When you start an e-commerce business, you should think carefully about how to accept payments online to meet customer needs and manage the cash flow of your business effectively. The payment methods will also determine the facilities your business will need.
Typical payment methods used in a modern business context include cash, checks, credit or debit cards, money orders, bank transfers, and online payment gateways such as PayPal.
Unless you’re running a shady side business that only accepts suitcases full of cash, you’ll need a reliable method of accepting online payments on your website. It means you should choose a payment processor and payment gateway.
How Online Payment Systems Work
It is often hard to understand how the payment process works and what the difference is between a payment processor and a payment gateway. Let’s try to find out.
There are four parties involved with every credit card transaction:
- The customer
- The merchant
- The acquiring bank
- The issuing bank.
The aim of every transaction is to transmit money from the issuing bank to the acquiring bank according to the agreement between the customer and the merchant. The payment processor and payment gateway help to connect all four parts of the payment chain.
The payment processor executes the transaction by transmitting data between you, the merchant, the issuing bank, and the acquiring bank. It also typically furnishes you with the credit card machines and other equipment you use to accept credit card payments.
A payment gateway securely authorizes payments for online stores. This is necessary because it is prohibited, due to security reasons, to transmit transaction information directly from your website to a payment processor. This gateway is kind of like a guard, or a middle man, between the customer’s information and the banks.
What to Look for in a Payment Gateway
The payment gateway you choose will not only impact the overall customer experience but also determine your casual workflow. Of course, you don’t want a gateway that regularly creates problems for you and your customers. The choice is hard but let’s look at the main factors to make a right decision.
PCI DSS compliance
The Payment Card Industry Data Security Standard (PCI DSS) is a security standard issued by the five largest credit card companies (American Express, Discover, JCB, MasterCard, and Visa) to protect cardholder data and help reduce data breaches. Regardless of your size, if you want to accept card payments, you have to be on good terms with the standard.
Check whether a payment processor complies with the Payment Card Industry Data Security Standard (PCI DSS), otherwise, you may be at risk for data breaches, fines, card replacement costs, costly forensic audits, and investigations into your business, brand damage, and more if a breach occurs.
Effective fraud prevention
Payment security is the vital factor for Payment Gateway. According to The Nilson Report, merchant losses to fraud have been increasing in recent years and it will be even worse in the near future. Moreover, if you have a small business, you are even more vulnerable. Whereas larger companies are more likely to have anti-fraud practices, fraudsters aim at the small business that may not have any protection.
Let’s look at a few of the most effective methods to check transactions and prevent fraud:
- Address Verification Service (AVS): When customers purchase items, they need to provide their billing address and ZIP code. An AVS will check if this address matches with what the card-issuing bank has on file. As part of a card-not-present (CNP) transaction, the payment gateway can send a request for user verification to the issuing bank.
- Card Verification Value (CVV): The CVV (or Card Verification Code ) is the 3- or 4-digit code that is on every credit card. It helps to ensure that only the actual physical holder of the card can use it remotely and that someone who has only got the card number and some personal information cannot provide this value without the actual card.
- Flag Large Transactions: Fraudsters will take a shot at making large transactions before the stolen card is blocked. Such transactions may require the manual approval from the merchant before proceeding.
- Payer Authentication (3D Secure): 3D Secure adds another authentication step for online payments. Payer authentication, also called Verified by Visa and MasterCard SecureCode, is a cardholder authentication measure that secures online transactions for customers. This method allows cardholders to create a PIN (secure code) that can be used during checkout to confirm the user’s identity. By implementing this, merchants are provided chargeback protection and lower interchange rates.
- Risk Scoring: The tool uses statistical models designed to recognize fraudulent transactions based on a number of rules. During the checkout, the model determines if the transaction fraudulent. A higher probability of a transaction being fraudulent indicates that you should verify the order. Risk-scoring tools provide a case-by-case evaluation and will flag transactions based on the rules you choose such as AVS failure test, IP range, use of anonymous emails, billing address, and others.
Make sure that the payment gateway is at least integrated with 3D Secure and complies with the PCI Data Security Standard (PCI DSS) we mentioned before.
Money means a lot for any business, so it is better to check twice whether you can afford the payment gateway you are about to choose. Some may have better features, but they will also come with a greater cost.
At first, find out whether a payment processor charges a monthly fee or a flat per-transaction fee. Your choice depends on your business activity, but in any case, go through the full terms to be sure there are no hidden fees.
Payment method coverage
Accepting any form of payment your customer may use is the best way to gain more money. Of course, traditional credit and debit cards…