Skip to content

Show me the money – managing e-Commerce payments

Wallet with credit cards

Share This Post

Why Read This? : We look at the challenges in managing e-Commerce payments. Learn how payment gateways help you manage payments securely, and how to find and choose the right provider. Read this to learn how to make managing e-Commerce payments easier.

Working out how you’ll get paid is key to start selling online. The easiest way to manage e-Commerce payments is to outsource them e.g. when you sell via marketplaces, print on demand and online retailers. 

In these channels, you look after the front-end selling (digital media and product page information, for example), and the selling site handles the back-end payments. The customer orders from the site. They pay the site. You get paid by the site. You’re completely disconnected from the individual shopper’s payment.

Manage e-Commerce payments directly

However, this approach means you’ve no control over this part of the customer’s journey.

You only get that control by selling direct-to-consumer (D2C). When you sell D2C, you manage e-Commerce payments yourself as part of your order to delivery system.

Having a direct connection with the online shopper sounds great. But, there are challenges to managing e-Commerce payments yourself.

You need a payment system which is secure and reliable and controls how payments work on your site. Let’s look at how you do this. 

Three-brains Spreadshirt shop shopping cart pate shows Mens Premium Tank T-shirt selected to buy for $48.48 including $16.99 delivery

Payment system options

The good news is you have choices. After all, other stores have already set up e-Commerce payments before you. 

The simplest option is to use a payment service like Paypal or Afterpay

You set up an account with them and connect it to your bank account. When the customer pays them for an order, the money’s then transferred (less their fee) to your account. It’s safe and secure. However, it depends on customers already using those services, which not all customers do. 

Person paying for an e-Commerce purchase as they hold a credit card up in front of a laptop

The more common way to pay online is with credit and debit cards. If you want to take e-Commerce payments by card on your website, you’ll need to connect it to a payment gateway.

Payment gateways

Payment gateways are secure website systems. They act as intermediaries for payments between a customer’s card provider, and your bank account.

They link to your website and become part of your check-out process. In simple terms, the customer puts their payment details into the gateway. The gateway then checks with the card provider if it’s a valid payment. If the payment is validated, it’s then transferred to your account. 

However, there are several steps to setting up and managing this e-Commerce payments process. Most of these are about reducing risk. 

Payment gateways and risk

The main role of payment gateways is to reduce the risk which occurs when money changes hands. It reduces risk for both buyer and seller.

For example, you have to register your details with the payment gateway as the seller. That means there’s a record and evidence you’re a genuine online seller.

For buyers, this gives them some security they’ll get what they order when they buy from you. It reassures them their payment is protected.

Triangular warning sticker with large exclamation mark on a wall. Sticker has many rips and tears in it.

The payment gateway also checks with the buyer’s card provider that the transaction is genuine. It blocks orders from lost or stolen cards, for example, which reduces your risk. You can also use it to prevent suspicious transactions, again reducing your risk. (More on this later).

Payment gateways validate or reject transactions

As the shopper checks out, there’s a point when they need to enter their card details. That’s where the payment gateway comes in. It handles those details for you. In fact, you don’t see the credit card details at all. You get confirmation it’s a validated transaction as the money’s transferred to your account.

If the gateway rejects the transaction, it notifies the customer of this. You won’t be notified though you can investigate rejected payments in the payment gateway’s back-end system.

Finding a payment gateway to connect to your website

There’s a big choice of payment gateway providers out there.

Your bank may provide this service. But if they don’t, they should have a list of preferred providers.

However, it’s worth researching options as you don’t have to follow their recommendation.

Well-established providers like Adyen, E-Way and Square may well do better offers than your bank or their default list. 

Mans hands typing on a MacBook keyboard with another blurry display screen in the background

The quality and service of e-Commerce payment gateways is a common and regularly updated topic on specialist e-Commerce websites e.g. Big Commerce and G2.

As you review different providers, there are 3 main factors to consider :- 

  • Fees and set-up costs.
  • Service and support. 
  • PCI DSS compliance. 


Payment gateways aren’t free.

They charge an admin set-up fee (usually a few hundred dollars), and then an ongoing fee per transaction (usually 1-3%). They also apply fees to chargebacks, when they charge you for making customer refund payments. 

These costs and fees vary by provider and change regularly. It’s a competitive market. That’s why it’s worth researching to find the best deal as you set up your store. 

Person holding 6 hundred dollar bills in front of them which have been set alight

The fees per transaction also vary based on how much you sell. Hit certain thresholds and you reduce the fee percentage per transaction. (e.g. over $100k, over $1m and so on). 

You look at these fees as part of your online store business model planning. You identify potential providers (typically 3-5) and look at which offers the best deal based on your forecast. Make sure you involve your finance team as it helps familiarise them with the specific business model challenges of D2C. 

In your profit and loss, do note that the payment gateway fee isn’t the same as the credit card fee. You pay that to Visa, Mastercard or AMEX over and above the payment gateway fee.

Though 1-3% per transaction doesn’t sound much, if you sell a lot online, it soon adds up. Small percentage differences can have a big impact on your bottom line. You should regularly review fees in the market to make sure you’re getting good value. You’re not locked into staying with the same provider.

