By Paul Lang, Editor, Sell It!
January 23rd, 1998

See Also   How to Deal with Disgruntled Customers   How to Get Top Search Engine Positioning   How to Beat Credit Card Fraud   How to Design an Affiliate Program   How to Accept Credit Card Payments   How to Choose a Shopping Cart

A Web merchant faces many challenges when setting up his or her first online store, but the most daunting of all is often the establishment of a process for accepting credit card payments.

First however, let me deal with the subject of whether or not the ability to accept credit cards is necessary. In my opinion it is vital for an online merchant to be able to accept credit cards if they are to succeed. There may be a few special examples where credit card payments are inappropriate, but in most online stores the majority of customers will prefer to pay by credit card.

Although there are other methods of paying online, credit cards dominate. Jupiter Communications, a New York-based electronic commerce research firm, estimated that credit card payments accounted for 88% of the $1.25 billion in on line transaction revenue in 1996. And even though they predict that smart cards, electronic cash and electronic checks will eat in to this share, they still forecast that credit cards will make up over 50% of payments into the next millennium.

So having established the importance of being able to accept credit cards, how do you go about it? There are 3 basic steps:

1. Establish a credit card merchant account
2. Capture data from customers
3. Process the data

Establish a credit card merchant account

Detailed information on how to get a merchant account is beyond the scope of the article. However I have included several links below that will assist you.

My general advice would be:

• Prepare a strong, well thought out business plan
• Shop around for the best deal
• Watch out for any hidden costs such as statement fees and voice authorisation charges
• Read and understand the terms and conditions very carefully
• Persevere! There are lots of providers out there and if you have a sound business plan you will succeed eventually

The next step is to be able to capture the customers' credit card data. Chances are that if you are using an off the shelf shopping cart or commerce server then this option can be very easily configured. However if your store is a do-it-yourself affair you'll need to create a form yourself.

Either way security is paramount. Forms for capturing credit card data should be secured via SSL. Similarly merchants should access customer data via SSL - don't cheat customers by having orders emailed to you unencrypted. And also ensure that your customers' data is held securely on the PC or server where it is stored.

An alternative credit-card processing scheme is the Secure Electronic Transaction (SET) protocol developed by Visa and MasterCard and now backed by American Express. SET uses digital certificates to ensure the identities of all parties involved in a purchase. SET also encrypts credit and purchase information before transmission on the Internet. However, despite the hype from the banks and the card issuers it is likely to be at least 2000 or 2001 before SET becomes widely established.

Process the data

The most common way for a smaller merchant to do this is offline. That is, they download customer orders (securely - see above) and then manually process them just as in a bricks-and-mortar store. There are several choices here including the use of a traditional paper voucher imprinter, an electronic terminal or software that resides on your PC.

An alternative to this is to use a real-time authorisation and processing service such as CyberCash. Although many smaller merchants choose to do without these services at first, they often find that they need them as their business grows. So make sure that both your merchant account and shopping cart software can be upgraded to include this at a later date.

Whichever method you chose it is vital to minimise your exposure to fraudulent transactions. Many new merchants fail to understand that authorisation - whether offline or real-time - only checks that a credit card number is valid, that it hasn't been reported stolen and that it has sufficient credit available on it. A further check is also carried out for cards issued within the US - Address Verification Service or AVS checks that the address the online shopper provides is the address to which the card is registered.

Further information on minimising the risk of fraud is available from the resources below.

Resources

Establishing a credit card merchant account

Visa Merchants Online
MasterCard Ecommerce
American Express Ecommerce Merchant
Obtaining a merchant card account
MerchantWorkz
Valis

Capturing customer data

How Secure Sockets Layer (SSL) works
SSL FAQ
How Secure Electronic Transactions (SET) works
Visa and SET
MasterCard and SET

Processing the order

CyberCash
InternetSecure
Verifone

Reducing fraud

AntiFraud
Credit card fraud and Internet merchants (PDF file)