So you want to start selling merchandise or information on the Internet? You have a couple of options: either going for one of those business-in-a-box service packages or sourcing technology from an IT firm. With both options, there is one fundamental technology-based business challenge that you have to surmount--how to collect payment from your Web site. The most common method of collecting payment online is by credit card. To facilitate credit card payments online, there is a need for a credit card payment gateway.
If you are a small merchant who turns over, say, less than ten transactions a day, it might be sufficient to use an off-line validation system, where credit card numbers are validated manually over the phone or fax. But you will have to accept the overhead involved in doing this and, of course, the possibility that some of these transactions are not valid as the credit card numbers turn out to be fraudulent. If you are providing information or products in real time, this may not be an option.
As the transaction volumes increase, the possibility of implementing a real time payment system becomes more economical. This system will allow a credit card number to be validated in real time, allowing for automatic filtering of fraudulent transactions on the spot, thus saving you time and money later on. The process of validating credit card payments in real time is achieved by using an online payment gateway.
The use of online payment gateways is becoming increasingly popular. Sixty per cent of all online merchants in Australia currently use e-payment solutions, including dot-com brands Travel.com.au, Wineplanet.com.au and Greengrocer.com.au. The banking sector has also been very active in utilising this technology. Your service provider might have already offered you a real-time payment solution as part of a starting package, but it is still important for you as a merchant to understand what services are available and how their distinctive features can affect how you run your business.
The most popular payment gateways in Australia are currently provided by CommSecure, CamTech, SecurePay and St.George Bank. The technologies used by these providers are very similar. The exception is St. George Bank, which leverages the Ingenico EFTPOS technology. The other providers either require reasonably simple scripting on the merchant Web site to connect to the payment gateways, or utilise a physical external server custom built as a payment gateway connector. However, the details of these different technologies should be the least of your concerns as a merchant.
So what do you need to know to select an appropriate provider? Cost, performance, scalability, batch processing capability, and reliability.
There are differences in set up cost versus running costs. A provider may charge higher up-front cost with lower running costs, while another will offer the reverse. If your site has a high turnover of transactions, and you are paying a fee for each transaction, you will soon realise it could have saved you a lot of money if you had paid a higher setup cost and a lower transaction fee. On the other hand, if your site is only turning over twenty transactions a day, then the pay-per-transaction model is much more attractive. It is worthwhile, before buying, to establish if there is a smooth transition from a transaction-based model to a lump-sum model--in case your company's trading activities boom.
Performance issues are categorised into two areas: response time per transaction and multi-line processing capability. Response time refers to the time it takes for the payment gateway to send a status message back to the merchant Web site. This status message is obtained from one of the available banking gateways. This response time can range from two seconds to 30 seconds. A multi-line processing capability is especially important when your Web site has a frequently high number of concurrent transactions. This capability often directly correlates to the scalability of the system. Does the provider allow you to increase these concurrent lines easily at a reasonable cost? With super sites where hundreds of concurrent transactions occur, this multi-line processing capability may be pushed to the limit, in which case you will need to consider the batch processing capability of the system, where transactions can be queued and validated at pre-defined intervals.
The reliability of a payment gateway often depends on how many banking gateways it connects to. The more physical banking gateways it has access to, the more confident the merchant should be about the total up-time of their online payment system.
It is often advisable to seek the guidance of a specialist Internet development firm, who have experience integrating these types of systems. But even when such advice is sought after, you should be prepared to ask the right questions that most benefit your business.
Duc Do is a Director of Commercial Interactive Media. He can be contacted on 03 9419 4900 or at duc.do@cim.com.au
The current authorisation process used by Australian banks is flawed in that the banks only check the card number and expiry date. They do NOT check the name on the card, nor the billing address of the person making the order. When a bank authorises a credit card, the authorisation is conditional. That is, if the transaction subsequently turns out to be rejected by the actual card owner, the bank takes the money back from the merchant and the merchant bears the cost. This means that many small businesses will not accept credit card transactions over the Internet because we can't actually see a real card. My own company requires that the person faxes a photocopy of both sides of the card; then and only then will I accept a credit card order.
Last August, Harvey Norman stopped taking credit card orders from its Internet site because 1/3 of all transactions turned out to be fraudulent.
Anyone can get a credit card number by running any of a dozen programs available on the Internet, as the algorithm is well known. All a person has to do is keep trying various expiry dates against a generated number until either a validation is received or the person gives up and tries another number.