Why Read This? : We look at the challenges in managing e-Commerce payments. Learn how payment gateways help you manage payments securely, and how to find and choose the right provider. Read this to learn how to make managing e-Commerce payments easier.
Getting paid is clearly vital to online selling. It’s one of the first things to scope out when you start selling online. The easiest way to manage e-Commerce payments is to outsource them, such as when you sell via marketplaces, print on demand and online retailers.
The payment model’s simple in these channels. You do the front-end selling (digital media and product page information, for example), and the selling site handles the back-end payments. The shopper orders from the site. They pay the site. You get paid by the site. That’s either up-front for the stock, or when an order goes through. You’re completely disconnected from the individual shopper’s payment.
Manage e-Commerce payments directly
However, this approach means you’ve no control over this part of the customer’s journey.
You only get that control by selling direct-to-consumer (D2C). When you sell D2C, you manage e-Commerce payments yourself as part of your order to delivery system.
Having a direct connection with the online shopper sounds great. But, there are challenges to managing e-Commerce payments yourself.
You need a payment system which is secure, reliable and controls how payments work on your site. All good, but how do you actually do this?
Payment system options
The good news is you have choices. After all, other stores have already set up e-Commerce payments before you.
You set up an account with them and connects it to your bank account. When the customer pays them for an order, the money’s then transferred (less their fee) to your account. It’s safe and secure. However, it depends on customers already using those services, which not all customers do.
The more common way to pay for things online is with credit and debit cards. If you want to take e-Commerce payments by card on your website, you’ll need to connect it to a payment gateway.
Payment gateways are secure website systems. They act as intermediaries for payments between a customer’s card provider, and your bank account.
They link to your website, and become part of your check-out process. In simple terms, the customer puts their payment details into the gateway. The gateway then checks with the card provider it’s a valid payment. If it is, the payment’s validated and transferred to your account.
However, there’s a number of steps to setting up and managing this e-Commerce payments process. Most of these are about reducing risk.
Payment gateways and risk
The main role of payment gateways is to reduce the risk which occurs when money changes hands. It reduces risk for both buyer and seller.
For example, you have to register your details with the payment gateway as the seller. That means there’s a record and evidence you’re a genuine online seller.
For buyers, this gives them some security they’ll get what they order when they buy from you. It reassures them their payment is protected.
The payment gateway also checks with the buyer’s card provider that the transactions’s genuine. It blocks orders from lost or stolen cards, for example, which reduces your risk. You can also use it to prevent suspicious transactions, again reducing your risk. (more on this later).
Payment gateways validate or reject transactions
As the shopper checks out on your store. there’s a point when they need to enter their card details. That’s where the payment gateway comes in. It handles those details for you. In fact, you don’t see the credit card details at all. You get confirmation it’s a validated transaction as the money’s transferred to your account.
If for some reason, the gateway rejects the transaction, the customer is notified the payment hasn’t been accepted. You won’t be notified of this, though it’s possible to investigate rejected payments in the payment gateway’s back-end system.
Finding a payment gateway to connect to your website
There’s a big choice of payment gateway providers out there.
Your bank may provide this service. But if they don’t, they’ll likely have a list of recommended providers.
However, it’s worth researching the options as you don’t have to follow their recommendation.
As you review different providers, there’s 3 main factors to consider :-
- Fees and set-up costs.
- Service and support.
- PCI DSS compliance.
Payment gateways aren’t free.
They charge an admin set-up fee (usually a few hundred dollars), and then an on-going fee per transaction (usually 1-3%). They also apply fees to chargebacks, when they charge you for making customer refund payments.
These costs and fees all vary by provider, and change regularly. It’s a competitive market. That’s why it’s worth doing the research to find the best deal as you set up your store.
The fees per transaction also vary based on how much you sell. Hit certain thresholds and you reduce the fee percentage per transaction. (e.g. over $100k, over $1m and so on).
You look at these fees as part of your online store business model planning. You identify potential providers (typically 3-5), and look at which offers the best deal, based on your forecast. Make sure to involve your finance team in this, as it helps familiarise them with the specific business model challenges of D2C.
In your profit and loss, do note that the payment gateway fee isn’t the same as the credit card fee. You pay that to Visa, Mastercard or AMEX over and above the payment gateway fee.
