Blog
E-commerce and online payments
Many of our client websites accept online credit card or e-check payments. Online payment may be necessary for an online store, electronic subscriptions, donations, membership dues, or event registrations.
There are several considerations when accepting online payments.
- security
- payment services (merchant accounts, payment gateways, and processors)
- integration with your website
Security
In 2004 the major credit card issuers (e.g. Visa, MasterCard, Discover, and American Express) created Payment Card Industry (PCI) best practices to ensure security when processing credit card transactions. The PCI Data Security Standard (DSS) defines a security framework that includes methods for prevention,
detection, and appropriate reaction to security incidents. Read an overview of PCI DSS on the PCI Security Standards Council website.
In addition to ensuring the security of your users' private information, failure to achieve PCI DSS compliance may lead to lawsuits, insurance claims, fines from payment card issuers and the government, and loss of ability to process online payments.
Payment services
The good news is that by using a third party Internet Payment Service (IPS) most security concerns are easily addressed. There are several layers involved in online payment processing. A typical online credit card payment will pass through a merchant's website, an IPS, a processor, a credit card network, and a merchant bank account.
Some services handle more of these layers than others. For the purposes of this overview I'll define three types of payment services.
Option #1
The first type handles the payment transaction on a third party website. PayPal is a good example. Users begin a transaction on your website (e.g. by selecting an item to purchase or choosing an event to register for). Once they click the "pay" button they are taken to paypal.com and prompted for their credit card information. After payment is submitted the user is returned to your website.
Typical fees
2.9% (2.2% for non-profits) plus $0.30 per transaction
Benefits of this approach
This approach all but eliminates security concerns by shifting the transaction to a third party website. It also eliminates the need to establish a merchant account and make special arrangements with your bank. In most cases, you simply link your PayPal (or similar) account to your existing business checking or savings account where funds are automatically deposited (less a small transaction fee).
Negatives
The primary drawback of this approach is that the most critical step in the transacton (the one where payment information is prompted for) does not occur on your website. Some users are not familiar with PayPal or are otherwise left wondering why they were directed to a different website and may be reluctant to provide sensitive payment information. Usability and design integration is a similar concern -- it is difficult to seamlessly integrate the PayPal payment page with the design and flow of your website.
Option #2
Some of the newest payment services allow users to remain on your website throughout a transaction (including the prompt for payment) while still abstracting security concerns to a third party. Stripe is a good example. Stripe bills itself as a "full-stack payment service" that does not require a merchant account or gateway. Similar to the PayPal approach described above, a Stripe account is linked directly to your bank account where funds are automatically deposited (less a small transaction fee).
Typical fees
2.9% plus $0.30 per transaction
Benefits of this approach
Simple, affordable, secure.
Negatives
Javascript is required, some users may have compatibility issues.
Option #3
The third and most sophisticated approach is a traditional payment gateway or Internet Payment Service (IPS). Examples include PayPal Website Payments Pro, PayPal Payflow Pro, and Authorize.net, and Braintree. This approach is best for websites that process a high volume of transactions. The merchant (i.e. the owner of the website) must establish a merchant account with a bank of their choosing and a payment service account (you or your merchant bank might also specify a processor preference).
These services provide an application programming interface (API) allowinng us to seamlessly integrate all aspects of payment processing with the websites that we build.
Typical fees
$249 setup fee, $59.95/mo, includes 1,000 transactions per month, plus merchant account processing fees
Fees quoted are PayPal Payflow Pro, Authorize.net fees are comparable, Website Payments Pro is less expensive and appropriate for mid-volume websites
Benefits of this approach
Seamless custom integration. Less expensive fees for high volume sites.
Negatives
More complex to implement, fees make it difficult to justify for low volume websites.
Integration with your website
No matter which type of payment service used it must be integrated with your website. The complexity of integration ranges from relatively simple to complicated with PayPal being the easiest, Stripe next, and PayPal Paflow Pro or Authorize.net more complex.
The best online payment experiences are simple and straight forward. Anything that confuses the user might result in an abandoned transaction. At Webitects we have learned that even subtle optimizations to a checkout or payment process can make a huge difference.
Over the years we have implemented custom websites using all of the payment services (and many others) discussed above. We perform usability studies, A/B testing (comparing the performance of one design to another), and data analysis to optimize e-commerce websites. We designed, built, and maintain The Art Institute of Chicago's Museum Shop and have worked with Wikimedia/Wikepedia to optimize their online fund raising.