Payment gateways. Why do we need them, how do we integrate them and how should we test them? Learn more about the often overwhelming world of online payments that website owners and web developers face.
The Players in the Online Payment Process
Unfortunately for busy website owners, understanding online payments can be complicated. There are actually many different pieces and often several different vendors involved.
Merchant Account
A standard business banking account is a start, but it does not automatically give you the ability to accept credit card payments. To accept credit cards from customers, a business must establish a merchant services account. This might be set up with the same business bank, or it may be set up with a separate merchant services company. It is recommended to request quotes from more than one vendor and compare them for the best rates and services. While many people just talk to their existing bank, it is not always the most competitive solution.
Payment Gateway
When setting up your merchant account, be sure to let your provider know that you plan to sell products online. A standard merchant account does not usually include online payment processing, and you may even need a rate adjustment or add-on package to support online payments. Depending on your business type and your procedures for accepting payments from customers, the requirements may vary.
A payment gateway is a web-based service that will serve as a middleware between the merchant bank account and the website. There are many different payment gateways. Some banks have a preferred vendor and will offer you better rates if you choose it. But keep in mind that not all gateways are the same and some are easier for your web developers to integrate than others. If you choose a unique payment system that is preferred by the bank, it might end up being a lot of billable work for your web developers down the road. There are leading popular payment gateways are offered by Authorize.net and PayPal.
Website Payment Modules
Once your payment gateway is established, there is still more to do to get your website properly communicating with the gateway service. There must be some kind of technology integrated into the website to link them together. If you are truly integrating the experience, so the customer will shop on your own website and enter payment on your own checkout page, then you must integrate with the payment gateway’s API.
For custom applications, a skilled web developer will utilize the documentation about the payment gateway’s API to add code to the website and send information about each transaction to their database.
If you have a shopping cart software such as WooCommerce, Magento, or Zen Cart, there are often ready-made modules or “plugins” you can purchase to add to the website. The license fees for these modules will vary, but they will cut down on the cost of building one from scratch.
There are also different technology requirements for recurring payments, so if you are selling something like recurring memberships, you need to consult the payment gateway provider and the web developer to find out what additional tools you will need. Authorize.net offers a gateway option called Authorize.net CIM for recurring payment models.
The alternative way to accept online payments is to simply link to a “hosted” payment form. This means that instead of integrating with their API and keeping the customer inside your website for the whole checkout process, you kick the customer over to the payment provider’s own webpage to enter the credit card details and complete the transaction. The disadvantage of this method is that the experience and look of the checkout process are not under much of your control, and it may spook some shoppers since they will feel like they are leaving your website. However, the advantage is that the payment processing liability is shifted more to the third-party vendor and that makes security risk less of a concern.
SEE ALSO: E-commerce Website Development: Tips for Maximizing Sales
PCI Compliance
Another unfortunate reality of today is the need for increased security to protect credit cardholders. Because of tremendous growth in credit card abuse, banks have special security standards that businesses are required to comply with. Your PCI compliance requirements may vary depending on your business procedures and whether or not do you accept credit cards directly on your website, at your storefront, or at other events. It usually involves an annual fee and questionnaire. You might also be required to conduct regular security scans for the website, which is performed by a scanning company. This might be arranged with a partner through your merchant service provider, or you may be given access to a separate security standards account.
Processing and Fulfilling Orders
After all this technology is in place, there must be a plan to properly process and fulfill orders. We recommend that you explain to your web developers how you intend to accept orders and ship or deliver them since it might affect how some settings are adjusted on the website side. For example, if you do not want to charge the customer’s credit card in full until you confirm stock and ship the product, a setting could be adjusted for “authorize only” that will validate the card during checkout, and allow you to batch and confirm it later. If you plan to immediately charge the customer and fulfill your orders immediately, this setting could be kept on “authorize and capture”. Employees need to be familiar with the shopping cart and how to receive order reports, and how to find customer order details when there is a customer service issue.
Testing Online Payments
When you are building a new e-commerce website or if you are integrating a new payment system, it is very important to test. This should involve the website owner or their accounting manager, so they can access the payment gateway account and confirm that orders are actually going through from beginning to end.
First, testing can be done during development by putting the payment gateway and website settings (both sides) in “test mode” and using a supported test card number (consult your vendor’s documentation for supported Visa or Master Card test numbers). If no errors appear during the test order on the website, that indicates progress. If errors display, consult the documentation to find out what settings need to change. For paid add-on modules, sometimes an upgrade will fix the issue.
Finally, after the website is ready and launched into production mode, the settings should be changed to production/live (test mode off). A test order should be done with a valid credit card (the owner’s business card most likely) to simulate a real customer order. If successful, the checkout process should go smoothly without errors and display the confirmation page and send the details of the transaction to the gateway. A little while later, the transaction should show up in the reports of the payment gateway control panel. I usually recommend creating a test product that is $1 or a small amount to do this test, and then immediately remove that test product (or make it private) from the website.
