Processing Credit Card Payments on Your Website: What You REALLY Need to Know

Published November 6th, 2017 by Servistree

To get people to buy online, some website features are necessary. Not because of regulation but also to let customers feel secure enough to buy on the site and to create an environment where enough of them will want to do so.

Below are 4 things every website that accepts credit card payments NEEDS to have to put a buyers mind at ease…

Explain Who You Are

Provide your contact information on screen, and make it very obvious. People will feel a lot more confident about placing an order if they know they can find you. Don’t hide!  The more reputable you seem, the more likely someone is to purchase from you.

Provide Multiple Login Options

Making it obligatory for shoppers to set up an account with you before they can place an order is a mistake. Always give the option to check out as a guest, because otherwise a significant number of first-time shoppers on your site will move away before completing the purchase. There’s nothing to stop you offering the option to set up an account after the purchase, though many merchants find that it isn’t until the customer has bought on three or four separate occasions that they feel that it makes sense.

Also give the option to login with Facebook, Twitter or another social media account. Login is quicker this way and at the end of the day, it’s important to remember that the quicker someone is able to login, the less likely it is that you’ll lose that shopper before the purchase is made.

Make Checkout Quick and Painless

Some sites lose business because it isn’t clear to the shopper how they get from where they are to the place where they pay. Put a checkout button and a call to action at the top of each page and at the bottom. And make sure they stand out – with the color, with 3-D edges or any way you like, but make them immediately visible to the most inattentive shopper.

Focus on Security

This is a biggie…

According to the Ponemon Institute, 43% of US companies experienced a data breach in 2014. That’s an increase of 10% on the previous year. No wonder that, if you want to process credit cards on your website, there are some security standards you have to meet. These are not government regulations; they are set by the payment card industry (PCI) and the standard is known as the PCI Data Security Standard (DSS). The DSS is updated every year and compliance with the standard as it changes is mandatory; failure to comply leads to loss of the merchant account.

The standard a merchant has to meet depends on the way in which credit card payments are to be taken, and merchants find their standard through Self-Assessment Questionnaires (SAQs). There’s a full list of them here; how stringent the security rules are in any one case depends on how far the payment process is embedded in the website.

When it comes to ecommerce, there are 3 types of SAQ’s that are applicable:

  • SAQ A – With an SAQ A, your customer is redirected to a PCI-compliant, 3rd party payment processor, and there are no elements of the payment page that originate from your website.  So essentially what this means is that you rely on a 3rd party for all of your payment processing needs, including the payment form itself.
  • SAQ A-EP – With an SAQ A-EP, a consumer is redirected to a PCI-compliant, 3rd party payment processor, and there are some elements of the payment page that originate from your website.  So essentially what this means is that while you rely on a 3rd party for your payment processing needs, elements like the payment form itself are hosted on your site.
  • SAQ D – With an SAQ D, the payment form is hosted on your website and you store your customers credit card data.

SAQ A merchants must have nothing on their website that relates to payment except a link to the specialist provider who will handle payment; anything appearing on the customer’s website to do with payment MUST come from the third party. Even here, though, PCI imposes rigor on a merchant’s site and the reason is clear: even if all your website does is redirect your customer to another site to make a payment, what could happen if your site was compromised? It’s only too easy to imagine the person who corrupted your site arranging for your customer to be transferred not to, say, Shopify but to the villain’s own site where your customer’s credit card details would then be stolen.

In addition to adhering to PCI Data Security Standards, here are two additional tweaks you should make to your website to let your customers and potential customers know that you’re committed to keeping their personal information safe and secure.

  1. Make Sure You Have an SSL Certificate – The difference between a URL that begins http: and one that says https: is that the “s” at the end of https: signifies that the site has an SSL certificate to show that it complies with security technology that keeps data passing between web server and browser private. No “s” means that hackers can steal information and what online shopper is going to risk that? 
  2. Prominently Display Security Seals - A bunch of credit card logos and some security seals on a website says to shoppers, “You’re safe here.”

We know we’ve covered a lot here and it’s certainly not our intent to overwhelm you.  If this all seems a little too much to wrap your arms around, why not give us call?  At Servistree, we’re here to help ensure your website is compliant and instills confidence in your customers. Contact us today at or 866-944-3244.

‹ Back