customer info, not just cc#s.

 

II.  Ability to collect US state/Canadian provincial sales tax:  Absolutely necessary.   I must have the ability to collect sales tax for residents of my state, and my state only.  It is the law, and I cannot go live without this!  The Canadians have an even more difficult task, as they must collect GST and then add PST on top of it.

 

This should be available in the next release, so I am not sweating it.  So far, everything PS has promised to fix or add in the next release has actually been realised.  At least as far as I have seen.

 

III.  Marketing:  I wondered about this, too.  M seems to have all the hype.  By far.  But then, I got to thinking about it, and I think PrestaShop is playing it smart.  Save the hype for the stable release version.  I am glad they are concentrating their efforts on perfecting their product rather than promoting it for now.  

 

Numbers:  A function of the hype.  Plus, do you really need 400 members online in a forum at one time to report bugs?  Obviously 70 will do, and may be easier for the staff to handle.  

 

The numbers which really tell: who is actually using the product.  Google "powered by prestashop" and you get over 10,000 hits, most of which are active online stores.  Do the same with M and you get less than 600, many of which are M hype sites.  

 

I'm with you all the way on being able to wait for the "extras".  Wishlist would be very, very nice, but I can wait.  I will never use product reviews (no point in them for unique items like art, antiques, etc.), but even if they were important to me, I could wait.  CMS, maybe, but I can wait for that, no problem.    

 

Note to the PrestaShop team:  Keep doing what you are doing.  Fix the bugs, get the state sales tax feature working, add the payment module, and save the blogging for later.  PrestaShop loads fast and installs in a snap.  You really don't need to worry about the competition.    And, oh yes, thank you!

[mimran]

spot on, spot on

 

is there not a member around who can write a module for payment for the popular ones?????

might be quicker this way eases the stress on developers as the mile is still long.

[moonpies]

mimran, by the "popular ones" do you mean 3rd parties like authorize.net?

 

If so, lots out there.  For example, for authorize.net, here you go:

 

http://www.merchant-account-services.org/article/authorize-net-php-integration

 

You can buy a script for about $50, too.

 

And be sure to apply at the authorize.net website for a testing/developer account.  It usually takes them a day or so to approve it.

 

If authorize.net is not the one you want, google around to see what is needed to integrate with the one you have chosen.

 

You might check the "modules" forum here, too, and see what the peeps there are up to.

 

For the third party stuff, I should think we'd be on our own.

 

If I misunderstood what you meant, I am sorry!  I can be pretty blonde sometimes 

 

 

[Pursuant]

If some people would help a little bit, I have been working on a payment module for offline credit card processing.  I have hit a brick wall though - no documentation on functions that are called within the module verification.  Mainly the actual function ('verifyOrder' or something to that effect).  WHAT are the parameters and HOW is it used? I have had problems finding out!  And the administrators and developers have not answered.  ADMINS AND DEVELOPERS - CONTACT ME!!!!

Let's make these payment modules a group effort so that the developers can work more on core functionality.

--Kevin

 

[James]

I whole heartedly agree with your post. I have been testing both Magento and Prestashop for the past 5 months constantly. I am currently playing with magento more so, as its just been released, and at a stage where they are happy to call it "production ready". You mention that the magento site has had +400 memebers on line at any one time. I would suggest that the majority are "wow i just found this merchants" as a couple of tech question I have posted have been left unanswerd for over 7 days now, so those numbers mean nothing.

 

Without a doubt, the single biggest let down of Prestashop thus far is the documentation. As I understand it, this is being rectified as we talk. So with some luck this will not be a problem for much longer.

 

Speed wise Prestashop wins hands down. I just hope that when the road map is complete, that the speed will not be hit too much.

 

Template wise, again Magento is too complex. As I understand it, Prestashop has handy "hooks" that make template creation a doddle.

[tosd]

All good comments. My greatest fear is that Prestashop (a truly excellent development) may not achieve the success it definitely deserves simply for its inability to accept credit card payments securely online for offline processing. This is so fundamental it really should be part of the standard offering.

 

I have done preliminary tests and I am very satisfied that I can readily theme and configure PrestaShop to satisfy varying client needs.  I live in Australia and most of my clients have small (bricks and mortar) businesses that have EFTPOS (credit card processing) terminals. They do not have PayPal accounts for their businesses and nor do I think they are interested in getting them. Other online credit card clearing solutions are just additional unnecessary expense.

 

What concerns me is that when I enquired of PrestaShop I was informed that the collection of credit card details for offline processing was not secure. In fact I was left with the impression that they were not interested in pursuing it for that reason.

 

Security of course is something we are all concerned about however I don't really see why storing credit card details online in fully encrypted form should be such a risk.  In fact with the osCommerce solutions I currently install, the credit card number is split so that only half of the number is actually stored (encrypted) in the database, with the remainder emailed to the administrator. It is simple but reasonably effective. 

 

The other issue that often raises its head at this stage is "What do you expect for nothing"? And the simple answer in my case is that actually I would prefer to pay some sort of annual developer's subscription if it meant that an extremely promising application could be turned into a real world solution. For now I am having to look elsewhere, and I don't really want to do that. PrestaShop has so much going for it - not the least of which is its simplicity. Most of my clients would die if I served up a M- - - - - o solution to them.

[Pursuant]

As for credit card encryption - I am working this into my Offline Credit Card Processing Module.

It is called an RSA encryption algorithm.  It uses a public and a private key. Before submission, the number will be encrypted (Javascript, still have to find a non-JS solution) with the PUBLIC key. This key could be read in the source, but would do no good to a hacker.  The second part comes in where the credit card data is stored - encrypted in the database - and a small link is shown in the order-details section.  User clicks the link, then provides the PRIVATE key, which decrypts it right there with javascript.  With this solution, the actual credit card number never gets sent through HTTP.  Suggestions would be great!

[moonpies]

tosd and Ox40:  I hope you will be patient with me because I am just learning.  I come from the design side, so I I am not too swift about these things (but hoping to get better!).

 

Could there be a liability issue here?  Nowadays, as I understand it, a merchant faces steep fines for PCI noncompliance (not to mention limitations and expulsion), even if there is no breach.  How can you be sure your module will pass a PCI audit?

 

If this is a stupid question, just let me know. 

[Pursuant]

Well, I am actually coming at this from the legal side.  My father works for the credit card companies as a rather 'high-up' manager.  Talking to him the other yielded some information about limitations and liabilities, and soon I will have a full copy of guidelines that must be followed for Credit Card acceptance.  So, it should be fine....

[moonpies]

Ox40, I'm sorry I phrased that badly.  I meant "how can one be sure" not you specifically.  I wasn't questioning your module.  I just wondered whether people were relunctant to develop these due to possible liability and/or changing guidelines.

 

I'd been poking around here: http://www.pcicomplianceguide.org/

 

I was just thinking out loud and didn't realise how it came over.  My apologies.

 

[Pursuant]

Heh, I wasn't mad at all.  I realize that this is a somewhat big liability risk - but a good terms of service should take care of any fault, right? ;-)  Not that there will be any problems

[codepantry]

Just wondering if there is a resolution/direction or some response to this specifically regarding payment gateways and ability to collect taxes in the US ?