Latest Articles

  • 1
  • 2
  • 3
Backup: If accountants and lawyers aren’t getting it right, how well are you doing?

Backup: If accountants and lawyers aren’t getting it ri…

On the back of recent research conducted by Alto Africa, a f...

Why Two Factor Authentication is a must for any business

Why Two Factor Authentication is a must for any busines…

The repercussions of an online attack could be detrimental t...

Welcome the rise of the Chief Collaboration Officer

Welcome the rise of the Chief Collaboration Officer

Creating an open, connected business culture   Alread...

A+ A A-

3 things every online business needs to know about card payments

Rate this item
(0 votes)
3 things every online business needs to know about card payments

If you do business online, it’s much easier to make a sale if you take credit cards – but, says Peter Harvey of payment services provider PayGate, e-commerce businesses need to ensure they have the security basics right.

“If you store, transmit or process any kind of credit or debit card information, it is your job as the merchant to protect it,” he says. “If cardholder data is stolen and you are responsible, you could face fines, penalties and even lose the right to accept payment cards. The card associations are getting more and more strict about this.”


Harvey says there are three important steps e-commerce businesses can take to make sure they and their customers are protected:


1.     Hire reputable professionals for your web development

The days when you could ask your neighbour’s son or a just-qualified graphic design student to build a website on the cheap are long over, says Harvey. “Make sure your web developer has specific experience in building e-commerce sites. Ask them what shopping carts and payment gateways they prefer and why, and to explain to you in detail how the process works. If they can’t explain it to your satisfaction, you need to wonder whether they really understand it themselves – and in that case, can you accept their recommendations?”

This is an area where it’s worth investing in professionalism, adds Harvey. “If the online channel is important to your business, the checkout and payment process can make or break it. This is the last place you should be stingy with your budget.”


2.     Choose your payment service provider carefully

“Price is important, but don’t fall for false economies,” says Harvey. “The very first questions you ask should be about security – how does the gateway protect your customers’ card information? Ask for proof that they are PCI compliant, that is that they comply with the standards laid down by the global PCI Security Standards Council.”

Secondly, says Harvey, ask for information about reliability and availability: “It’s no good having a cheap payment gateway if they’re down one day out of seven and your customers get turned away at the till. Ask about their downtime, and contact some other customers to ask about their experience. Once you’re satisfied that your security and reliability needs are met, then is the right time to let price be the deciding factor – not before.”


3.     Use a payment page hosted by the gateway provider, or consider tokenisation

One very safe option is to let your gateway handle the entire payment process via a page on their own server. “This means that when a customer clicks “Pay” or “Check Out” on their shopping basket, they get taken to a secure page that’s isolated from your own website,” explains Harvey. “This means that you never store, transmit or process their card information in any form – your PCI-compliant payment gateway does it all for you.”


Some online merchants prefer to control the user experience from beginning to end, including the payment process. In this case, says Harvey, merchants should use tokenisation. “This means that instead of actual card information, you just store an encrypted token provided by the payment gateway.  Next time you need to process a transaction on that same card, you just send the token. This is a simple but highly effective way to make sure you never need to store card numbers.”

Last modified on Tuesday, 07 May 2013 15:26
Peter Harvey

Peter Harvey

Founder and Managing Director of PayGate and with more than 26 years in IT and payment processing, Peter is a master when it comes to architecting solutions to clients' exact requirements. He is a truly integral member of the PayGate team and works tirelessly to ensure their continuing culture of integrity and quality.


Latest from Peter Harvey

Related items

More in this category: « 12 steps to IT governance

Leave a comment

The SA Leader Magazine


In the June issue

Balancing of Business Requirements and Cultural Beliefs in the Workplace

Measuring your worth – productivity in the modern workplace

Turning Terrorists into Angels

Marketing needs to continually re-invent itself if it wants to retain the 'X' Factor


Technology Tags

3G bandwidth BYOD call centres cloud software cloud technology cost cutting CRM Software ERP fraud iPad LTE network mobile mobile apps mobile commerce mobile device management networking online transactions outsourcing SaaS security smartphones SME social media tablets telecoms virtualisation VOIP WiFi
Copyright © 2014 gdmc (Geoffrey Dean Marketing Corporation cc). All rights reserved. Material may not be published or reproduced in any form without prior written permission. Use of this site constitutes acceptance of our Terms & Conditions and Privacy Policy. External links are provided for reference purposes. is not responsible for the content of external Internet sites.

Login or Subscribe