Integrating Payments Into Your Website « Technology In Business

Integrating Payments Into Your Website

Monday, July 5th, 2010 at 1:12 pm

In my last post I outlined the basics to taking payments online and how to choose a payment provider. This time we look at what you need to do once you have chosen your payment provider the ways you will integrate payments into your website.

1. Integration options

I have integrated most of the major payment engines and they all work differently but in principle there are two main methods:

Form Integration

This is the way that most websites integrate with a payment provider and is usually the only option if you are using eCommerce software. The basic premise is that you process the order on your site all the way up to the point the customer pays. At that point your customer is redirected to your payment provider’s secure payment page where they enter their credit card. The customer is then directed back to your website once they have completed their payment.

Pros:

Very simple to do (most eCommerce software will do this for you)
You do not need to store or process credit cards
Customers may feel more secure as they are on a separate secure site

Cons:

It can give a less professional or smaller shop feel
Less design control over the checkout process

Integrated

In this method you take payments on your own site and pass them securely to your payment provider. The customer never leaves your site.

Pros:

Perceived as more professional by customers
A more streamlined checkout process
More control over the design and workflow of the checkout

Cons:

You will need to be PCI compliant (see below)
You will need to have a secure method of storing credit cards
You will need a SSL certificate (secure sockets layer, this is when you have a lock icon in your browser)

2. What about PCI compliance?

If you take payments online (or offline for that matter) then you need to be aware of PCI compliance. The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Which translates to if you process payment cards you need to make sure you keep the customer’s card information safe during the process.

There are different levels of compliance depending on how many transactions you process per year. Most merchants will fall into the lowest category which is level 4 (fewer than 20,000 transactions per year) and for this there is a self-certification questionnaire that needs to be filled in and the possibility of a scan of your site to determine any vulnerabilities. The higher the level the more work (and potentially an audit) there is to comply.

The key to remember is that if you take credit card payments in any form you need to be compliant. If you want to learn more this site is a great place to start: http://www.pcicomplianceguide.org/pcifaqs.php

3. Should I use 3D secure?

First of all if you do not know what 3D secure is. Verified by Visa and Mastercard Securecode helps to customer’s cards against unauthorised use when they shop online by requiring them to enter a personal password each time they buy. The customer only need to register once to create a password for each credit card they own.

There is no right or wrong answer to whether you should use 3D secure or not. Personally I like it as it means lower per transaction costs and less fraud. I think eventually that it will be mandatory for all online transactions so you may as well use it sooner rather than later.

Pros:

Less fraud (which means less costly chargebacks)
Lower transaction costs with your payment provider
Makes the buyer feel more secure

Cons:

It is an extra step for the customer to complete which increases the risk of them abandoning their purchase
It is another password for them to remember (or perhaps forget)

That is the quick introduction to payments online, if you have any questions please add them in the comments.

No related posts.

Bookmark this page: