Receiving prompt and secure payment for orders placed via your website is absolutely vital to any e-commerce system, but selecting and setting up the right payment gateway can often be hurried low on the agenda when setting up a new site.
The payment gateway sits as a middleman between your customer’s bank and your bank. During this process the credit or debit card is validated, checks made to ensure funds are available, anti-fraud analysis run, and then (eventually) funds are transferred to your bank.
Internet Merchant Account
To take payments online you will probably need an internet merchant account (IMA). Some gateways are an all-in-one solution and don’t require an IMA, such as Stripe. An Internet Merchant Account is different from your business bank account, you can’t pay in or withdraw from it – it’s just an intermediary account. The IMA enables you to start accepting online payments when used in conjunction with a payment gateway.
Internet Merchant Accounts can be obtained via your existing bank, or from some payment service providers (PSPs). The bank or the PSP will assess the risk of the business trading online, and for new companies, without a banking history, this can be a drawn-out process.
Choosing how to take payments
For taking payments a customer can either remain on your website to enter their card details (onsite transaction) or be taken to the gateway’s website to pay (offsite transaction). The former has an increased process for PCI compliance (see below).
Within these, there is a subset of gateways, such as Apple Pay, Google Pay and PayPal, where a user has a payment method (either a card or bank details) and contact information stored in their account with the gateway. This means a customer only needs to authenticate the transaction, such as logging in or using a or login to pay. Having these on your site can increase the conversion rate.
Sadly, as with any financial transaction, taking payments online carries a risk of fraud. All payment providers will have a level of anti-fraud technology, screening cards and customer information and grading the results. Some systems will auto-block transactions with a high risk, others will flag them so you can make a decision. There is a careful balance to find between preventing fraud and not making it difficult for real customers to pay.
3D Secure transactions, where a customer is prompted to enter a password/code to complete the transaction, are covered by a liability shift. Should a 3D Secure transaction be claimed as fraudulent, the onus moves from you to the card issuer.
Payment Card Industry Data Security Standard is a set of worldwide requirements which aim to protect cardholder information from theft and fraud. If you take any sort of credit/debit card data (including card machines) you must comply with the standards and take steps to prove you have done so to your bank. This is usually done via a Qualified Security Assessor (QSA), companies that will be helping you perform PCI compliance assessments. Failure to be PCI compliant can result in fines from your bank and the loss of the ability to take card payments.
If you use an offsite payment method then you should be able to complete a yearly Self Assessment Questionnaire (SAQ) to achieve compliance. If you take onsite payments this will involve a much more detailed questionnaire and a regular vulnerability security scan of your website and network. Using a virtual terminal (see below) will also increase your PCI requirements as you are directly handling customer’s card data.
For more information on PCI DSS please visit https://www.pcisecuritystandards.org/
Selecting a gateway shouldn’t just be about transaction fees – also check what additional services and features are available.
A virtual terminal allows you to process card payments over the phone or via their written instructions, typing their details into your computer. You will need to see if you require a Mail Order Telephone Order (MOTO) merchant account to take advantage of a virtual terminal. Note that virtual terminals will affect the requirements of your PCI compliance.
Reconciliation of accounts is also vital to any business, so having clear and accurate information on tap in a useful format is a huge benefit.
Invoicing & Link Payments
Some providers allow you to issue invoices directly from their platform to your customers. The invoices contain a link to pay directly online via card, so often get paid much quicker than traditional paper invoicing.
If you’re not after full invoicing, some platforms have the ability to send a simple link to a customer via email, which takes them to a payment page to enter card information.
Maybe they offer direct integration to your accounts software or add-ons that allow for recurring payments, but check out add-ons or plugins that extend the functionality of the gateway. Also be aware of future requirements you may have, such as taking payments in other currencies and check that your chosen gateway can do those.
PayPal always comes up in discussions about online payments, being one of the most popular ways to receive online payments and very easy to set up. A common misconception is that customers need a PayPal account in order to pay, however, customers can use their credit or debit cards directly. Unfortunately, this isn’t always made clear to customers as they checkout which puts off a lot of merchants from using it as their sole gateway.
A big positive for existing PayPal customers is they have your details saved – both contact and card information. This means that the customer saves time by simply logging in to their account and accepting the transaction amount they have paid, instead of filling in forms and finding a payment card. Just having the PayPal logo on your site can encourage customers to pick your store.
PayPal has a range of ways to receive payments online, the most basic of which is PayPal buttons. These are super basic Buy Now or Pay with PayPal buttons that you can add to your site with a little bit of code. Customers can then click on them, be taken to PayPal, and then either login and pay by their existing PayPal account, or via credit or debit card.
As a step up from that is PayPal Checkout. This integrates with your ecommerce store so customers can have a basket full of items to checkout with, again being taken to PayPal to complete their purchase.
PayPal has also recently added PayPal Credit, where customers can buy now and pay later, with 0% interest on orders over £99. Customers are pre-approved, and obviously terms and conditions apply. This is all handled on PayPal’s side, so from a merchant point of view doesn’t require you to do anything.
PayPal isn’t always the most popular with merchants though, with higher than average transaction fees if you’re a low volume merchant, and there have been reports of accounts being suspended with little to no notice.
Previously known as Sage Pay, Opayo is a very popular payment gateway. This is more of a traditional gateway, where the customer is asked to enter their payment details – so no quick checkout with saved cards as with PayPal.
Opayo has a range of site integration methods, both on and off-site, and can accept deferred and recurring payments. They have a few pricing plans, with the most basic starting at £25p/m for 350 transactions.
Stripe may not be a name familiar to everyone, but it’s used on thousands of sites, including deliveroo, Waitrose, and booking.com. They have competitive transaction fees with no setup or monthly costs. It is easily integrated into WooCommerce and allows you to take Apple Pay and Google Pay as well. The admin area is a little busy and takes a while to learn.
Another of the big names in online payments, Worldpay offer an onsite or offsite payment gateway integration. Prices start at £19 per month, and minimum contract applies. Outside of that their fee structure is opaque and requires you to contact them. They also offer physical card terminals, for those of you doing face to face payments.
Like PayPal, Google Pay and Apple Pay are hugely powerful logos to have on your site. People know they will be able to checkout quickly, as their payment and delivery details are already saved on their device. Usually, you would have other payment options alongside Google Pay and Apple Pay, for people to purchase with a debit or credit card. Integration is also usually done via another payment gateway, for example if you use Stripe and WooCommerce you can enable them without having to register for separate accounts.
Not strictly a payment gateway, GoCardless allows you to take recurring payments directly from your customer’s bank accounts. GoCardless are effectively a modern take on Direct Debits, which is the basis of their system is built upon.
Klarna allows customers to split their payments across multiple interest-free instalments. Klarna pays the merchant for the product as soon as the customer completes their purchase. Again, it’s another option that isn’t clear on their transaction fees, but it’s somewhere around 2.49%+20p per transaction. This option can be popular with customers, but there are grumblings about being refused payment options and charges being taken when goods had been returned.
WooCommerce Payments is built on the backbone of Stripe, with identical fee structure, it provides an integrated interface directly into your WooCommerce store admin area for managing payments. Customers can pay directly in your website without leaving to go to a separate gateway site, and save their card details for faster payments in the future.
It’s always best to speak to your web development agency before engaging with any payment gateway, as they will have experience with a wide range of them and can help you navigate the pitfalls. They will also be familiar with what gateways your ecommerce site can work with, as some platforms are harder to integrate than others and while you may save a few pounds on your transaction fees the initial integration fees can offset that.