logo

Taking payments on your site

By rotide
Created 05/09/2008 - 01:00
online payment.jpg

Building a transactional website involves many aspects, but accepting payments is vital. With 59% of internet shoppers using credit cards as their preferred method of payment, companies need to be able to accept and process these payments. UK shoppers will spend £78bn a year online by 2010, doubling the web's share of retail sales to 20%.

If you're doing business outside the UK, ecommerce can be an essential way of taking payments from consumers in different countries. In Europe, ecommerce is experiencing rapid growth, with the number of online shoppers predicted to grow to 174m by 2011. The UK, Sweden and Germany lead the way with 70% of internet users shopping online.

According to Dan Starr, executive vice president, merchant services division, at payment services provider Neteller, two of the biggest issues for any small business launching a transactional website are to ensure they stay on the right side of the law and to protect themselves against credit card fraud.

Neteller offers the following tips to help you minimise any potential problems:

Complying with the law
To take payments on your website, compliance with PCI DSS is mandatory. This is a set of guidelines covering all aspects of transaction security and data protection. On top of these, every merchant must also have a merchant ID, a unique electronic ID assigned by a bank that allows a company to accept credit card payments. They must also demonstrate a base level of compliance and may be subject to stringent requirements. There are strict penalties and consequences if a merchant does not comply or fraudulently self-certificates and is then subsequently found out.

Budget for compliance
For small businesses the cost of in-house compliance could be massive. It's difficult to estimate what it costs as there are many factors influencing this expense, but for merchants with a robust security system, compliance costs as little as 1% to 2% of IT budget. But other companies estimate their compliance expense to be more than 10%.

Don't take shortcuts
Make sure your website is secure and compliant with the appropriate legislation as not to do so would be a false economy. Data hacks or mismanagement of sensitive data could cause all types of costs including customer notification, security upgrades, lost productivity, regulatory fines, legal fees, brand erosion and lost customers.

Outsource payment processing
Instead of applying yourself for compliance and a merchant ID, you could outsource the whole process to a payment service provider (PSP). PSPs act as a payment gateway, accepting payments on your behalf, handling PCI compliance and taking the necessary steps to avoid fraud and indemnify merchants against any losses.

Take fraud seriously
Once you have started trading online, the next possible threat is card-not-present (CNP) fraud. In 2006, this increased by 16%, costing merchants ₤212.6m. You can physically verify neither the presence of the card nor the cardholder. This means you are forced to rely on the card issuers' transaction verification. But authorisation does not guarantee payment. Fraudsters further cost online retailers in the form of disputed transactions, charge-backs and penalties levied by credit card companies against repeat offenders.

Evaluate fraud risks by country
If you are trading throughout Europe, fraud prevalence varies by country. For example, Russia is considered high risk while Sweden and Norway are low.

Keep up with the technology
As a minimum, ensure your network is secure and data is protected (not least for compliance with PCI DSS). To minimise fraud, stay up to date with ever-evolving credit card security features and build identity checking and real-time fraud monitoring systems into your web application. However, new techniques such as the 3D-Secure authentication protocol can lower conversion rates by discouraging shoppers from completing their purchase.

Alternative payment methods
Credit cards are not the ideal online payment method, and alternatives may be safer and appealing to customers. For example, consider new systems that allow payment direct from shoppers' online bank accounts or e-wallets.

For more information visit www.neteller.com [1]

Source URL:
https://www.newbusiness.co.uk/articles/internet-advice/taking-payments-your-site