Service and support

Fees matter, of course, but they’re not the only consideration. With payment gateways, you get what you pay for. Some providers keep fees low by offering only limited service and support. 

This may cause issues when something goes wrong, and you need help. 

You almost always need some tech support during the set-up. And you also need it if something goes wrong once you start accepting payments. 

Customer service headset sitting on a desk next to a laptop

Remember, the payment gateway handles every card transaction on your store website. If something goes wrong (which happens surprisingly frequently), you need the payment gateway provider to fix it quickly and efficiently. If it’s broken, you don’t get paid. 

So, check user reviews on the gateway provider’s level of service. Make sure there’s reliable access to their support team. You’re paying for a service, and quick resolution of issues is part of that service.

PCI DSS Compliance

The final check is to make sure the payment gateway complies with the Payment Card Industry Data Security Standard (PCI DSS). This is more commonly known as PCI compliance.

This sets strict guidelines for managing payment security. It protects buyers and sellers by making sure sensitive personal information such as card and bank details are stored and accessed securely.

If you choose to handle payments yourself and not use a payment gateway, you have to comply with all PCI regulations.

Screengrab of home page of PCI Security Standards Council

If you use a PCI-compliant gateway though, the number of regulations you need to follow drops. You’ll need to involve your IT team to make sure you meet your PCI obligations, whichever route you choose.

Connecting a payment gateway

When you’ve chosen a payment gateway, the next step is to connect your store website and bank details to it. 

You complete an order form with all the relevant details to set you up as an online merchant. This includes details of your company name, contact details, bank details and Internet Merchant ID

On the form, you choose from the relevant payment plans for set-up costs, fees per transaction and chargebacks based on your forecast transactions.

Dan Murphy's website Payment page showing options to Redeem a gift card, use credit card or use pay pal

It also includes your agreement to their terms and conditions. Make sure you review these closely. If unclear, get legal advice. Make sure you understand the commitments from both parties. 

For example, check their commitment level to maintaining the service. They should provide a defined response time for handling enquiries and resolving issues. 

You should also check the notice period you have to give if you decide to change provider as these can often be lengthy. 

Once you sign the agreement, you get a login and password to access their systems, with instructions on how to make the website and bank account connections. You also get customer support contact details to help fix issues, or if the links don’t work properly.

Embedded vs hosted payment gateways

You also have to choose between embedding the gateway into your store or using a hosted service. 

The embedded option is more common and is usually the best choice. You plug the payment gateway into your website with a piece of code. It works as an embedded object, so to the customer it appears to be running as part of your site. Even though, it actually interacts with the payment gateway system.

Embedding can sometimes be more tricky to set up. The code needs to work with your Content Management System (CMS). If there’s an issue, you usually ask your IT team and the payment gateway technical service support team to fix it. It’s usually a key part of your testing plan as you set up and run your store website.

With a hosted payment page, the customer is taken off your site to make the payment. They go to the payment gateway website and are then returned to your website once the order is validated. It’s a clunkier experience and some shoppers may abandon the purchase. Keeping shoppers on your site with an embedded payment gateway is a better way to go. 

Managing transactions on payment gateways

This payment gateway back-end system access lets you track individual transactions. You also use it to manage refunds and adjust payments if needed.

You’ll need a transaction or customer ID number to identify specific orders. The system won’t let you see or use the actual card number itself. 

This is part of the way it protects against fraud. The full credit card details are hidden with a system called ‘hashed’ data. This obscures the details of the card but still lets the system identify the specific card itself via the transaction or customer ID. 

Waitress at coffee shop counter smiling at customer paying for coffee on a tap and go device

You need to set up a clear refund system, usually involving your finance and customer service teams. Refunds keep customers happy, but remember they come straight out of your bank account. You need clear rules for who approves refunds, and under which circumstances you give them.

You also use this back-end system to analyse and report on the transactions. For example, to track rejected payments and refunds.

Setting payment rules

Let’s move on to how payment gateways help protect you against risks. 

For a start, they automatically reject transactions from cards reported lost or stolen. They also reject transactions where the buyer doesn’t have enough funds / credit on the card. That means you’re always guaranteed payment before sending out an order. You never have to chase a customer to get paid.

However, if you accept a payment which later turns out to not be genuine, the card provider will refund the customer, and then charge you to recover the funds. (Known as chargebacks). You want to minimise how often this occurs. 

This means there are some grey areas where you have to decide what type of transactions you’ll accept, and which you’ll reject for being too risky. You adjust the settings in the back-end of the payment gateway to set rules for what’s an acceptable payment, and what isn’t. Let’s look at some common examples :-

  • geography limits. 
  • repeat or large orders for re-selling. 
  • credit card and IP address blocking.
  • time and quantity limits. 
  • blocked customers. 

Geography limits

You can set limits based on where the card comes from and / or where it’s being used. Payment gateways often suggest a list of high-risk countries for both issuing and using credit cards. You can choose to block cards from those countries and / or orders placed from those countries. 

