How to Securely Accept Credit Card Payments Online: a Check List

If you are an entrepreneur who wants to start selling products and/or services online but isn’t quite sure how to begin and what to do, or, maybe, you have your doubts about the security of online business and seek to protect your income — this article is for you.
You have every reason to worry, as e-commerce is riskier than offline retail and services. However, modern technology and legislation come up with more and more instruments and regulations to keep your customers and business safe.

In this blog post, we will walk you through the stages you need to complete to start accepting credit card payments online. We will also point out the main safety precautions and tools you and your bank should use to protect the financial data of your customers and company and to reduce the number of fraudulent transactions.

Get your website ready

Creating a site is a first step to sell products and services online, you can’t open a merchant account without it. Even if you already have one, make sure it complies with the most common requirements of acquiring banks.   
In other words, your website must contain:

  • Terms and conditions, including a governing law clause;
  • Privacy, shipping and refund policies. Also, you can find out more about the difference between a refund and a chargeback in Genome’s previous blog post about chargeback.
  • Valid Visa and Mastercard logos. This part is essential, as the logos will ensure customers that your website is credible and secure. You can find logos at Mastercard and Visa’s official sites along with a detailed guideline on size, color, and placement of these. As a general rule, logos are usually placed on a website’s footer or a checkout page.
  • A full name of your company and its address is also should be listed on the web page’s footer;
  • A license validator. If you’re starting an online casino or a gambling site, you first need to get a license from your government or abroad. Most banks won’t work with you without a license and you may get yourself in trouble with the law.
  • An SSL certificate, which is another important part of your site’s security. The certificate will protect your customers’ data from hackers, as it encrypts the information exchange between a website and its visitors. You can choose and buy a specific type of SSL certificate online.
  • Full products/services description. Make sure that the prices and currencies are displayed clearly.

Here is a useful tip: before getting a website, choose a couple of banks or third-party service providers where you’d consider opening a merchant account and find out more about their requirements and payment methods. 

3D-secure protocol and PSD2 compliance

Getting a 3D-secure protocol for your website is vital as this technology enables a double authentication of a customer. For instance, if a cardholder buys something on your website, they first need to enter basic credit card details. Then the second step follows – the customer either needs to fill in their permanent password for a 3D-secure service or a one-time password (OTP) they get on the phone. This part of authorization happens away from the webpage – the cardholder is redirected to a separate card scheme domain.
It means that online payments become more secure for a merchant, and the number of fraudulent transactions declines as defrauders can’t get their hands on OTPs if they don’t have access to a customer’s phone. Moreover, there is a process called fraud liability shift, which occurs when a cardholder, who bought a product using a 3D-secure service, disputes the transaction as a fraudulent one. In this case the liability for the chargeback shifts from a merchant to a card-issuing bank.
A 3D-secure protocol is a must for the website if you sell products and services within the European Union. Since September 2019, the EU started the implementation of the Revised Payment Services Directive (PSD2), which provides greater possibilities for the protection of people’s financial data and making online payments more transparent. Thanks to the regulation, third-party providers are now able to access consumers’ banking data and initiate payment services.

One of the main parts of the PSD2 is Strong Customer Authentication​ (SCA), which requires all online card transactions to have multi-factor authentication. To put it simply, a cardholder has to provide information on two out of three authentication types to buy something online. These authentication types are:
Something a person knows
– a PIN, a password, a security question, etc.;
Something a person owns – a phone or a mobile set to get a one-time password;
Something a person is – a fingerprint, an iris recognition;

To meet the authentication and technical requirements, the 3D-secure protocol was updated to 3DS2 and is compliant with the PSD2. The deadline for implementing SCA is December 31, 2020.

The security of your acquiring bank/third-party service provider

Now, when all about the site is said and done, it’s time to open a merchant account for your company. But before that, you should check all the information about an acquiring bank or a third-party service provider that you want to work with, to verify that money transactions will be secure.
For this purpose, the bank should have its own payment processing center and a payment gateway, as well as comply with a number of regulations, such as the aforementioned PSD2 and 3DS2. The bank should also adhere to the Payment Card Industry Data Security Standard (PCI DSS) – a set of policies and procedures geared at making card transactions secure and protecting cardholder’s data. The PCI DSS was established by Visa, MasterCard, Discover, and American Express.
General Data Protection Regulation (GDPR) is another policy the bank should comply with. Being set out by the European Union, the GDPR focuses on the protection of EU’s citizens’ personal information and includes rules on how to collect and process this data.

Opening a merchant account

Finally, you get to open a merchant account. We’ve pretty much covered everything you ever wanted to know about a merchant account in our previous blog post, but let’s focus on what needs to be done to open one:
Choose what is more beneficial for your business – a merchant account in your country’s bank, or an international merchant account. The first will do if your company will only operate locally, but you’d better open the second one if you are planning on branching out in the future or operating in multiple countries. Find out more about getting an international merchant account in this article.
As was mentioned earlier, make sure your webpage meets all the requirements of a bank, and that the bank supports all the payment methods you’ve chosen.
You’ll need to fill in the bank’s application form to open an account, as well as provide all the documents required for this process. Make sure you’ve got all the documents before applying. Once your application is confirmed, you can open an account and start accepting payments online.

As you can see, there are many things that should be taken into consideration before you can start accepting online payments. This whole process may seem tedious, but if you find a secure, reliable and easy-to-use payment service provider you’ll be able to complete most of these steps without complications and stress. If you like this prospect, Genome is what you need.

Genome is an all-in-one payment ecosystem where you can open an international merchant account completely online in just 3 days by completing 4 simple steps. If your site has some minor issues, we’ll guide you through to make the website compliant.
Genome enables you to receive and send funds globally in 180 currencies and exchange them without fees.
As for security, Genome protects your customers’ financial data with two-factor authentication, digital signatures, an TLS/SSL encryption and Mastercard Identity Check 3D Secure authentication. Genome also uses Covery anti-fraud platform and is fully PCI DSS, GDPR, and PSD2 compliant.