Accepting credit and debit cards is mandatory for Ecommerce websites. This method is fast and efficient for you and your customers and with the introduction of cash-balance credit cards, practically anyone has access to a credit card to use as payment.
In addition to accepting credit and debit cards, you also have the option to accept payment by phone, fax, mail and bank transfer, but the majority will pay online or by phone using a credit card. My recommendation is to accept Credit & Debit cards and Bank Transfer, removing unnecessary payment options. Keep the process simple and clinical.
My latest data shows approximately 80% of customers order online and 20% order by phone. When customers pay by phone you can (a) run an order through an online ‘virtual terminal’—that your card payment processing company provides you with—or (b) you can just process the order through the website as customers do. Either way is fully secure.
There are hundreds of companies offering online payments and there are two main models.
1 – Payment Service Provider.
Worldpay, PayPal or Google offer a fully integrated payment system. They not only (a) encrypt the transaction making it 100% secure once the data leaves your website, but also (b) handle and process the payments.
2 – Payment Gateway and Acquiring Bank.
Like the above but using two different companies to handle each of the two processes separately. Both companies communicate seamlessly to ensure the transaction is encrypted and secure. Some companies offer both solutions (1 & 2) so please check when you get quotations.
Typical & Simplified Customer Order Process:
Step 1: Customer orders on your website >
Step 2: Payment gateway securely passes transaction details to bank >
Step 3: Bank approves and completes the transaction >
Step 4: You and your customer both get ‘order confirmation’ on screen and by email.
WorldPay provides an international solution that can be used for the US market, for the UK market, and so on. Other solutions may be oriented to certain countries in particular, such as Streamline for the UK. I recommend SagePay as the Payment Gateway and Streamline (RBS) as the acquiring bank for UK based customers.
Basic fees payable are: setup, transaction fees per sale such as 2% of the transaction value and a monthly minimum limit. Be wary of any other ‘stealth fees’ such as refund charges.
Start with these Merchant Account Providers from the hundreds available:
- Google Wallet: www.google.com/wallet/
- PayPal: www.paypal.com
- WorldPay: www.worldpay.com
- SagePay: www.sagepay.com
- Streamline: www.streamline.com
Hot Tip: When applying for your merchant account you will be asked to forecast your annual turnover. The higher your turnover generally the lower your transaction fees will be so don’t be too conservative here because if you can save 0.25% to .5% per transaction this will equate to quite a saving over 12 months. Also negotiate these fees every 6 months as sales grow.
If you accept orders from other countries consider accepting payments in your customers’ currency. The top 3 online are Dollar, Euro and Pound Sterling. There are 2 ways to do this:
1) Add a currency module to your ecommerce software–with currency selection buttons on your site–that gives site users the option to click a link that changes all prices on the site in to their chosen currency. When they order the currency will show as the site default currency on the payment processors payment page and on their credit card statement (but typically converted into their own currency).
Example of simple currency button (with currency selection options) to display on a website
2) In addition to the above for on-site viewing, you can also accept the payment in their chosen currency. When a customer orders they will pay in their own currency: this will show on the payment processor’s payment page and on their credit card statement. This option is more expensive and you will need a separate merchant number for each currency that you accept: so if you accept Dollar, Euro and GBP then this will triple the application costs.
Integration Options for Payment Gateway and Acquiring Bank:
There are essentially 3 ways to integrate this system with your website and each one offers a flexible solution. The terms I use may change with each Payment Gateway company.
Form integration is the quickest way to start processing online payments. It can take as little as 20 minutes to set up and is by far the easiest way to integrate with your payment gateway.
This is good if…
– You are unable, or do not wish, to maintain your own secure web servers and have chosen instead to have them managed by a third party hosting company.
– Your website is run from a shared system with the same web server delivering many different web sites. In these circumstances, an individual company has very limited abilities to install anything more than simple HTML pages and script files, and cannot normally install items outside their own user area (especially if this involves components that will affect the entire server).
– You do not wish for any sensitive information to be collected or stored on your site. This removes the need for you to maintain highly secure encrypted databases, obtain digital certificates and invest in high-level PCI DSS compliance.
Comments: This is the more popular and well known option but has limitations. The customer is taken from your checkout page across to the payment gateway that may be branded as PayPal, SagePay, etc., with your logo on there too if required. If you’ve ever bought online and been taken off the site to process your order and then returned back to the site post order, then you used ‘Form’.
Server integration is recommended to merchants who want to run order & transaction reports on their own servers, but don’t want to invest in their own digital certificate or collect credit card details on their own website.
– Database compatibility: Server integration offers you a more advanced database compatibility, meaning you can store more information about the transaction such as the amount, the products selected, the shopper’s contact details and the result of the authorization supplied by your payment provider.
– Customization: The payment pages are fully customizable. Server integration also comes with in-Frame technology, where your secure payment fields are framed by your branding, meaning your customer doesn’t even move from your URL. This instantly reduces the need for high-level PCI DSS compliance and doesn’t compromise your customers’ shopping experience on your site.
