Processing Payments on the Web: 7 Things to Consider

By Features PCmag

Too often, merchants entering the e-commerce arena view online payment processing as some sort of last step, or even an afterthought. It's seen as something to spend a few minutes doing after months of working on the website's design. While your website's design is certainly important, the truth is that a clunky or cumbersome payment page can alienate customers faster than just about anything else. There's even a term for it: cart abandonment.

Continue Reading Below

Cart abandonment is a critically important consideration for mature e-commerce players, mainly because it can be shockingly high if you give short shrift to how your payments processing engine works. Check out these Abandonment Rate Statistics from the Baymard Institute if you need some concrete proof. The most important thing when choosing an online payments processing service—whether your payment relationship will be directly with a payments gateway (larger merchants) or indirectly via an Independent Sales Organization (ISO)—is to think through your business strategy carefully.

Only then should you make the important decisions that will affect your payments processing strategy. Specifically, these decisions include what kinds of payments you want to accept, in what countries you plan to sell, whether or not your business will benefit from mobile integration, and more. Unfortunately, the most popular approach to finding a payment partner, especially among small or new online merchants, is to find the most acceptable price and then accept whatever services that partner happens to offer.

The services a prospective payments processing partner offers, and even the way in which they offer them, can have a critical impact on your business. It's a very bad idea to accept such services without knowing exactly what those effects will be. That said, here are seven considerations you'll want to take into account even before starting your quest for an online payments partner:

1. Retain a PCI QSA First
Most merchants now understand that part of the price of accepting credit and debit cards is undergoing the PCI compliance process. The key part of that process is having a PCI Qualified Service Assessor (QSA) evaluate and investigate their security status. Think of a QSA's PCI assessment as akin to an IRS auditor conducting a tax return audit—except that merchants get to choose their QSA and they have to pay them, too. (If that sounds like a conflict of interest to you, then you're not alone. Let's save that discussion for another day.)

Given that merchants will almost always need to retain a QSA—and the cost is the same regardless of when the arrangement begins—it makes a lot of sense to secure a QSA before you start evaluating payment processors. Why? That QSA can help you choose a potential processor by evaluating their security situation in addition to yours (and they'll likely already know of any major security incidents with which a particular processor may have been involved).

Continue Reading Below

Also, one PCI requirement (it's 12.9, available as part of PCI 3.2, available here) requires the service provider deliver quite a bit of information formally to any merchant who knows PCI well enough to ask for it. Collect that material for all of your prospective payments companies and share it all with your QSA because, once they have it, they'll be able to recognize and flag issues before they become problems. You're paying this QSA, after all, so engage as early as possible to maximize that investment.

2. Decide Where You Want Your Payment Process to Live
This is another security issue. Do you want customers to fill out their payment forms on your website or on your ISO/gateway's website? There are some very good reasons for that to happen anywhere other than your website. For example, the PCI assessment process will go so much faster and easier if your server and employees never ever have access to customer payment card data.

It's also easy to implement as it's available via a simple and almost instantaneous redirect from your website to the payment partner's website. Companies well known for such capabilities include Amazon and PayPal which, like many other competitors, not only allow the redirect but also provide access to a landing page that can carry your logo and design colors so the process doesn't feel jarring to the customer; many may not even notice it happened.

The only consideration you should keep in mind is that, by moving your engine off-site, you automatically become entirely dependent on your payment partner's security. But, given that you're going to be dependent to some degree no matter what, that's not much of a downside. Just remember that you can't sign away responsibility. If someone visits your merchant site, buys something, and then that customer's card credentials wind up in the hands of a cyber-nogoodnik, you'll still be swinging on a legal hook.

It's simple: Choose the path of least resistance. "If you don't need to retain card data, don't do it," advises Adam Perella, a partner in the security and compliance accounting and consulting practice at Sikich.

3. What Payment Types Do You Want To Accept?
Sure, American Express, Mastercard, and Visa are the obvious candidates as well as perhaps Diner's Club and Discover. But what about Amazon Payments, ApplePay, Bitcoin, PayPal, Venmo, or even ACH and e-checks? Technology isn't just making it easier to use traditional payment methods online; it's multiplying those options at a very fast clip. Different payments companies will likely only support some of the options just mentioned (and there are even more out there), which is important if you're worried about positioning your website for the future.