Though 1-3% per transaction doesn’t sound much, if you sell a lot online, it can soon add up. Small percentage differences can have a big impact on your bottom line. You should regularly review fees in the market to make sure you’re getting good value. You’re not locked in to staying with the same provider.
Service and support
Fees are important of course, but they’re not the only consideration. With payment gateways, you get what you pay for. Some providers keep fees low, by only offering limited levels of service and support.
And that may cause issues when something goes wrong, and you need help.
You’ll almost always need some tech support during the set-up. And you’ll also need it if something goes wrong once you start accepting payments.
Remember, the payment gateway handles every card transaction on your store website. If something goes wrong (which happens surprisingly frequently), you need good support from the payment gateway provider to fix it quickly and efficiently. If it breaks, you don’t get paid.
So, check user reviews on the gateway provider’s level of service. Make sure there’s easy, reliable access to their support team. You’re paying them for a service, and quick resolution of issues is part of that service.
PCI DSS Compliance
The final check is to make sure the payment gateway complies with the Payment Card Industry Data Security Standard, (PCI DSS). This is more commonly known as PCI compliance.
This sets strict guidelines on managing payment security. It protects buyers and sellers by making sure sensitive personal information such as card and bank details are stored and accessed securely.
If you choose to handle payments yourself and not use a payment gateway, you have to comply with all PCI regulations.
If you use a PCI complaint gateway though, the amount of regulations you need to follow drops. You’ll need to involve your IT team to make sure you meet your PCI obligations, whichever route you choose.
Connecting a payment gateway
When you’ve chosen a payment gateway, the next step is to connect your store website and bank details to it.
You complete an order form with all the relevant details to set you up as an online merchant. This include details of your company name, contact details, bank details and Internet Merchant ID.
On the form, you choose from the relevant payment plans for set-up costs, fees per transaction and chargebacks based on your forecast transactions.
It’ll also includes your agreement to their terms and conditions. Make sure you review these closely. If unclear, get legal advice. Make sure you understand what it commits you to do, and what commitments the provider gives.
For example, check their commitment level on maintaining the service. They should provide a defined response time for handling enquires and resolving issues.
You should also check the notice period you have to give if you decide to change provider, as these can often be quite lengthy.
Once you sign the agreement, you get a log-in and password to access their systems, with instructions on how to make the website and bank account connections. You also get customer support contact details to help fix issues, or if the links don’t work properly.
Embedded vs hosted payment gateways
You also have to choose between embedding the gateway into your store, or using a hosted service.
The embedded option is more common, and is usually the best choice. You plug the payment gateway into your website with a piece of code. It works as an embedded object, so to the customer it appears to be running as part of your site. Even though, it actually interacts with the payment gateway system.
Embedding can sometimes be more tricky to set up. The code needs to work with your Content Management System (CMS). If there’s an issue, you usually ask your IT team and the payment gateway technical service support team to fix it. It’s usually a key part of your testing plan as you set-up and run your store website.
With a hosted payment page, the customer is taken off your site to make the payment. They go to the payment gateway website, and are then taken back to your website once the order’s validated. It’s a clunkier experience and can lead to some shoppers abandoning the purchase. Keeping shoppers on your site with an embedded payment gateway is a much better way to go.
Managing transactions on payment gateways
This payment gateway back-end system access lets you track individual transactions. You also use it to manage refunds and adjust payments if needed.
You’ll need a transaction or customer ID number to identify specific orders. The system won’t let you see or use the actual card number itself.
This is part of the way it protects against fraud. The full credit card details are hidden with a system called ‘hashed’ data. This obscures the details of the card, but still lets the system identify the specific card itself via the transaction or customer ID.
You need to set up a clear system for refunds, usually involving your finance and customer service teams. Refunds keep customers happy, but remember they come straight out of your bank account. You need a clear set of rules for who approves refunds, and under which circumstances you give them.
You also use this back-end system to analyse and report on the transactions. For example, to track rejected payments and refunds.
Setting payment rules
Let’s move on to how payment gateways help protect you against risks.
For a start, they automatically reject transactions from cards reported lost or stolen. They also reject transactions where the buyer doesn’t have enough funds / credit on the card. That means you’re always guaranteed payment before sending out an order. You never have to chase a customer to get paid.
However, if you accept a payment which later turns out to not be genuine, the card provider will refund the customer, and then charge you to recover the funds. (known as chargebacks). You obviously want to minimise how often this occurs.
