online credit card processing

The Importance of Online Credit Card Processing

Traditionally, most new businesses had been storefronts that focucsed on providing products or services for local demand.  A merchant’s potential market was limited to the town and surrounding areas for their customer base.  Depending on the industry, anything outside of that area might not be cost effective or even possible to service. Short of opening new locations, merchants were constrained to servicing their local markets.

With technology, merchants have been able to remove many barriers to business and can now tap into larger markets and expand their businesses.  With the growth of the internet, the ability to sell products and accept online payments has vastly changed the landscape of commerce.  A merchant with a storefront can now be open 24 hours a day and sell to anyone with a credit card or debit card.  The options are infinite for merchants to grow sales and expand without significant infrastructure costs.

How an Online Credit Card Transaction Works

An ecommerce based credit card payment is identical to a retail store credit card processing transaction, except for the additional use of a payment gateway.  Online transactions, also known as card not present, do require additional security to prevent fraud.  During an ecommerce transaction, there are 5 different organizations that are used to securely process a card:

  • Payment Gateway:  The payment gateway is a website application that allows merchants to securely link their ecommerce website to the payment processing company.  A payment gateway accepts cardholder account information from the merchant website into a secure environment.  From this point, information is encoded through a tokenization process then transmitted through the payment processor to the card associations.
  • Merchant Services Provider:  The merchant services company works directly with merchants to provide resources and support.  Merchant services companies usually provide their services with backend support of a payment processor.
  • Payment Processor:  The payment processing company handles the sending of information to and from the card associations.  A payment processor would transmit requests from the merchants for authorizations, adjustments, and refunds.  Card associations would respond to requests with the information provided by the customer’s card issuing bank.
  • Card Issuing Bank:  The card issuer is the financial institution that receives a consumer's credit application and manages payment card accounts.  When a merchant requests a payment authorization, the card issuing bank is contacted and provides credit at the time of purchase.  These financial institutions have agreements with Visa, Mastercard or American Express to access their networks for payment services.
  • Card Association:  The card association is the group of payment card brands including Visa, Mastercard, American Express and Discover.  These companies own and maintain the networks that provide the fast and secure transfer of information between merchants and card issuing banks.

Once a merchant installs a payment gateway into their ecommerce website, they can securely process payment card transactions.  A customer would enter their card account information into the merchant’s shopping cart and finalize the sale.  Card account information is transmitted from the customer’s browser through an SSL (secure socket layer) connection to the merchant's webserver.  Account information is encoded in the SSL through a tokenization process to prevent the possibility of fraud if there are any breaches to the website security.

At the payment processor, the tokenization code is translated and transmitted to the card associations.  The card association with accept the consumer account information, determine the card issuing bank and forward the request to the appropriate financial institution.  Account requests are approved or declined by the card issuing bank and response codes are sent back through the chain to the merchant to inform them of either a successful or unsuccessful transaction.

Unlike a swiped transaction, online credit card processing transactions have significantly higher instances of fraud.  Most merchants with a storefront have upgraded to use of an EMV chip in their credit card machines to help combat fraud from their stores.  Ecommerce merchants have to rely on address verification and other security protocols to prevent fraud through their stores.  It is vital for online merchants to understand this problem and proactively work to prevent it.  Without taking additional measures, merchants face significant losses that will not be covered by payment processors, banks or the card associations.

How does an Online Payment Gateway Work

The payment gateway accepts and manages the payment card information provided by a customer during an ecommerce transaction.  The payment gateway is a secure web application that merchants install on their website to securely send payment card information to their payment processor for authentication.

At the point of purchase, the customer’s payment card information is encrypted and sent to the merchant’s web server.  Encryption is handled at the customer’s web browser using a Secure Socket Layer (SSL).  The security standards set forth for payment gateway security is called the the Payment Card Industry Data Security Standard (PCI-DSS or PCI).

Payment account information is transferred from the customer’s website to the payment processor using a HTTPS protocol.  This security setting allows for encryption of data, along with other features such as currency exchanges.  Once card account information is received at the payment processor and decoded, the request is sent from the processor for card issuing bank authorization.  The card issuing bank’s response is relayed back through the chain and sent through the payment gateway to the customer’s computer either providing a successful or failed transaction.

How to choose an Online Credit Card Processing company

Working with a payment processor that offers a gateway that is compatible and customizable with a merchant’s website is vital.  Many merchants will build their website, install their shopping cart and then search out a processor.  The Allied Payment Gateway is compatible with over 99% of the major shopping carts available and provides features and reliability that the other payment gateways can’t.  

For more information about accepting credit cards online or to start your online credit card processing services, please contact one of our helpful representatives.