Genome Blog / articles / How to Securely Accept Credit Card Payments Online: a Check List
Apr. 10, 2020
If you are an entrepreneur who wants to start selling products and/or services online but isn’t quite sure how to begin and what to do, or, maybe, you have your doubts about the security of online business and seek to protect your income — this article is for you.
You have every reason to worry, as e-commerce is riskier than offline retail and services. However, modern technology and legislation come up with more and more instruments and regulations to keep your customers and business safe.In this blog post, we will walk you through the stages you need to complete to start accepting credit card payments online. We will also point out the main safety precautions and tools you and your bank should use to protect the financial data of your customers and company and to reduce the number of fraudulent transactions.
What is needed to accept credit card payments online?
A merchant account and payment gateway are the must-haves for taking credit card transactions online. In the following paragraphs, we will cover all the details about opening a merchant account for your business.
With Genome, you can open a merchant account and receive transactions for your goods/services just within a few days. If you want to learn more about how payment gateways work and why you need them to support your online payment methods, check our blog post on this topic.
Choose a merchant service provider
Here is a useful tip: choose a couple of banks or third-party service providers where you’d consider opening a merchant account and find out more about their requirements and payment methods. In such a way, you can compare and contrast the offers to choose the service that will be the best one both for you and your clients.
For example, you need to think of your payment options. They can be of several types:
- Online credit card payment
- In-person credit card payments (if you have a physical store)
- Mobile credit card payments (these are the transactions that work only with your mobile device. A great example is using Apple/Google Pay in stores (they are also known as mobile wallets)).
For your convenience, you can choose to create a merchant account with the same bank where you have your business account. However, these accounts can also exist with different financial providers.
Get your website ready
Creating a site is the first step to sell products and services online, you can’t open a merchant account without it. Even if you already have one, make sure it complies with the most common requirements of acquiring banks.
In other words, your website must contain:
- Terms and conditions, including a governing law clause;
- Privacy, shipping, and refund policies. Also, you can find out more about the difference between a refund and a chargeback in Genome’s previous blog post about chargebacks.
- Valid Visa and Mastercard logos. This part is essential, as the logos will ensure customers that your website is credible and secure. You can find logos at Mastercard and Visa’s official sites along with a detailed guideline on size, color, and placement of these. As a general rule, logos are usually placed on a website’s footer or a checkout page.
- A full name of your company and its address should also be listed on the web page’s footer;
- A license validator. If you’re starting an online casino or a gambling site, you first need to get a license from your government or abroad. Most banks won’t work with you without a license and you may get yourself in trouble with the law.
- An SSL certificate, which is another important part of your site’s security. The certificate will protect your customers’ data from hackers, as it encrypts the information exchange between a website and its visitors. You can choose and buy a specific type of SSL certificate online.
- Full products/services description. Make sure that the prices and currencies are displayed clearly.
3D-secure protocol and PSD2 compliance
Getting a 3D-secure protocol for your website is vital as this technology enables a double authentication of a customer. For instance, if a cardholder buys something on your website, they first need to enter basic credit card details. Then the second step follows – the customer either needs to fill in their permanent password for a 3D-secure service or a one-time password (OTP) they get on the phone. This part of authorization happens away from the webpage – the cardholder is redirected to a separate card scheme domain.
It means that online payments become more secure for a merchant, and the number of fraudulent transactions declines as defrauders can’t get their hands on OTPs if they don’t have access to a customer’s phone. Moreover, there is a process called fraud liability shift, which occurs when a cardholder, who bought a product using a 3D-secure service, disputes the transaction as a fraudulent one. In this case the liability for the chargeback shifts from a merchant to a card-issuing bank.
A 3D-secure protocol is a must for the website if you sell products and services within the European Union. Since September 2019, the EU started the implementation of the Revised Payment Services Directive (PSD2), which provides greater possibilities for the protection of people’s financial data and making online payments more transparent. Thanks to the regulation, third-party providers are now able to access consumers’ banking data and initiate payment services.
One of the main parts of the PSD2 is Strong Customer Authentication (SCA), which requires all online card transactions to have multi-factor authentication. To put it simply, a cardholder has to provide information on two out of three authentication types to buy something online. These authentication types are:
Something a person knows – a PIN, a password, a security question, etc.;
Something a person owns – a phone or a mobile set to get a one-time password;
Something a person is – a fingerprint, an iris recognition;
To meet the authentication and technical requirements, the 3D-secure protocol was updated to 3DS2 and is compliant with the PSD2. The deadline for implementing SCA is December 31, 2020.
The security of your acquiring bank/third-party service provider
Now, when all about the site is said and done, it’s time to open a merchant account for your company. But before that, you should check all the information about an acquiring bank or a third-party service provider that you want to work with, to verify that money transactions will be secure.
For this purpose, the bank should have its own payment processing center and a payment gateway, as well as comply with a number of regulations, such as the aforementioned PSD2 and 3DS2. The bank should also adhere to the Payment Card Industry Data Security Standard (PCI DSS) – a set of policies and procedures geared at making card transactions secure and protecting cardholder’s data. The PCI DSS was established by Visa, MasterCard, Discover, and American Express.
General Data Protection Regulation (GDPR) is another policy the bank should comply with. Being set out by the European Union, the GDPR focuses on the protection of EU citizens’ personal information and includes rules on how to collect and process this data.
