A simple guide on taking online card payments

At Kalexiko we often get asked about online payments by credit and debit card. It is critically important that this function is easy to follow, works smoothly and has all the appropriate security functions built in. Here are a few tips about applying for and setting up a secure online payment system.


Setting up a merchant account

When you want to enable card payments (Visa, MasterCard, American Express, etc.) to be taken via your website and paid into your business bank account, the first thing to do is to ask your bank to set up an Internet Merchant Account (IMA). With this, you sign up to a service agreement which allows your bank to confirm that the customer’s account has the available funds to pay for the item or service they want, authorise the transaction and then undertake the exchange. It also enables your bank to take their fee out as part of the transaction and move the funds into your account.


You also need a PSP

You will also need the support of a Payment Service Provider (PSP). PSPs provide the pages on a website where customers submit their payment details by delivering the technology that securely collects card details, screens for fraud and then passes the details on to your bank.


Payment-processing companies

The alternative is to use a Payment-processing company who will look after the whole process for you. However, this option is likely to be more expensive, your customers will be sent to the processing company’s website rather than yours in order to make their payment and there may even be a delay before you receive payment. They do however, offer an easy alternative for businesses that cannot or choose not to open an IMA. Some of the more well known Payment-processing companies such as PayPal and Google Checkout are widely used and have a good reputation.


Set up an API account

We recommend also (if you are not using a Payment-processing company) that you set up an API account with your bank. These enable payments to be taken through your website and mean that the customer does not have to leave your site.


What happens at checkout?

Once your customer has selected their items and arrived at the checkout page on your website, various options can be given. Here you can ask them to set up an account with you or log in. Then a range of shipping options may be chosen and then the payment process undertaken. Once the basic details such as name, contact information, address, email and a billing and a shipping address (which may be different to the customer’s home address) are entered, card details are given and these are then securely sent to a back-end database. Software to support the process combines and securely sends this information (which is now encrypted) to your PSP. Once payment has been made, the page is closed and your customer is returned to your main website. Your PSP then sends the transaction details to you along with a unique order reference and any other data including security confirmations. On returning to your website, the customer is then informed that the payment has been authorised (or declined).


Google Checkout and PayPal

If you are planning on using a Payment-processing company as mentioned above, we recommend PayPaland Google Checkout. Both are well recognised and make setting up online payments easy. If you have a Google account, you can set up Google Checkout in just a few minutes and PayPal (which started as a solution for eBay sellers) is now so well established, some consumers refuse to do business with online retailers who don’t use it.


PCI compliance requirements

It is very important to check that your online card payment system meets the Payment Card Industry (PCI) complicance guidelines for storing, accessing and managing sensitive credit data. This includes unique ids and references, encryption throughout the process, appropriate authentication checks and call backs.


Security and reassurance

If you offer products and deliver services, online payments may well be an essential part of your business. Make sure therefore, that you meet the necessary legal requirements when it comes to transfers and data storage and that you also make it easy for your customers to make the payment. They must feel reassured that you have the right security measures in place at all times. If a customer cannot follow, or if they have any reason to doubt the validity of the process, they will simply leave your site and go to your competitor’s.