But, by that same token (cheap payments pun intended), you need to prioritize those options. Is the lack of Bitcoin support a deal-killer? Accepting Discover is nice but what does your sales data tell you about how many of your prospects have that card yet don't have one of the others? There is no simple answer to this problem, and the best expert on what will work optimally for your customers is you. Are a lot of your prospects college students?

Then you might find that Venmo is more critical than Amex. How many prospects are you expecting to visit from Asia, Australia, or South Africa? If the answer is "a lot," then investigate whichever payment methods are most popular in those countries. You're not seeking the best payments partner out there. You're seeking the best payments partner for you, and that criteria needs to include considerations specific to your customers whatever it is you're selling.

4. Payment Form Simplicity
Once you're in discussions with possible payment processing providers, ask to examine their online onboard payment form. Ask what, if any, changes they're willing to make. You want the form to be as short as possible. Why ask for city and state and then zip code when simply asking for the zip code first eliminates the need to ask for city and state? Why ask what kind of card it is and then ask for the card number when the card number will reveal the kind of card it is anyway?

Experts agree: This is one place you want to follow the K.I.S.S. (Keep It Simple Stupid) rule. "To minimize fraud, collect the CVV, street address—line one only—and postal code," said Dan Burkhart, CEO at Recurly. "Street address and postal code are used for address validation, but city, state, and country are not validated except for [the] advanced AVS [Address Verification System] which almost no one uses."

5. No Surprises: Shipping, Tax
Another big way to lose customers is to let them get hit with a surprise at checkout. Before you send them to your partner for payment, do everything you can to accurately calculate full shipping charges and all applicable tax. Sales tax, for example, is influenced by whether you have operations in the state of the customer but there's also the concept of nexus. That's where the customer and the merchant are in the same state. This can get complicated. A single distribution center, for example, can cause nexus, but sometimes telecommuters can as well.

Let's say a merchant has an employee who lives in Connecticut but who works right next door to the merchant's New York City location. This merchant has no operations in Connecticut. If that employee gets approval to work from home on a particular day, a strict definition is that Connecticut would have to charge sales tax to Connecticut residents on that day. Literally, where that merchant has to charge sales tax could change from day to day. Different states have different rules and different interpretations. That means that a shopper could be charged for sales tax on an item one day and not be charged sales tax on the identical item the next day. The point? If a shopper is not going to be charged sales tax on this purchase right now, then tell the shopper that early in the process. It'll make the item cost less and may lock in that sale.

Shipping costs are generally based on weight and speed but distance can also play a role. And, of course, which delivery service the merchant is using and the specifics of the deal they have in place with that company also makes a big difference. What that means is that, even without knowing the customer's address, it's generally easy to project a decent range. Doing so could make the difference between losing and keeping that sale.

6. Mobile Integration
Before you decide on a partner, examine how their forms look and feel on the mobile devices you believe your customers are most likely to use. HTML5, for example, makes a lot of promises but, when it comes to optimal mobile experience, it's not a silver bullet.

"Consider how you will integrate your mobile app into the web site prior to solidifying your e-commerce architecture to avoid duplication of effort and deployment headaches due to software version incompatibility," suggested Tim Sloane, Payments Analyst with the Mercator Advisory Group.

7. Vertical Expertise
This doesn't necessarily apply to all merchants but, if you're in a specialized vertical (such as quick-service restaurant or gas stations, for instance) that have their own particular payments issues, then you might want to give priority to payments firms that specialize in your vertical.

Let's say that a quick-service restaurant has decided to allow web ordering, with the customer having the option of eating in-store (no ordering delay, just come in and the food is ready) or taking it home. In some states, though, sales tax would be applied differently in those two situations. A payments package that specializes in these kinds of restaurants would have that already factored into the software. In other words, it would ask the customer their plans and would add sales tax if appropriate.

This also applies to merchants with unusual geographic needs. If you expect a lot of customers from Eastern Europe or the Middle East, then it's a good idea to make sure you have a payments partner who is familiar with payment processing in those regions, particularly taxation and tariff concerns. If you're in doubt, get on the phone with a potential processor and ask them detailed questions or, better yet, hire a consultant who's an expert in the area and have them do it. Yes, it's extra money, but finding the right processor on the first try is an investment that will pay off in the long run.

This article originally appeared on PCMag.com.