Opening a merchant account
Finally, you get to open a merchant account. We’ve pretty much covered everything you ever wanted to know about a merchant account in our previous blog post, but let’s focus on what needs to be done to open one:
Choose what is more beneficial for your business – a merchant account in your country’s bank, or an international merchant account. The first will do if your company will only operate locally, but you’d better open the second one if you are planning on branching out in the future or operating in multiple countries. Find out more about getting an international merchant account in this article.
As was mentioned earlier, make sure your webpage meets all the requirements of a bank, and that the bank supports all the payment methods you’ve chosen.
You’ll need to fill in the bank’s application form to open an account, as well as provide all the documents required for this process. Make sure you’ve got all the documents before applying. Once your application is confirmed, you can open an account and start accepting payments online.
As you can see, many things should be taken into consideration before you can start accepting online payments. This whole process may seem tedious, but if you find a secure, reliable, and easy-to-use payment service provider you’ll be able to complete most of these steps without complications and stress. If you like this prospect, Genome is what you need.
Genome is an all-in-one payment ecosystem where you can open an international merchant account completely online in just 3 days by finishing 4 simple steps. If your site has some minor issues, we’ll guide you through them to make the website compliant.
Genome enables you to receive and send funds globally using SWIFT, SEPA, and internal transfers.
As for security, Genome protects your customers’ financial data with two-factor authentication, digital signatures, TLS/SSL encryption, and Mastercard Identity Check 3D Secure authentication. Genome also uses Covery anti-fraud platform and is fully PCI DSS, GDPR, and PSD2 compliant.
Now, let’s get straight to business and see how you can accept different payments online.
How to take credit card payments online
For accepting card transactions online, you will need a payment gateway and a merchant account. A payment gateway is a service that processes the credit card payments for you and charges a fee for this.
How to accept mobile credit card payments
With this type of transaction, you’d need a special device called a mobile credit card reader. It’s a little portable gadget that connects to your smartphone to take card transactions. Additionally, the reader pairs up with a credit card mobile application and will only do its job with the Internet connection.
What are credit card transaction fees?
You will be charged every time you accept card payment. The overall fee consists of two components called the transaction fee and the processing rate. The transaction fee is a stable sum. On the contrary, the processing rate is a percentage based on the average amount of a payment a business takes.
Depending on the payment network, fees vary from 1% to 3,5%. Additionally, you are paying monthly fees for your merchant account and credit card reader (if you’re using one).
How to take payments online via direct debit
First of all, you should remember that direct debit transactions are processed longer compared to credit card payments. The funds are taken from bank accounts and not from credit cards, and, therefore, such transactions are handled as transfers. Accepting direct debits is cheaper, but they are not instant, which is often a priority for e-commerce. Secondly, taking direct debit payments will require plenty of additional work.
If you want to manage everything yourself, you’ll need a SUN (Service User Number) and special software to become a collector. SUN works like a merchant account for direct debits and can be obtained almost with every bank. Similarly to choosing a merchant service provider, you can look through the options of direct debit solution providers. Most of them have a wide range of offers including automated service, API, and even online payment specialists.
Another way to start accepting direct debit payments online is using the services of the direct debit bureau. This is an organization that handles all transactions on your behalf. They can either let you use their SUN or get access to your SUN.
For more information on how direct debit works from the side of the debtor (the one who pays), check our blog post “What is a direct debit?“.
How can I accept credit card payments for my small business?
There are few different ways to take online payments. To start with, you should decide what types of transactions are most often used by your clients/target customers. After choosing your merchant service provider, you’d need to create a website for your business, as this is a common requirement. Once your merchant account is ready, you can accept online credit card payments.
If you want to take in-person credit card payments (if you have a physical store) – you’d need to set up a POS (point of sale). This includes a card reader, computer, etc. – you can choose the hardware and software that works best for your business.
For mobile credit card payments (the ones that are done with the help of mobile wallets such as Apple/Google Pay), you’ll also need a portable card reader. It connects to your mobile device and works whenever the Internet connection is available.
What is the easiest way to accept credit card payments?
To take payments online, you’d need to establish a merchant account. This is the easiest way to receive payments. However, the range of transactions you can accept will depend on your business and clients. For example, you can only support online credit card payments but do not process direct debit transactions or mobile card payments.
If you want to accept credit cards online as soon as possible, you can look for a payment service provider that offers both merchant and payment gateway solutions (they are all needed to accept transactions). Many banks and financial providers can open a merchant account for you in a few days. It’s best to open a merchant account with the same bank where you have your business account.
How can I accept credit card payments for free?
Unfortunately, there’s no way to take credit card payments without any fees or charges. Number one on your list of spending here will be the monthly fee for the merchant account. Moreover, you will be also charged for every card payment you take. The fees here depend on your payment network and the average sum of transactions your business receives.
Accepting payments via direct debit is cheaper than taking online credit card payments. However, the first type of transactions is processed as long as transfers, while card payments are much faster. If your business does not require quick credit card processing, an option with direct debits can be the one for you.
How can I accept credit card payments on my phone?
For your mobile phone, you’d need to get a mobile card reader. This is a portable device that connects both to your phone and mobile application for a credit card. Remember that you will need a stable Internet connection to take mobile credit card transactions.
Using a mobile phone for taking card payments is a very convenient and relatively cheap option because you do not need to purchase additional hardware apart from the card reader. What is more, a setup from a mobile phone and card reader takes much less space comparing to conventional POS.