Diary of a Start Up Part 3: E-Payments

• Tweet

Our third instalment of the ‘Diary of a Start Up’ series looks at one of the most important facets of running an e-commerce business – e-payments. It’s vital get a handle on this area of an online business right from the start. Many questions are asked about taking payments online. It can be confusing, and [...]

Our third instalment of the ‘Diary of a Start Up’ series looks at one of the most important facets of running an e-commerce business – e-payments. It’s vital get a handle on this area of an online business right from the start.

Many questions are asked about taking payments online. It can be confusing, and some of the questions we will answer are:

1. What type of payments will I accept?
2. If I accept credit card how will I process them?
3. Can I keep credit card information?

Let’s try to cover each briefly. Keep in mind that while this information is relevant to anybody running an e-commerce business, some of it is specific to Australia and New Zealand. You need to check with your bank and local authorities regarding country specific legal and regulatory requirements.

This article will focus on:

1. Deciding on a payment method
2. Managing fraud, charge backs and reducing disputes
3. Managing costs and security in your shopping cart and payment gateway
4. Managing card data security

What type of payment will I accept?
You can have multiple payment methods on your website. Having different methods for different areas or products can be very good. One example might be to use a COD shipment service for large and expensive items. However, you wouldn’t use COD for a music download. So pick the payment method/s that best suits your business and products. Ask your customers what they want and what works best for them. Check out what your competitors are using.

1. E-Payment

Objective:

• Decide on which payment methods you will offer on your website.

Prerequisites:

• Look into which payment options you want to offer your customers. Installment payment plans, and subscriptions open up your business to new market demographics and can lead to different buyer behaviours.

Tasks:
Decide on whether these payment options are applicable to your business and look at your process of enablement.

Tips:

• It’s recommended that you never store credit card data online. Ensure storage of card and account details for these payment options are secure and compliant to PCI DSS.
• Keep billing cycles simple (e.g. mid month, end of month) to reduce overheads on processing.
• Make sure a declined transactions handling procedure is in place.
• Make sure customers update their card details regularly especially if they are about to expire.

Traps:

• Storing card details in your client system (is it PCI DSS compliant?) can cost a lot of money.
• Not keeping card details up to date can generate a decline in transaction handling.

If I accept credit cards how will I process them?
To accept credit cards safely online, utilise a payment service provider, such as PayPal, or a payment gateway like eWAY or your bank’s system like Commweb (Commonwealth Bank). We always recommend that you use a Payment Service Provider (PSP) to accept process and store credit card data. The PSP will take the card details and process them securely via the card provider. It has a gateway into the card schemes and onto your bank. Generally the money gets to your account within one to five days, depending on the PSP and bank. Some of these companies require an online merchant account to be set up with your bank. If your company is new and doesn’t have a trading history, this can sometimes be difficult and may require you to provide a business plan, have the website fully developed before it’s approved and even provide a security deposit to your bank.

The alternatives are to use a company like PayPal or RBS WorldPay. These companies do not need an online merchant account and put the money into any bank account you nominate.

Typically, there might be setup, transaction and annual fees. Some PSPs, such as RBS Worldplay and PayPal, charge a percentage of each transaction, ranging from one to five percent. This is a good approach if the value of your product is small.

Some charge a fixed fee for each transaction, varying from 15c up to 40c, so check first. PayPal as an example is very reasonable but settlement takes up to a week. There is no setup cost and it charges around 1.5% per transaction. Every PSP and bank will take some time to get your account setup, which can be up to a month in some cases. As an example PayPal may take two weeks from registration.  The company will send a letter to the address you provide with a verification code, and will make two small deposits to your bank that must verified online. Therefore, take the setup lead time in to account when building your business plan.

2. Shopping Cart Management

Objective:

• Managing costs and security of your shopping cart and payment gateway solution (know what you are paying for).

Prerequisites:

• Establish whether the site is going to take payments online in real time.

Tasks:

• Establish what payment options the site will require i.e. Visa, MasterCard, Amex, Diners etc.

Tips:

• You will typically need a shopping cart, payment gateway and merchant account.
• Your choices may limit your available options.
• Know what you are getting with your payment solution (is it only a merchant account or gateway with merchant account).
• Payment service providers (e.g. eWay, SecurePay, PayPal Payflow Pro) will typically require you to establish a merchant account with a bank.
• Look to outsource the capture of the card details to your Payment Service provider or bank to reduce your exposure to PCI DSS.

Traps:

• When selecting your shopping cart ensure you investigate what payment gateways they integrate to, it can limit your choices and can cost a lot of money in the long term.
• Single provider of all components can result in some limitations on what you can and can’t do with your site.
• Contracts, be sure you are getting competitive rates prior to committing.
• Changes and additions: some provide charge additional for enablement of 3D Secure, hosted payment pages, Amex and Diners, while others don’t.
• Some banks charge only Merchant Service fee while others charge transaction fees with Merchant Service Fees. Do your numbers based on your transaction profile.

3. Online Merchant Account

Objective:

• Applying for an Online Merchant Account from your bank

Prerequisites:

• Ensure you want to offer card payments on your website.
• You need an SSL certificate on your website to transmit encrypted payment information.
• To apply for a merchant account you may require the following:
  • Detailed Business plan and/or existing financials.
  • Details on your fulfillment process.
  • Corporate structure.
  • Sample site design and content.

Tasks:

• Best to apply with a bank with which your business has trading history.
• Often you can get discounts if you move your bank accounts and lending with the merchant account.
• Obtain several quotes from several banks.
• If no trading history exists, ensure your business plan is specific and covers your costs, delivery timelines, and supply chain.

Tips:

• Define your refund and exchange policies.
• Define your disputes processes.
• Define your delivery time frames on your site clearly.
• Avoid selling stock that you don’t have (i.e. ensure you can dispatch within 2 days of an order being received).

Traps:

• Being uncertain about your business model can delay your application.
• Typically allow for five to seven days to obtain a merchant account.  Don’t leave it to the last minute.
• Some business models may require security deposit for the merchant account.

Can I keep credit card information?
If a PSP is used, credit card information doesn’t need to be stored. If you process manually then you do get card numbers, CVCs, names, expiry dates and so on. This data has to be kept secured and compliant with PCI requirements. We never recommend keeping that data online ,however even if card data isn’t stored, you may still need to be PCI DSS compliant. This may mean completing a PCI self assessment and running PCI scanning services for the website. There are many PCI certified scanning services and the costs. Companies like COMODO with Hacker Guardian, McAfee Secure, Outpost 24 and Buyershield.com provide security and PCI scanning services.

Our next step, with Diary of a Start Up Part 4, will be to tackle e-commerce security, another vital component to that any online business needs to understand and implement correctly.  Feel free to leave any comments or questions you may have about getting an e-commerce business started in our comment section below.