E-Payment Processing 101

by
S. HAQuE

1
E-Payment Processing 101

The key requirement of an E-commerce website is the ability to process online payments quickly and
securely. An automated credit (or debit) card processing system, well-integrated with the online product
catalogue and shopping cart, is an efficient and standard element for the success of any online business
venture.

A ‘Merchant account’ is a special account used to receive the proceeds of credit card transactions, usually
provided by a bank or other financial institute. They are required to process credit card transactions, at
both online and over-the-counter payment terminals. One of the measures, taken by the financial institution
which issued credit cards, is that the proceeds of credit card transactions are only transferred into a
merchant account. In other words, in order to process credit card transactions, a business must have a
merchant account.

When selecting a merchant account provider, it is advisable to shop around and compare the different rates
and facilities offered by each. In addition, other elements of the service must also be considered. For
example, the availability of the chargeback flexibility, or the possibility of increase in monthly limit etc.
Ideally, a merchant account provider should consider the business turnover rate and offer flexible rates and
charges according to the size of the business enterprise.

The Manual Method of Payment Processing:

Credit card payment processing requires two elements: the merchant account and the payment gateway.
Whereas opening a merchant account is a necessary requirement, the step requiring registration with the
payment gateway can be omitted. This is recommended if:

- the business does not intend to actively involve credit card processing;

- the business anticipates small to medium volume of transactions involving credit cards.

The method of credit card processing, without gateway registration, is known as the ‘manual method’. This
method is quite easy as well as usable, not only when taking order over the internet but also, by vendors
operating in a ‘real’ (bricks and mortar type) business.

The manual method requires the credit card information to be taken from the customer and (later) manually
charged using a credit card payment terminal. The disadvantage of using this method lies in increased
chances of error and decreased credit card/number security. Since the credit information is taken from the
customer, care must be taken to keep this information secure to prevent it from falling into the hands of
malicious data pirates. The manual charging process must also be carefully regulated, to reduce the
chances of incorrect amounts being charged due to human error.

However, a greater disadvantage, of using the manual method of credit card processing, is the time lag
which occurs in the authentication of information. Since payment gateway allows almost instantaneous
authentication of customer information, its absence creates a delay. Consequently, if for some reason the
transaction is declined, the merchant is informed much later, resulting in the delaying of the transaction and
the subsequent business processes.

The Online/Automated Payment Processing Method:

2
The ‘online’ or ‘automated’ method of payment processing requires registration with the payment gateway,
with the subsequent increase in setup costs. Set up of an online payment processing system is also somewhat
complex, since the payment gateway chosen must be compatible with the shopping cart on the E-commerce
website. There are many online vendors offering their services to facilitate automated online credit card
processing. Broadly however, these can be divided into two categories. Vendors that fall in the first
category, only provide a payment gateway. This means, a business must open a merchant account under its
own name through some financial institute, usually a bank.

Vendors that fall in the second category, provide the customer business with a payment gateway as well as a
third party merchant account. This means that the business uses a third party (usually the vendor’s own)
merchant account, to receive the proceeds of the credit card transactions. This allows business owners to
bypass the process of opening a merchant account, which can be a cumbersome process.

Defining Payment Gateway:

A payment gateway acts as a secure online intermediary between an E-commerce website and the credit
card and electronic check payment processing networks. When a customer enters his credit card details at
an E-commerce website, it is the payment gateway that validates the credit card details with the customers'
credit card issuer. The payment gateway also instructs the credit card issuer to debit the amount charged.
Whether the transaction is successful or not, the payment gateway informs the customer at your website of
the transaction outcome. The whole process is automated and is completed within seconds.

One of the key features of a payment gateway is additional security features it provides. When choosing a
payment gateway, it must be made sure that it offers satisfactory fraud protection features, such as the
Address Verification System (AVS). There may be separate fees for fraud protection features.

Choosing the Right Online Payment Processing Service:

When choosing an online payment processing service, the decision can be based on any number of
observations, such as the intended scope of the business, cost, market penetration, available security
features, customization options, scalability options, technological support, etc. More practical aspects to
consider include:

- Customizable business domain name; - Detailed web analytics;

- Business web hosting service; - Support facility;

- Website designing service; - Periodic security audits;

- Customizable shopping cart and - Security and risk tools to prevent

checkout pages; fraudulent transactions;

- Comprehensive online inventory - Restricted access (i.e. access only from

support; allowed IP addresses);

- Ability to integrate with existing - Automated shopping cart and order

inventory management, accounting, processing;
and ordering systems;
- Merchant account facility, etc.
- Real-time merchandising tools;

3
Obviously, not all the services provide all the features and not all businesses require all the above features;
the decision must be based on the business’ requirements of individual E-commerce venture.

Security Concerns in Online Payment Processing:

Taking credit card payments over the internet can be risky. In order to provide customers with secure and
dependable service, a business must take measures to facilitate safe and secure credit card transactions
over the internet. For example, a very straightforward yet essential method of securing an E-commerce
website is through SSL certification.

The unencrypted information transferred over the internet is neither secure nor private. Any person with
the requisite technical knowhow can ‘listen’ to the transmission between the customers’ computer and the
internet. Especially in the case of credit card transactions, the information can be easily intercepted and put
to unauthorized use. To protect from credit card fraud and theft, the information transfer between an E-
commerce website and its customers must be encrypted. The technology used to encrypt such information is
known as Secure Sockets Layer (SSL) protocol. To implement SSL technology on a website, a business must
purchase and install SSL certificate on its website. SSL certificate not only encrypts the information but
also identifies the business as a legitimate internet business. SSL certificate can be purchased from several
online vendors specializing in data security and encryption.

Another security measure that may be implemented is the use of security features offered by a payment
gateway vendor. When choosing a payment gateway, it is essential to make sure that adequate fraud
protection features are provided. A very effective fraud protection feature is the Address Verification
System (AVS), which authenticates the customer and the credit card details by verifying cardholder's
address with the financial institution that issued the credit card. Usually, vendors charge separate fees for
fraud protection features.