How do I take secure payments with my website?

31/05/2019 - Guides

Building an ecommerce or a booking site website? Need to know how to configure your site to take secure payments? Read on.
Consumers are most likely to buy from sites where they feel confident that their payment details and personal information are secure. So how do you ensure your website will protect your visitors’ particulars and keep your income safe?
There are two essential security measures for any website that takes payments.

  1. A payment gateway
  2. An SSL certificate
Trying to take payments across your website without these two components is like leaving a pile of money unattended on your table while the front door is wide open. It’s a big risk to take.

What is a payment gateway?
A payment gateway is simply a third party service that processes payments on your website. It’s like a virtual till. It’s easy to use and it keeps payments safe. Your customer doesn’t get to see your account details, you don’t get to see your customer’s account details.

The Payment Card Industry Data Security Standard PCIDSS is worldwide legislation set up to protect buyers and sellers and to reduce fraud. Any web site that takes payments must be PCIDSS compliant; in many cases, this is via a Self-Assessment process and can easily be completed online. 

The Self-Assessment can be completed via a number of different website, and your payment gateway provider, will usually have their preferred PCIDSS compliance partner. As an example, Pay Pal suggest Trustwave: https://pci.trustwave.com/paypal

Payment processors are required to be PCIDSS compliant at a higher level than you are likely to require, unless you choose to store card details within your websites database.

When a customer places an order on your website, the payment gateway very quickly contacts the customer’s credit card company or bank, confirms authorization and lets your website know whether or not it’s OK to carry on with the sale. The whole process normally takes a matter of moments – it’s just as quick as paying by card in a shop or a restaurant. This system protects you and your buyers
The payment gateways that Upshot Media most often uses for our web development clients include
  • Stripe
  • Paypal
  • WorldPay
  • SagePay
  • Go Cardless (for Direct Debit) 

What is an SSL certificate?
An SSL certificate is essential for a website that collects any kind of data from visitors. Including contact details and/or payments. The team here at Upshot Media strongly advise having an SSL certificate for any website, e-commerce or not. Simply because Google has confirmed that it favours sites with valid SSL certificates and will rank them higher than unsecured sites. So this cost effective little feature makes good business sense.

If your website takes payments, an SSL certificate is essential. It’s a piece of code that keeps customer information safe as it passes between your website and the payment gateway.

If a website has an SSL certificate its URL will start with “https” and there’ll be a little padlock symbol in the browser bar.
 

Is it easy to connect a payment gateway to my website?
If you are not used to working with API’s, the process of connecting a payment gateway to your website can be quite tricky and can result in a site that doesn’t function as smoothly as it could.  All payment gateways vary in terms of how they look, and how they function, so even with the correct integration; they can still make the buying process a bit disjointed. A good website designer will know how to integrate payment gateways for the best possible customer experience.

For your website visitors to feel confident buying online, every aspect of your site functionality needs to look and feel trustworthy. Yes, if you have a moderate amount of programming experience, it is possible to integrate a payment gateway, but it could be time consuming and frustrating while you work out how to do it properly.

The team at Upshot Media have plenty of experience of seamlessly integrating payment gateways with our customers’ ecommerce websites and booking systems. Quite often, our clients ask for more than one payment gateway so that their customers can choose how to pay.

Which payment gateway is right for me?
PayPal, SagePay and WorldPay are well known payment gateways that have been around for many years, however with modern based cloud solutions and coding practices, there is far more choice available, nowadays, and many other brands such as Stripe are becoming increasingly more popular, trusted and well known.   The fees with a payment gateway, such as Stripe are also lower than Pay Pal, World Pay and SagePay.  WorldPay and SagePay can often reduce fees, if transaction volumes are high enough.

Websites / Companies who take payments, need to be PCI Compliant, there are a number of levels of compliance (we will blog about these another time), the basic levels is a self-certification, and no card data is stored within the website. When wanting to store card details directly within the websites database, a higher level of compliance is required, and there are costly fees attached with becoming compliant, at the higher levels.

When it comes to ecommerce, convenience is King and so you need to strike a balance between brand recognition and what’s most efficient for your buyers. You will also need to factor in any transaction charges – see below.
Stripe is the most popular gateway with Upshot Media’s clients. It’s simple for the buyer and for the seller. The buyer seems to stay on the sellers website at all times but the actual transaction is carried out “behind the scenes” using Stripe’s secure payment gateway. Stripe is speedy for us to set up and configure and the seller’s fees are very reasonable.

Are there any transaction charges?
Yes, there are transaction charges for using a payment gateway but they do vary between suppliers. At the time of writing, WorldPay and SagePay charge a monthly fee as well as transaction charges. Whereas Stripe and Pay Pal Standard only charge transaction fees.

If you are building an ecommerce website or a site with a booking system, it’s well worth looking at the different options very carefully and discussing them with your web developer to ensure that you get best value from the get-go.

Will I need a separate credit card machine?
Not necessarily. It all depends on your business model. If your customers use their credit cards to pay online or over the phone, you can process orders through the payment gateway on your website.  Certainly, if your website is designed and built by Upshot Media, our Content Management System allows you to process telephone orders via the back end of your website. ….and you don’t need any computer programming skills to do it either!

Can I get a payment gateway connected to my existing website?
That all depends on how your website has been built. The Upshot Media team would be very happy to take a look at your current site and advise you on the best way forward.

Get in touch today for advice on payment gateways for ecommerce and booking system websites.   Contact Upshot Media
 

Copyright © 2019 Upshot Media Ltd
Registered in United Kingdon No. 05528247
Registered address: 51 Briars End, Witchford, Ely, CB62GB
sagepay
Top