Accepting Credit Cards on Your Site

Why Accept Credit Cards?

If you are selling from your website it is essential to have credit card facilities for the following reasons:

1. Convenience. It is generally much easier for a shopper to key in a credit card number and pay for his/her purchases there and then, rather than print the order, write out a cheque, write an envelope, find a stamp and walk to the post box.
2. 24/7 service. Your customers can buy at any time.
3. International customers. If you sell internationally, credit card is the easiest method of paying for goods or services.
4. Impulse buyers. See point 1.

How to accept credit cards

Payment Solutions Providers

If you are starting from scratch, the most straightforward method is to apply to a Payment Solutions Provider (PSP), such as WorldPay or Netbanx. You will probably have to pay an application fee which may or may not be refundable in the event of a failed application.

They work as follows: for a percentage of the value of the sale (typically 4.5%) the PSP will handle the credit card transaction on your behalf on their own secure systems. At the end of the month the proceeds of your sales (less the transaction charges) are transferred to your own bank account.

The PSP will supply details of how to integrate your website to their payment system so that your shoppers can pay for the goods. Most off-the-shelf shopping cart packages will integrate with the major PSPs. Alternatively you may write your own shopping cart system. In most cases the work required is simple (for the technically-minded, typically a web form which POSTs parameters to a CGI script on the PSP's web server). Once the transaction is complete you and the shopper are sent emails confirming the payment. Your email will include reference numbers which help you match the payment transaction with your shopping cart transaction. Some systems allow 'callbacks' (again for the technically-minded - the PSP's web server talks to a CGI script on your web server, automatically updating your shopping cart system).

The beauty of this approach is that the PSP handles all the credit card details - you never see those details and they are not stored on your webspace. Their systems are also more likely to include the latest anti-fraud measures. The downside is that the charges may be prohibitive on large value sales.

If you already have a Merchant ID (for Internet transactions - this is important), you can still use a PSP. They act as the 'gateway' - the shopper sees exactly the same thing, but this time the PSP charges a lower percentage fee and passes the transaction on to your merchant account for processing. Note that you will also have to pay fees on transactions in your merchant account - the two fees added together are normally a little less than the PSP-only fee.

Do It Yourself

You can process credit card transactions online without using a PSP. However, we feel it is less secure and we do not recommend this approach.

Credit Card details can be collected via a Secure Server (SSL) connection to a form on your site. SSL ensures that all data travelling between site shopper's web browser and your site is encrypted and therefore cannot be intercepted and read. Our 4 Star hosting package includes SSL, and our Secure Form Hosting package is designed as a bolt-on to your existing site. However, once the information is in your webspace it is vulnerable. There are several things which could be done in order to protect those card details:

1. Encrypt them
2. Email part of the number to yourself, removing that part from the data stored on the web server
3. Ensuring the file can only be accessed by you
4. Delete the details once you have used them

We now provide a system which may help you do this. It's called CCCapture, and you can find out more here. If you intend to use a script like this, you should always contact your bank (or the organisation which provides your card processing facilities). They will need to have details of, and approve, the approach you intend to take.

Offline Payment Processing

You still need an Internet Merchant ID in order to let you process the payment details. This approach only works if there is someone there to accept phone calls, or if both you and the shopper have fax facilities.

NEVER suggest to the customer that they email credit card details to you. Emails are transmitted in plain-text (i.e. not encrypted) and are not secure. Actively discourage your customers from doing this.

WorldPay

Who would we recommend for your credit card payment solutions provider? Well, we use WorldPay, and we are a WorldPay Affiliate partner. Here's how it works:

apply here

• You pay a £150+VAT annual fee, plus a one-off non-refundable £75+VAT application fee
• If you are accepted, you are provided with details of how to integrate your site to the WorldPay system. You can control your account online, using the username and password supplied to you.
• You can test your system without actually incurring any charges or making any real payments. In the meantime, WorldPay make further checks on your/your company's accounts
• Once you have finished testing you are given your Merchant ID. At this point you can go 'live'. Any payments received now will be real ones.
• Your shoppers can choose to pay in one of three currencies (which you choose when you apply - extra currencies available for a fee).
• WorldPay takes 4.5% of each credit card transaction (less if you are using your existing Merchant ID) and 50p of each Switch transaction. Apart from a small charge to transfer the money into your bank account there are no additional fees.
• Payments can be made with Visa, Mastercard, Eurocard, Visa Debit, Switch, Solo, Delta and JCB
• WorldPay integrates with a comprehensive selection of shopping carts. Click here for a list.

  With Worldpay you also get the following:

• Administration system accessible via your web browser
• FuturePay. This allows you to schedule regular fixed or variable payments. These payments will automatically be made against the shopper's credit card on each payment date (additional fee applies).
• WorldAccess. An online POS credit card terminal. You can take credit card details manually (phone, fax or in person) and enter them into this password-protected system via your web browser. The payment will be processed like any online transaction (additional fee applies).
• Pre-authorised payments. You can ask for this to be switched on for your WorldPay account. When a shopper makes a purchase the credit card details are validated but no payment is actually made. You log in to your Administration system and authorise the payment, thereby charging the card. This is particularly useful when you need to check the content of an order first. For instance, we use it in our online web hosting ordering system - we don't charge the customer until we have manually confirmed that the order is correct.