Comments: I’ve never processed transactions in my office manually. But if you have a card machine or terminal in your office this will be the option for you giving you control of the transaction and refund process.
Note: Server integration is compatible with many shopping carts and ecommerce platforms; however some off-the-shelf shopping carts can only be used in conjunction with Form integration. Check with your shopping cart provider.
Direct integration is designed to enable you to take card details on your own secure servers and pass them across to Sage Pay (for example) for authorization and secure storage in a server-to-server session that does not involve redirecting the shopper to your payment providers’ payment pages.
– It is the method by which you pass the data to your payment gateway, not the method by which you collect it, meaning you have complete control over the look and feel of your payment pages.
– Your customer never leaves your site and they do not necessarily know your payment provider is authorizing the transaction on your behalf. In practice however many vendors choose to tell their shoppers as a way of reassuring them about card security.
– It is ideal for large companies with existing back office payment software, such as a call center that wants to integrate their payment system and manage the whole of the payment process internally.
Comments: Direct is my preferred option as all transactions appear to happen on your website and the customer appears to never leave your website alleviating any issues of confusion or risk. It’s slick, seamless, integrated and fast. Plus you can make it look exactly how you want it to look.
Two Order Processing Options:
When choosing a method of accepting credit and debit cards and the processing of these payments, you essentially have two choices: real-time processing and deferred processing.
1) Real-Time Order Processing: Means the credit card and all security checks are approved automatically without your intervention in real time. The main negatives to this method are: if you subsequently see something suspicious about the order and think that it may be fraud, you will have to refund the order and lose the initial transaction fee. In the same way, if a customer rings up and cancels after placing an order, you will again lose the transaction fee.
2) Deferred Order Processing: Means the order is approved as above, but only a shadow payment for the order value is placed on the customer’s card, used for the order. The order details are also sent to your payment admin area, so you as the merchant have a set period of time—often 30 days—to accept and process, or decline the order. The positives of this are that you have time to run your own security checks, or contact the customer with any questions, such as shipping related queries or if an item is out of stock, etc. This can save you the transaction fee if you subsequently choose to decline the order.
Ask your future payment service provider what fraud prevention features and services they offer. The majority now offer these three Cardholder Not Present (CNP) fraud prevention services as standard. There is also the possibility to set bespoke fraud ‘Rule Sets’. This allows you to tailor your desired and specific anti-fraud measures on your website, giving you optimal flexibility and peace of mind.
1) AVS: Address Verification System is a method used to verify the identity of the person claiming to own the credit card who is ordering on your website. It works by matching the data entered into your website ‘Billing’ order form with the address on file at the credit card company.
2) Card Verification Code: Also known as CVV, CV2, CVVC, CVC amongst others, this is the last 3-digit number on the back of the credit or debit card. If a fraudster has the physical stolen credit card then he or she will have this number also, so other security is required.
3) 3D Secure: Is a technical standard created by Visa (Verified by Visa) and MasterCard (MasterCard SecureCode) to further secure CNP (Cardholder Not Present) transactions over the Internet. New customers, who have not yet used the 3D facility on their card, will set up a password or pass code when they first try to pay on a 3D secure activated website. Then for subsequent online orders, they will simply provide the password or code chosen on the 3D page. This service is provided to you as a merchant through your payment provider as a bolt-on service for your website (not mandatory) and has pros and cons.
3D Positives: it’s water tight, unless the fraudster has found out your security pass. Also, be aware some customers may only buy from a 3D secure website.
3D Negatives: it adds resistance to your checkout process involving an extra step in the order process that genuine customers must go through. On the other hand, if a fraudster does get hold of the password of the stolen card he or she is using, this will result in a spend-fest until the card is registered as ‘stolen’ by the real card owner.
4) Bespoke Rule Sets: I use SagePay as my payment gateway provider in conjunction with Streamline (RBS) the acquiring bank. SagePay offer an additional fraud screening service provided by ‘The 3rd Man’: this gives you a fraud potential rating for each order, based on the transaction details. These bespoke ‘Rule Sets’ give you the ability as a merchant to determine what extra level of security you feel your website needs. In addition, this flexibility is very useful, as some product markets will have more fraud attempts than others. Some countries will also produce more fraud attempts than other countries, Nigeria being one hot spot for fraud attempts.
*Please check with your payment provider to see if they offer similar anti-fraud services.
MasterCard SecureCode is a simple and secure way to pay at thousands of online stores. A private code known only to you and your bank, your SecureCode enhances your existing MasterCard account by protecting you against unauthorized use of your card when shopping online at participating online retailers.
Verified by Visa.
‘Verified by Visa’ protects consumers by requiring a password during online purchases, helping ensure no one else can use their Visa card online. ‘Verified by Visa’ also protects merchants from fraud-related chargebacks on all Visa personal debit and credit card transactions, even when processing transactions from non-participating issuers.
Hot Tip: For UK Customers: If you sign up for an FSB (Federation of Small Business) account, you are eligible for a discount on Streamline transaction fees. FSB membership also gives UK based companies insurance, protecting you against tax investigations. Contact them for more info: www.FSB.org.uk