Taking Credit Cards

    June 18, 2003

Unless you have a special situation, there is only one way to run a successful store on the Internet: Take credit cards.

95 plus percent of all retail Internet payment transactions are by credit card. One recent survey revealed that, when credit cards are used to make a purchase, the amount spent per order will be as much as four times the amount spent via other payment methods.

There are only two direct methods of accepting credit card payment: use a 3rd party payment processor or have your own merchant account from an acquiring bank and process through a payment gateway. There is a third but indirect, person to person method that can also facilitate credit card payment.

Most Internet retail businesses accept credit card payments directly either through a 3rd party processor or by connecting to a payment gateway. The gateway is a service interface between a storefront site and the financial networks. Every credit card authorization eventually goes through a gateway and nearly all businesses use a gateway provided by an outside source. Different gateways each use proprietary communication protocols and syntax. You may be familiar with some of the gateway provider names such as CyberCash, AuthorizeNet, and ECHO.

Looking at the person to person method first, one such service known to most of us is PayPal. With this payment service, once an order is ready to be placed, the customer is directed via a link to make payment at the PayPal site. First time PayPal visitors will be required to register. After that they can select one of several payment methods which include using a credit card. Once PayPal receives the money, the merchant is notified by e-mail. The merchant can then request that the funds be transferred to them.

Using a payment gateway requires that the merchant have a merchant account from an acquiring bank and interface software installed that allows the storefront to communicate with the gateway. The basic information sent to the gateway for a card authorization request, is the merchant identity, the credit card number, and the card expiration date. The basic information returned is authorization status (accept/reject) and a transaction code. If the authorization request is approved and settled, the financial networks will debit the customer’s account and credit your designated checking account, usually within 72 hours.

The job of the interface software is to communicate between the customer in human readable terms and the gateway using the syntax peculiar to that particular gateway. Don’t let yourself be confused by all of this. Draw a picture of your storefront with arrows representing information transfers to and from the storefront, a credit card form, the interface software, the gateway, and finally the financial networks.

It is this gateway interface software that is a frequent stumbling block to many storefront developers and to merchants themselves. This interface is usually complex enough to require a software engineer to configure it properly. Many would be merchants have signed up for a merchant account without being told or realizing that they will have to use proprietary gateway interface software and that getting it to work with their storefront, a credit card form, and the gateway is not going to be easy.

Finally, there is the option of using a third party processor where a merchant account from an acquiring bank isn’t required and all of the software configuration has been done for you. The 3rd party processor will accept credit card payment as your representative in the purchase transaction and send you a copy of the purchase order, which is essentially a request to ship the ordered items. The policy of your 3rd party processing representative will determine how and when you get paid.

No one method for taking credit cards at an Internet store is right for everyone. Each of the three methods have unique advantages and disadvantages and each may have variations on how they function and how the merchant goes about using the method.

In the case of person to person payment methods, the implementation is usually simple and the cost per transaction is relatively low. However, requiring your customer to visit some other web site to make a payment will frequently lose the order for you resulting in what is termed an abandoned cart or an aborted order. The ready access of these services to both you and to your customer is a double edged sword. You’re the merchant but, you have almost no control over the transaction process. As a result, you may find that you get a lot of bogus orders and/or unauthorized and fraudulent use of credit cards. This can add up to large charge back fees and with-held funds through no fault of your own.

If the size of your business warrants and you have the programming resources, setting up your own gateway interface can be the best way to go. Doing this gives you the opportunity to customize everything from credit card forms to parsing, saving, and presenting return information any way you like. A word of caution here though, setting up a gateway requires not only programming skills but a good understanding of how the financial transaction system works. You should know the possible return codes and what to do with them, what to do in the event of a network communication’s failure, how to avoid security breaches, what return information to show the customer, and what alternatives to give the customer when the card is bad or network communication fails. These are not trivial tasks.

An alternative and increasingly popular approach is to use a full service application provider for the gateway interface. This can be a lot less expensive, even over the long run, than trying to set up everything in-house. A good full service provider will offer an on-line management console where, from a single location, all order and credit card processing information is recorded and easily viewed. The console will have a virtual terminal for conducting subsequent card transactions such as settlements and returns and will usually allow instant configuration using your merchant account parameters. The console should include some capability for detecting fraud and eliminating bogus orders.

If you are opening a new Internet store and don’t know what to expect in sales volume or think average volume over the course of a year will be under $3000.00 per month, then a full service third party processor may be your best option. Your per transaction costs will be higher than if you use your own merchant account and gateway interface but, the overall cost can be significantly lower. With a good 3rd party processor representing you in the payment transaction, you won’t have the cost and hassle of a merchant account and won’t have to maintain any software. You can concentrate on getting your store known and on making sales.

We used the phrase, “full service provider” on several occasions. This is a service provider, sometimes know as an ASP (Application Service Provider), that captures all order and credit card transactions and makes the information available to you through an easy to use on-line console. This service is essential even when a 3rd party is providing the card processing for you. You still need to have order management capabilities and some minimal virtual terminal functions such as the ability to settle transactions and make returns. This will go a long way toward eliminating bogus orders and preventing credit card fraud. A simple gateway interface such as you might get from your local ISP will usually not be very useful in this regard and frequently poses a serious security risk for the merchant.

ImagineNation is a full service provider of both 3rd party processing and merchant account gateway services. We hope you’ll visit the company web site and have a look at our products.

Mel Davey is the creator of ImagineNation (http://imaginenation.com/), a full service E-Commerce Application Service Provider, offering Storefronts, Order Management Utilities, and 3rd party credit card processing.