February 7th, 2007 by Jamie Estep
How to accept credit cards on your website
Filed in: Ecommerce, Guides, Merchant Accounts | 10 comments
I absolutely hate writing this post, because it is so generic, broad and over-done. But, I was searching on Google today to see what was out there, and as usual there are very few objective sources that are worth reading on the topic. Apart from that, I don’t have a guide on this site, and seeing as how this is a merchant account blog, it sort of fits the genre. Without any further rambling…
Accepting credit cards on a website is absolutely necessary for the success of any online sales efforts. While there are several other available payment methods for websites, credit cards surpass every other one because of their wide use and convenience.
There are two types of companies that can enable a website to accept credit cards. The first is a 3rd party processor, and the second is a merchant service provider (called an MSP, or ISO). The primary differences between 3rd party processors and MSPs are the way a website integrates with their service, the liability that the website owner has over the transactions that they process, and the price that a they will pay for the ability to accept credit cards. 3rd party processors include companies like Paypal, Google Checkout, 2checkout.com, CCnow, Clickbank, and many more.
The difference between MSP’s and 3rd party processors:
MSP’s
- The business apply’s for a merchant account directly with a MSP.
- Business is personally liable for everything that they process.
- Customer’s credit card statements have the business name on them.
- Use with a Payment Gateway (Seamless integration available).
- Some fixed monthly fees in addition to processing costs.
- Possible setup fee.
- Possible long term contract requirement.
3rd Party Processors
- Business processes under the name of the 3rd party processor.
- Customer’s credit card statement has 3rd party processors name on it.
- Any dispute is made through the 3rd party processor and not the processing bank.
- Business and customer have limited protection from being ripped off.
- Must use 3rd party processors checkout system (Paypal has one exception).
- No fixed monthly fees.
- Some have setup fees.
- Most have high processing costs (Paypal and Google Checkout don’t).
- No contracts.
- Business is partially liable for the transactions that they process.
Which should a business use?
Assuming that you are based in the US, this depends mainly on how much business you do, the type of products you sell, how you want to integrate payments into your website, and whether you sell on eBay or not.
For businesses in the US, Paypal is pretty much going to be the lowest cost method of accepting payments that you will find. As much as I personally hate to admit it, it will be very hard to find a company that can beat the cost of paypal. However, paypal has many negative attributes which often make it a poor solution for serious ecommerce websites.
Personally, I think paypal makes an excellent supplementary payment method, as there is a fair number of online shoppers that prefer to use it.
- How much you business you do:Merchant accounts have fixed monthly fees associated with them. If you are only processing a few dollars a day, it is simply a waste of money to use a merchant account. 3rd party processors don’t have fixed monthly fees, and will be a more cost-effective solution for low volume businesses or an individual. If you do a lot of business, then a merchant account will give you better control over the funds that you process, and how your payment method integrates into your website. Many people consider the threshold of switching from a 3rd party processor to a MSP at about $1000 per month in processing. Personally, I would switch to a merchant account at about $500 per month, so that I could provider a cleaner experience for my customers. But either way, these aren’t huge volumes of processing before a merchant account may be warranted.
- The type of products you sell:Many product types are considered high risk. High risk refers to products or services that carry an increased risk of being charged back, or being obtained by or sold to fraudulent buyers. A few examples of high risk businesses include anything adult related, travel related, online pharmacy, and download-able products. Online in general is much higher risk than retail. On a personal note, I think that most online businesses will experience some sort of fraud in their online ventures. Neither 3rd party processors or MSP’s like providing services to high risk businesses. In these cases a business will have to contact everyone to find a company that can provide service to them. In some cases they may have to process through an offshore merchant account provider.
- How you want to integrate payments into your website: If you want a completely seamless system where your customer never leaves your website, then you are going to need a merchant account and a payment gateway. Payment gateways generally have two integration methods, but I only recommend using an API method of integration. 3rd party processors require your customers to fill out their information on a website owned by the 3rd party processor. A seamless integration method is considered by many to be fundamental in providing a smooth and efficient shopping experience. Paypal does provide a system called payments pro, which is a step in the seamless direction, but it is difficult to integrate into a website, and still creates some usability barriers. If you look on any major ecommerce website, you will find that they are all using a seamless integration with their payment processing method. 3rd party processors may be an alternative payment method, but they are rarely the primary method for a serious company.
- Do you sell on eBay? If you sell on eBay, you should accept Paypal. Paypal integrates seamlessly with the eBay checkout system, and the majority of eBay users expect to be able to use Paypal to complete their purchase. Merchant accounts are difficult to integrate with eBay and must always rely on multiple independent systems for them to work smoothly and automatically. Businesses that sell a lot on eBay will probably look into one of these checkout management systems at some point, but Paypal is the perfect solution for the majority of smaller eBay businesses.
Now that you have your processing method:
I am making the assumption that you already have a shopping cart in place on your website. This can either be a custom designed system, or can be a pre-made cart system like oscommerce, zen cart, and many of the other popular carts.
If you went the merchant account direction, you will also need a payment gateway. It is easiest to get a payment gateway from the same company you are getting a merchant account through. If you already know what payment gateway you want, make sure that the merchant account provider can set this up for you. If you don’t know what payment gateway you want, Authorize.net is always a safe bet. There are many payment gateways available, with the most common being Authorize.net, and Verisign. You will want to use a payment gateway that has an API (Application Programming Interface) method of integration. The API is what allows your website to transparently integrate with the payment gateway.
Requirements to process on your website:
- A SSL (Secure Socket Layer) Certificate (needed if you use a payment gateway API).