If customers in those countries complain, you refer them to your shipping policy which outlines where you will and won’t deliver. You may have some cases where this blocks a genuine buyer, but that risk is usually lower than accepting orders from high-risk countries. 

You can also set up blocks to avoid shipping to addresses which suggest they’re being used fraudulently. For example, orders from many different cards, but all going to the same delivery address.

Repeat or large orders for re-selling

Similarly, you can also block multiple or large orders if you need to manage stock levels and suspect the buyer is trying to profit from re-selling the product. This is normally done by blocking orders from the customer’s name or delivery address. 

You can’t control re-selling, but you can choose to not accept an order if you believe it’ll impact your ability to support other customers. For example, when selling concert tickets, music promoters do this to prevent ticket scalpers from buying multiple tickets and then selling on at a profit.

For high-demand products where you have to restrict supply, you should regularly analyse order details. Buyers often try to wriggle around rules you set. For example, if you block an address, they may subtly alter it to get around the block. Adding phantom unit details, for example, where no units exist at that address. Unit 1, 1 High Street; Unit 2, 1 High Street, Unit 3, 1 High Street and so on. But you look up 1 High Street, and it’s very clearly a house.

Credit card and IP address blocking

In fact, these rule-breaker buyers will often come up with more sophisticated tricks to get around your name / address blocks. They’ll make up names or send orders to friends and relatives. They may even send deliveries to a neighbouring house and grab them off the doorstep.

Where you get repeated rule-breaking behaviours, you need to get more sophisticated in your blocks. For example, you can block specific credit cards or IP addresses to prevent repeat orders.

This isn’t foolproof, as it’s easy to set up new credit card details and mask your IP address. But it makes it harder to break the rules, so limits your exposure to only the most determined rule-breakers.

Time and quantity limits

Similarly, if stock levels are an issue, you can set rules on how often orders can be placed, and how many items you’ll supply per order.

So, for example, an individual customer can only order 6 units every 30 days. If they try to order more, or re-order within 30 days, the order is rejected. 

You can also limit the amount of spend you accept in one transaction. People trying to use stolen credit cards often aim to spend the largest amount they can. Big spends often indicates a stolen card.

Person holding calendar with 9 days crossed out with the letter x

You should set a “reasonable” limit per transaction to reduce your exposure. 

Banning customers

In the most extreme cases, where you have persistent challenges from specific customers, you can ban them completely. For example, they consistently try to break your order rules or otherwise misbehave and take up your time.. 

You’re under no obligation to accept an order.

You can set up the payment system to reject an order based on specific details such as their name, address, credit card details, or IP address as we covered above. 

Man on apartment balcony holding hand in front of face to say stop

Of course, these difficult customers may create new identities and try again. But these payment barriers will at least slow them down and make it harder for them. 

Regularly review e-Commerce payments

Managing e-Commerce payments is a key ongoing part of your D2C store operations. It needs to run reliably smoothly. 

That means you should include it as part of your ongoing D2C dashboard reporting. You should regularly track relevant factors such as the levels of returns, complaints and fraud as per this example. 

You should set up regular reviews with your finance, customer service and IT teams who use the system. These should evaluate your provider against competitors to make sure you’re getting the best mix of fees and service levels.

Example of an e-Commerce dashboard showing results on campaigns, operations, platforms and sales

You can switch providers if you find a better option. You generally have to give the current provider notice and involve your IT team to help make the switch.  

Conclusion - e-Commerce payments

Payments aren’t the most glamorous side of e-Commerce but they’re fundamental to online selling. You need to get paid for what you offer. 

Third-party sites like marketplaces, print on demand and online retailers can handle payments for you. But it means you let them control the transaction with the shopper. 

You have more control over payments when you sell D2C, but there’s also more involved. You pay for that control by having to manage extra complexity.

Wallet with credit cards

For example, you need to connect a PCI-compliant payment gateway to your site to securely manage transactions. When looking at providers, you want the right mix of good value on costs and fees and high levels of service.

You normally embed the payment gateway into your website to make the check-out experience seamless for the customer. Once it starts running, you adjust the back-end rule settings to help protect yourself against fraudulent transactions. 

Doing all these steps ensures your e-Commerce payments go through with the minimum of fuss for both you and the shopper.  

Check out our order to delivery guide and improving the D2C experience article for more on e-Commerce payments. Or drop us a line if you need advice on managing e-Commerce payments on your own store. 

Photo Credits

Brown Wallet : Photo by on Unsplash

Credit Card / Laptop : Photo by on Unsplash

Attention sign : Photo by Markus Spiske on Unsplash

Person typing on a Macbook : Photo by Thomas Lefebvre on Unsplash

Money on fire : Photo by Jp Valery on Unsplash

Customer service headset near laptop : Photo by Petr Macháček on Unsplash

Woman taking payment in a Coffee Shop : Photo by Patrick Tomasso on Unsplash

Hand / Stop : Photo by Nadine Shaabana on Unsplash

Calendar (adapted) : Photo by Brooke Lark on Unsplash

Share this content

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest blog posts

Subscribe to get Three-Brains updates