8 minute read

As ecommerce sales soar, here's how to accept online payments confidently

Tuesday, March 02, 2021

8 minute read

Updated on March 1, 2021: With COVID-19 causing global disruption in the physical world, many companies are looking for digital payment alternatives to keep their businesses up and running. This article explores everything you need to know about accepting online payments during this unprecedented time.

Current projections show that global e-retail sales are expected to grow to up to $4.8 trillion by 2021, which makes sense because over 75% of today's consumers around the world are shopping online at least once a month.

Powerful payments technology is behind the scenes making your customer's purchase possible. Even though it often takes mere seconds to notify a customer that their purchase was successful, the transaction goes through a complex ecosystem in microseconds to reach that point.

In this article, we're demystifying the online payment process so that you can accept online payments with confidence.

The Path of a Transaction

It's easy to overlook the complexity of the path of a transaction. To your customer, it seems like the transaction happens instantaneously. But the reality is that once he or she clicks "submit" on the payments page of your website, that transaction leaves your online infrastructure and enters the payments ecosystem. That ecosystem contains several steps, all of which need a green light before a payment confirmation message pops up on the screen. Knowing each step in the payment ecosystem will help you make important decisions about how you process payments for your business.

Payment Ecosystem

Illustration showing the payment ecosystem

shopping cart iconShopping Cart

In a retail environment, the transaction begins once your customer places items into your website's virtual shopping cart. The shopping cart is the user interface where your customers review their intended purchases, provide payment information and complete the transaction resulting in your business making a sale. That transaction can be for a product or a service. It can also be the place where you collect payments online for bills or donations. Through your shopping cart, you can accept many different payment methods from your customers like credit and debit cards, PayPal and Apple Pay.

There are many shopping cart options for you to choose from. You can develop your own from scratch. You can use an open-sourced platform or a done-for-you version with simple integrations and plugins. Selecting the right shopping cart depends on many factors, including the size of your business, the team you have to develop and manage your online site, the needs of your customers, your marketing plan and more. Scoping out your requirements will help you select the right fit from the get-go or help you upgrade to the best one that will scale with your business.

Global Payments iconPayment Gateway

Once your customer submits their payment in exchange for your product or service, their card details are collected by the payment gateway. At that point, the payment gateway authorises the transaction following security compliance protocols and sends it to the payment processor. Businesses can build their own payment gateway, but more likely, they find a payments technology partner like Global Payments to handle the payment gateway and the following step as the payment processor for them.

Global Payments iconPayment Processor

The payment processor is a financial institution licensed as a member of a card association (think Visa or Mastercard) that maintains the merchant's account. When the payment processor gets the payment details from the payment gateway, it submits the transaction request to the relevant card network.

card network iconCard Network

American Express, Visa, Mastercard and Discover all are examples of card networks. The role of the card network is to switch the request for payment from the payment processor to the appropriate card issuer so that they can validate the request for payment.

issuer iconIssuer

The financial entity that issued the card, typically the customer's bank, will validate that the card details correspond to an account at that financial institution. It will also ensure that there are sufficient funds, or available credit, in the customer account to complete the purchase and that the card security information has been entered correctly before deciding whether or not to authorise the payment.

The decision of the card issuer is then communicated back through the ecosystem, flowing from network to payment processor to payment gateway and to the merchant website so that the result is displayed to your customer. If the transaction has been authorised successfully, the customer receives a purchase confirmation. If the transaction has not been authorised, the customer is notified and will have the option of trying to complete the purchase again.

Self-Hosted or Fully-Hosted

When you're formulating your online payments strategy, you have a decision to make around whether you want to host payment processing yourself or outsource it to a third-party. In the self-hosted model, you take responsibility to manage the full scope of PCI (Payment Card Industry) compliance and go through an annual card security assessment. Depending on your size, you will also likely hire a Qualified Security Assessor (QSA) to validate that you're in PCI compliance.

In the fully-hosted model, you rely on an accredited third-party like Global Payments to process payments for you. There are several advantages to consider with this approach.

First, you shift much of the burden of card security compliance to your trusted third party, who will manage many of your processing needs for you, and narrow your PCI compliance burden. Your payment processor is responsible for protecting the cardholder data in its possession. It's a good idea to validate that your payment processor is PCI compliant during your evaluation process.

Additionally, you can save a huge amount of time by focusing on what you do best while your trusted payment processor handles what it does best. You'll gain confidence that you're achieving a higher level of payment acceptance with industry-leading best practices at work for you. For example, Global Payments uses a variety of tools from its decades of experience, including fraud management and enhanced security measures like encryption and multi-use tokenization, to ensure you get the green light at every step.

Sell Online Securely

The next step to selling online with confidence is offering your customers a safe and secure online buying experience. Instilling trust in your customers is the difference between making the sale and losing it forever. Nearly 20% of customers abandon their online shopping cart because of trust issues at checkout, according to a recent study by Baymard. Here are a few ways to reassure customers and build credibility:

1. Get an SSL Certificate

Secure Sockets Layer, commonly referred to as SSL, protects your checkout by encrypting your customer's personal transaction details. SSL is the industry standard used by millions of websites to protect their customer's online transactions. This means a lot to your customer who will be assured that their transaction is private. You can communicate that your business holds an SSL certificate with a lock symbol in the URL bar of the browser.

2. Display Trusted and Secure Logos

After you've gone through the process of being able to accept various forms of payment from trusted financial brands like Visa, Mastercard, American Express, PayPal and WeChat Pay, displaying their logos at your checkout and throughout your website to build credibility with your customer, which reassures them that their money is being handled with the proper care.

3. Show You're PCI Compliant

PCI compliance is required of every business that takes credit cards as payment to sell goods or services. It's a designation that tells regulators you are properly handling and storing your customer's payment details safely and securely. The PCI-DSS was adopted by the card brands to safeguard the public against cardholder theft and fraud by requiring businesses like yours to meet minimum security levels when they store, process and transmit cardholder data. Once you become PCI compliant, communicate it to your customers in the checkout process with the PCI-DSS trust logo.

Accepting online payments is more than simply standing up a shopping cart on your website and hoping that the money lands in your bank account. Now that you know the path of a transaction, what it means to be self-hosted or fully-hosted and how to sell online securely, you can confidently build an online payments strategy that best aligns with your vision for your company.

RECOMMENDED FOR YOU