- A shopping cart system (This can be custom made or you can use ready made shopping cart software).
- Integration of your payment gateway or 3rd party checkout system.
- Merchant account providers also have a list of requirements to setup an ecommerce merchant account. I recommend making sure that as many as possible are met before applying for a merchant account.
Depending on whether you have a custom designed or a generic shopping cart system, it can be as easy as pressing a button, or as hard as writing a complex integration script, to integrate your website with the payment gateway. Most shopping carts that are widely used will have a module or plug-in to integrate with most of the popular payment gateways. Custom carts will need a custom payment module, which should be coded by the person who designed the cart or another competent programmer. Here is a guide on how to integrate Authorize.net with a website using php5. Also, if you are interested in purchasing a Authorize.net integration script, authnetscripts.com has scripts for PHP, ASP, PERL, and Cold Fusion. I have used their scripts myself and highly recommend them. The price of one of these scripts is far less than hiring a programmer to write one for you. Integration tutorials for most payment gateways are available in just about every programming language, but again these should be programmed by a professional. If you need to hire someone to do the integration for you, I recommend services like getafreelancer.com and rentacoder.com. Make sure to pick a service provider with positive feedback, and make price a secondary factor. Here is a brief guide on how to use freelance marketplaces.
If you do use a payment gateway, make sure you are not storing credit card numbers or other sensitive information unless you know exactly what you are doing, how to properly encrypt the data that is being stored, your server is PCI compliant, and your website does not have security vulnerabilities.
Once you’re integrated:
Once your website is integrated with your payment gateway or 3rd party processor, you are ready to start accepting payments. This whole process is not really as complicated as it seems, and should be takes in steps to prevent problems.
Quick Overview:
Merchant Account / Payment Gateway Flow -is the order of setting things up that I recommend for the least amount of potential problems.
- Setup Website
- Setup Merchant Account and Payment Gateway
- Purchase and Install SSL Certificate
- Integrate Website with Payment Gateway
- Test Integration, and Run A Real Transaction
- Go Live!
3rd Party Processor Integration – requires less structured planning, but some ordering will make a difference.
- Setup 3rd Party Processor Account
- Setup Website
- Integrate Website with 3rd Party Processor
- Test and Run A Real Transaction
- Go Live!
For a better comparison of merchant account and 3rd party processors checkout the Merchant Account Comparison.
Hopefully this whole process goes smoothly for you. Once everything is complete, you can focus on the marketing and promotion of your ecommerce business. As always, feel free to contact me if you have a question, or you need some direction on what to do.
Best of luck to you…
A great way to start out with accepting online payments is to use 3rd party processors at first to gauge how much turn over and business you will be taking.
Alot of ‘real’ merchant accounts have fairly high start up fees (£150 upwards) and if you are not sure how much you will be selling then try a 3rd party first (ie paypal, google checkout, nochex). You pay a higher percentage, but then when things take off, do your math, and when its worth it, get yourself setup with a real merchant account.
Isn’t it much easier just to get a Paypal account, and let them handle everything?
This is a great comparison between merchant accounts and 3rd party processors. Here are a couple more things to consider when making a decision about your online credit card processing solution.
-some 3rd party processors will require your customers to create an account with them before they’re able to purchase from you. People buy online because of the convenience; having to jump through hoops just to make a purchase isn’t real convenient in my opinion. When your customers realize that they’ll have to provide their financial information to a 3rd party before they can check out, it may cause some of them to abandon your shopping cart.
-most merchant accounts/payment gateways have a virtual terminal feature so the merchant can manually process transactions for face to face, phone, or mail sales. Even though PayPal now has a virtual terminal feature for a long time they didn’t and most 3rd party processors don’t offer one. Be sure to ask about a virtual terminal before signing up with anyone if you’re going to need that function.
Michael Rupkalvis
The Transaction Group
I know Jad Talbert and he likes the easy options but as usual he isn’t thinking through the implications of his suggestions.
Even though PayPal now has a virtual terminal feature for a long time they didn’t and most 3rd party processors don’t offer one. Be sure to ask about a virtual terminal before signing up with anyone if you’re going to need that function.
I want to accept major credit cards on my website. How do I do that? Any suggestion would be appreciate.
hope you can teach me how to add credit card on my website
Good article, however you neglect to mention a very important factor – websites who integrate an API based payment gateway are required to be PCI Compliant – with both their hosting and application. This involves more than simply getting a SSL certificate.
It’s an enforced requirement. Retailers operating API credit card processing on their website without being PCI Compliant face very stiff fines.
Thank you for your post, and best regards.
Choosing the right type of online merchant account is critical for ecommerce businesses, thanks for sharing
How can you say Paypal is cheaper ?? That is wrong, your processor must have been overcharging you . Not all processors make you sign a contract, have expensive monthly fees, set up fees, or cancel fees. If you are processing way under $1,000 then stick with Paypal but any other business needs to contact a reputable processor. Be careful of banks. Always check BBB and even Google the processors company name and salesperson`s name for complaints. .
This really is a great comparison between merchant accounts and 3rd party processors. I would like to stress again the PCI DSS compliance regulations that are taking place which will especially affect merchants level 4.Most merchants that store, processes or transmit cardholder data must be compliant by now. However, by July 2010 any merchant that is not PCI compliant, including Level 4 merchants,will be de-certified and must stop accepting cards.Level 4 Merchants are defined as those with fewer than 20,000 Visa transactions per year. Most small vendors will fall into this category. As of July 2010 if you are level 4 merchant you either are PCI compliant or you will no longer able to accept payments.