If you’re going to be charging money for a product or service, you’ll probably want to give your customers the opportunity to use credit cards on your site. While the basic PayPal only route is always available, it’s not the most professional-looking approach sending customers to another url in order to complete a transaction. My friends, what you need is to start processing online payments the big boy way and get yourself ready to learn about payment gateways, merchant accounts, and safety.
A payment gateway is the application you’ll use to run your transactions through. Think of it as the machine used in stores to swipe a physical credit card. Gateways also provide other great services like allowing you to monitor transactions, authorize refunds, run reports, etc. For Wufoo, we went with Authorize.net because their API was extremely easy to understand, very friendly, and contained an interface that was relatively easy to use. Their prices are reasonable, and so far, their customer support has been fantastic.
Two competitors with some name recognition that we didn’t go with are Verisign and PayPal. I’ve heard good things about Verisgn, but their prices seem to be a little high and their Payflow Pro service allows for only 1000 transactions before charging an additional 10c per transaction. I don’t know exactly when we’ll be running 1000 transactions a month, but chances are I really won’t want to worry about it when we do.
Now, we did try to go with PayPal’s Website Payments Pro service since Ryan had experience with PayPal’s API for Treehouse Magazine’s checkout system. Lucky for us, PayPal initially rejected our application for some unknown reason and then accepted us mysteriously after we had the Authroize.net system already up and running. I say lucky because Authorize.net’s API turned out to be a lot easier, and as I’ll explain in the next section, ended up saving us some money too.
After you decide on a gateway, you’ll need a merchant account, or someone who can actually process the credit card transactions. If it’s starting to sound tricky, don’t worry because obtaining a merchant account is easy. Authorize.net has a list of approved resellers for you to choose from. We went with United Bank Card because they had a respectable-looking web site, a solid reputation, friendly customer service reps, and competitive pricing. The application process consisted of filling out and faxing some basic business information and waiting a couple days for approval. Once approved, they provide us with an Authorize.net login and transaction code to get our store up and running.
Some vendors such as PayPal are all-in-one solutions and provide a merchant account along with a payment gateway. This might seem more attractive and less of a hassle, but tends to come at a cost. With Paypal, you’re charged between 2.2% to 2.9% plus .30c per transaction. With the merchant account/Authorize.net combo, you should be able to negotiate somewhere around 2% plus 20c per transaction. All of the merchant account providers are selling the same product, so don’t be afraid to haggle a little. In the long run, every cent counts.
If you’re going to be processing credit cards, make sure your credit card transactions are as safe as possible. To help out, here are some links to get you started on securing your transactions.
Godaddy SSL - You’re going to want SSL and Godaddy has great prices and top notch customer service to get you through it.
Authorize.net Security WhitePaper - “Maintaining tight security, including using both standard and advanced fraud detection and prevention tools, is crucial to maintaining a successful business. No merchant can afford to overlook the need for protection against fraud and other types of abuse. This document details tools and security best practices that are recommended to merchants for detecting, preventing, and managing online transaction fraud.â€
Visa Cardholder Information Security Program - When customers offer their bankcard at the point of sale, whether its over the Internet, on the phone, or through the mail, they want to be sure that their account information is safe. That’s why Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since June 2001, CISP is intended to protect Visa cardholder data-wherever it resides-ensuring that members, merchants, and service providers maintain the highest information security standard.
Cautious Advice for Accepting Online Payments - Great article by Duncan Davidson on accepting online transactions.