Credit card processing: what you need to know
Many business owners need to accept payments online, but are confused by the many options and services available. Following is a glossary, and a brief summary of the issues involved:
Merchant Account. This is not a checking account, but an agreement with a Merchant Account Service Provider to process credit card payments and make deposits into your checking account. The MASP is not a bank, but their service is obtained through, and coordinated with, a brick-and-mortar bank. Online processors can't set this up for you, and neither can your web developer.
Platform. One of several electronic data transfer protocols used for financial transactions. Your MASP and Gateway have to use the same Platform.
Gateway. The online processor who provides the mechanism through which credit cards are verified and processed in real-time. There are many, including Autorize.net, iTransact, eProcessingNetwork, 2Checkout, Linkpoint, and others.
API. Most gateways (but not all), offer this Application Programming Interface, a "toolbox" with which your eCommerce programmer can connect to the gateway and verify charges "behind the scenes", without sending your customer to someone else's website. Since each gateway's API is different, but the costs of processing charges are very similar, it is often to your advantage to use a gateway with whose API your programmer is familiar.
AVS. Address Verification System, a mechanism for verifying that the cardholder knows the billing address on the account. If not, the charge is usually fradulent. People who have recently moved will sometimes be flagged by AVS, and will not be able to complete a purchase.
CVV. A 3-digit number on the back of the card that proves that the purchaser actually has the card in hand, not just the number. Currently, only Discover actually requires this data, but the others will soon.
SSL. Secure Socket Layer, a protocol by which all data transfer from the customer's computer to your webserver is encrypted with military-grade encryption. This is referred to as a "secure link", and is implemented by the programmer using a digital certificate, which is either setup on the server for the use of multiple clients, or purchased specifically by the customer. Under no circumstances should credit card numbers be submitted except over a secure link.
The good news is, you don't have to know all this. Your bank can set you up with a Merchant Account and the Service Provider, and will often provide the necessary configuration data to your selected gateway. Your web development team can do most of the rest. You, then, have to select which of the following levels of service you want to use, based on your business needs, and budget. These are listed in increasing order of sophistication. In general, they are also listed in ease of use for the customer and positive image for your company. The options requiring programming may cost more to setup, but will also usually cost less per transaction.
- Paypal (standard). Use a link, send the customer to Paypal. If they don't get too aggravated, they may pay you for something, but there is no good way to track payments, provide instant downloads, capture their name or email, etc.
- Paypal (with an API). Similar to below, but requires the customer to do more. Basically free
- Gateway (without an API). Customer fills out a form, is sent to another website to enter credit card data, and perhaps sent back to you. Very clumsy and unprofessional looking, and requires multiple steps to capture their information.
- Gateway (with an API). Customer fills out a form, the charge is verified in the background (also AVS, if used), data can be saved to a database, emails sent, and a confirmation screen displayed. The best choice.