Security and payment processing

Security

The myth that the web is insecure is still quite common. In fact, with the use of encryption technology, virus scanning software and ‘firewall’ protection, e-commerce transactions can be much more secure that offline ones. For example, your customers are more likely to have money stolen from their credit cards in a restaurant than on the Internet.

You must instil confidence in your customers by having a web site that:

  • looks professional
  • explains your security policy
  • provides traditional methods of contact, like telephone number and postal address, that are readily found

You can find information on E-Business and Security in the ‘Legal and security’ section of our Guide.

Payment processing options

The most popular means of paying for goods bought on the Internet is by credit or debit card. Several methods of payment processing are available. The most common are:

  • Internet Merchant Status (IMS) from your bank
  • Person To Person payment provider (for example, PayPal)
  • Bureau (for example, WorldPay)
  • Payment Service Provider (PSP) (for example, NetBanx PSP)

Merchant services

Once you have applied for and been given merchant status, your bank will provide you with a merchant identification. The bank will authorise or decline each customer transaction, collecting any payments on your behalf and paying the money into your bank account.

Costs are involved, and the bank will charge you for:

  • set-up fees
  • monthly or annual fees
  • monthly rental of a terminal that you can use to process card details
  • possible dedicated phone line for the terminal
  • a percentage of each transaction that the bank processes
  • In some cases, a deposit or substantial bond as extra security

Before you can start the process of obtaining a merchant account, you must satisfy the bank that you are worthy of their trust. To start the application process, you must also provide the bank with two years’ audited accounts, and show a sound business track record. If you are unable to satisfy the requirements for any reason, some banks will also ask for a cash bond and an extensive business plan.

Depending on your bank, you may only be able to accept card payments in your ‘traditional business’ and not on your web site. If this is the case and you are looking to receive payment through your web site, you will have to use a Payment Service Provider (PSP). If your bank does approve your web site and allows you to accept online card payments, the ‘card holder not present’ method must be used to process payments.

Card holder not present

As a merchant, you can accept payment without having physical access to the card and without the customer signing for the purchase. There are extra steps to take when accepting online card payments to verify that the card information is being submitted by the actual card owner. The payment process can be divided into two parts:

  • Authorisation – verifying that the card is active and that the customer has sufficient credit to complete the transaction
  • Settlement – transferring money from the customer’s bank account to the merchant account

Authorisation - payment processing

 

 

  1. The customer selects the item(s) they would like to purchase from the web site, then proceeds to the ‘checkout’ and keys in their card information.
  2. The merchant’s web site receives the card information and the merchant enters it into the point of sale terminal.
  3. The point of sale terminal routes the information to the processor, using a dial-up connection.
  4. The processor sends this information to the issuing bank of the customer’s card.
  5. The issuing bank sends a transaction result back to the processor, authorising or declining it.
  6. The processor routes this transaction result to the point of sale terminal.
  7. The point of sale terminal shows the merchant whether the transaction has been approved or declined.
  8. The merchant accepts or rejects the transaction and it is processed as a ‘card holder not present’ transaction.

Settlement – payment processing

 

 

  1. The merchant requests the point of sale terminal to settle the transaction.
  2. All transactions to be settled are sent from the terminal to the processor.
  3. The processor sends payment details to the merchant’s acquiring bank.
  4. The acquiring bank credits the merchant’s bank account.
  5. The processor also sends settlement payment details to the issuing bank of the customer’s card.
  6. The issuing bank includes the transaction charge on the customer’s card statement.

Payment service provider (PSP)

The PSP automates the payment process, integrating your e-commerce web site into the international credit card networks. This allows any orders that come from your shopping cart software to be authorised and payment to be collected for you. Payments are transferred to a merchant account, ready for deposit into your bank account.

You will have to go through an application process with your chosen PSP. The charges and the terms and conditions will vary, depending on which kind you select. Any charges made by your PSP will be in addition to your bank’s merchant account charges.

Payment Service Providers include:
www.worldpay.co.uk
www.paypal.co.uk
www.securetrading.net

 

 
Members login Password reminder
Join the Web Forum
Would you like our members to give you a quote? Click our Quote Generator to get FREE quotes.
Quote generator