This means there are some grey areas where you have to decide what type of transactions you’ll accept, and which you’ll reject for being too risky. You adjust the settings in the back-end of the payment gateway to set rules for what’s an acceptable payment, and what isn’t. Let’s look at some common examples :-
- geography limits.
- repeat or large orders for re-selling.
- credit card and IP address blocking.
- time and quantity limits.
- blocked customers.
You can set limits based on where the card comes from and / or where it’s being used. Payment gateways will normally suggest a list of high-risk countries for both issuing and using credit cards. You can choose to block cards from those countries and / or orders placed from those countries.
If customers in those countries complain, you refer them to your shipping policy which normally states where you will and won’t deliver. You may have some cases where this blocks a genuine buyer, but that risk is usually lower than accepting orders from high-risk countries.
You can also set up blocks to avoid shipping to addresses which suggest they’re being used fraudulently. For example, orders from many different cards, but all going to the same delivery address.
Repeat or large orders for re-selling
Similarly, you can also block multiple or large orders if you need to manage stock levels, and suspect the buyer is trying to profit from re-selling the product. This is normally done by blocking orders from the customer’s name or delivery address.
You can’t control re-selling, but you can choose to not accept an order if you believe it’ll impact your ability to support other customers. For example, when selling concert tickets, music promoters do this to prevent ticket scalpers buying multiple tickets and then selling on at a profit.
For high-demand products where you have to restrict supply, you should regularly analyse order details. Buyers often try to wriggle around rules you set. For example, if you block an address, they may subtly alter it to get round the block. Adding phantom unit details, for example, where no units exist at that address. Unit 1, 1 High Street; Unit 2, 1 High Street, Unit 3, 1 High Street and so on. But you look up 1 High Street, and it’s very clearly a house.
Credit card and IP address blocking
In fact, these types of rule-breaker buyers will often come up with more sophisticated tricks to get round your name / address blocks. They’ll make up names, or send orders to friends and relatives. They may even send deliveries to a neighbouring house and grab them off the doorstep.
Where you get repeated rule-breaking behaviours, you need to get more sophisticated in your blocks. For example, you can block specific credit cards or IP addresses to prevent repeat orders.
This isn’t foolproof, as it’s not difficult to set up new credit card details and mask your IP address. But it makes it harder to break the rules, so limits your exposure to only the most determined rule-breakers.
Time and quantity limits
Similarly, if stock levels are an issue, you can set rules on how often orders can be placed, and how many items you’ll supply per order.
So, for example, an individual customer can only order 6 units every 30 days. If they try to order more, or re-order within the 30 days, the order’s rejected.
You can also limit the amount of spend you accept in one transaction. People trying to use stolen credit cards often aim to spend the largest amount they can. Big spends often indicate a stolen card.
You should set a “reasonable” limit per transaction to reduce your exposure.
In the most extreme cases, where you have persistent challenges from specific customers, you can ban them completely. They consistently try to break your order rules, for example, or regularly complain, or try to scam the system.
You’re under no obligation to accept an order.
You can set up the payment system to reject an order based on specific details such as their name, address, credit card details, or IP address as we covered above.
Of course, these difficult customers may create new identities and try again. But these payment barriers will at least slow them down and make it harder for them.
Regularly review e-Commerce payments
Clearly, managing e-Commerce payments is a key on-going part of your D2C store operations. It needs to run reliably smoothly.
That means you should include it as part of your on-going D2C dashboard reporting. You should regularly track relevant factors such as the levels of returns, complaints and fraud as per this example.
You should set up regular reviews with your finance, customer service and IT teams who use the system. These should evaluate your provider against competitors to make sure you’re getting the best mix of fees and service levels.
Conclusion - e-Commerce payments
Payments aren’t the most glamorous side of e-Commerce, but they’re fundamental to online selling. You need to get paid for what you offer.
You have more control over payments when you sell D2C, but there’s also more involved. You pay for that control by having to manage extra complexity.
For example, you need to connect a PCI compliant payment gateway to your site to securely manage transactions. When looking at providers, you want the right mix of good value on costs and fees, and high levels of service.
You normally embed the payment gateway into your website to make the check-out experience seamless for the customer. Once it starts running, you adjust the back-end rule settings to help protect yourself against fraudulent transactions.
Doing all these steps ensures your e-Commerce payments go through with the minimum of fuss for both you and the shopper.