online credit card processing

The Importance of Online Credit Card Processing

Traditionally, most new businesses had been storefronts that focused on providing products or services for local demand, limiting a merchant customer base of the immediate town and surrounding areas. Short of opening new locations, merchants were generally constrained to servicing their local markets as customers outside of their area might not be cost effective or even possible to service.

With the advances in technology and the Internet, merchants have been able to remove many barriers to business and can now tap into larger markets and expand their businesses without the need to open new locations. Along the growth of the Internet, the ability of merchants to sell products and accept online payments has vastly changed the landscape of commerce, allowing businesses to be open 24 hours a day and sell to anyone with a credit card or debit card.

How an Online Credit Card Transaction Works

Online transactions, also known as card not present, follow nearly the same process as a brick and mortar credit card transaction, requiring an additional security measure of a payment gateway to prevent any potential fraud when sending card account information to the payment processor. During an e commerce transaction, there are 6 different organizations involved to process a card:

  • Payment Gateway: The payment gateway is an online application that allows merchants to securely link their ecommerce website to the payment processing company. A payment gateway accepts cardholder account information from the customer's web browser and encrypts the information for transfer to the payment processor or merchant acquiring bank.
  • Merchant Services Provider: This is the company that works directly with the merchants to provide resources, support and general customer service. Merchant services companies usually provide their services with the back-end support of a payment processor or merchant acquiring bank.
  • Payment Processor: The payment processing company handles the encryption and sending of card account information to the card associations during authorization requests, adjustments, and refunds. The card association returns to the payment processors the responses of the customer’s card issuing bank to the authorizations and settlements.
  • Merchant Acquiring Bank: The acquiring bank provides businesses with the financial network of a merchant account, handling the underwriting of the merchant account and maintaining the relationship with the card association to process credit card and debit card transactions.
  • Card Issuing Bank: The card issuer is the financial institution that has accepted and maintains the payment card accounts on behalf of the consumer. When a merchant requests a payment authorization, the card issuing bank is contacted and provides a response to the card association.
  • Card Association: The card association owns and maintains the network that provides the fast and secure transfer of information between merchants and card issuing banks, comprising of Visa and MasterCard. American Express and Discover operate their own networks, acting as the Card Issuing Bank, Merchant Acquiring Bank and Payment Processor.

Once a merchant integrates a payment gateway into their shopping cart they are able to securely process and provide responses to payment card transactions through their merchant account. When a customer submits card account information through their web browser into a merchant's shopping cart, the payment gateway will decipher the XML files from the web browser and encrypts it using a SSL (secure socket layer) for transmission to the payment processor.

At the payment processor, the card account information is unpackaged from the web browser's XML format and sent to the merchant acquiring bank to be entered into the payment card network. Once the file arrives at the merchant acquiring bank, the card account information is deciphered and rewritten into a standard financial interchange message, usually ISO 8583, before being sent to the card association through another SSL connection.

Upon arrival at the card association, the card issuing bank is determined and the customer's account information is sent to the card issuing bank along with the payment authorization information. The card issuing bank will receive payment requests, determine through a number of credit and security checks if the payment can be authorized and send the response back through the card association informing both the merchant and customer to their decision.

Unlike a swiped transaction online credit card processing transactions have significantly higher risk and while most merchants with a storefront have upgraded to use of an EMV chip reader to combat fraud, this has had no effect with online merchants. Ecommerce merchants must rely heavily on address verification and other security protocols to prevent fraud through their online stores. It is vital for online merchants to understand this problem and proactively work to prevent it by taking additional security measures or otherwise face significant losses that will not be covered by payment processors, banks or the card association.

What is PCI DSS Compliance?

The Payment Card Industry Data Security Standard provides a set of guidelines that businesses must follow in order to securely accept, store and transfer payment card account information to reduce the risk of fraud.

Starting in 2006, the card association of Visa, MasterCard, American Express, Discover and JCB agreed to follow the guidelines set forth by the PCI to improve the security of the payment card networks and enforce that merchants follow these guidelines or risk fines for noncompliance.

There are 4 levels of PCI Compliance; Level 1 for merchants doing in excess of 6 million transactions a year, Level 2 for merchants doing between 1 to 6 million transactions a year, Level 3 for merchant doing 20,000 to 1 million transactions a year and Level 4 for merchants doing less than 20,000 transactions a year.

Merchants and Businesses will have to undergo yearly compliance testing to make sure that the methods they use to obtain credit card account information is compliant and secure. Ecommerce merchants are required to have a SSL enabled website along with a PCI Compliant payment gateway to ensure that there are no vulnerable areas in the web store.

How to choose an Online Credit Card Processing company

Working with a payment processor that offers a payment gateway that is compatible and can be customized with a merchant’s website and needs is an important part of establishing merchant services. Many merchants will build their website, install their shopping cart and then begin their search for a merchant services provider, requiring them to find a service that can function with their current website settings. Partnering with the Allied Payment Gateway insures that the process of finding a merchant services provider is fast and affordable. Our payment gateway is compatible with over 99% of the major shopping carts available and provides features and reliability that the other payment gateways can’t, giving merchants all the keys needed to run a successful business.

For more information about how to accept credit cards online or to start your online credit card processing services, please contact one of our payment professionals with any questions or to get started accepting credit cards online today.