Putting Your Online Sales Platform Together
Mike Armour
Are you thinking of selling goods or services online? Or have you started that process, only to find yourself confused by all of the terminology, acronyms, regulations, and fees associated with credit card processing? You're not alone.
So let me walk you through the "behind-the-scenes" process of accepting online payments. My goal is to clarify how the pieces of this process fit together. That way you can make more informed decisions in creating your online platform.
Security Considerations
When you start exploring your options for online sales, you regularly see software described as "PCI compliant." PCI stands for Payment Card Industry. The industry has established a Data Security Standard (actually a series of standards) to which all credit card transactions must conform. Even though you are a small business, you answer to the same standards as a billion dollar company.
These standards serve to safeguard the security of a buyer’s personal data and credit card information. And you must certify annually that you are in compliance with the appropriate PCI standards. Failing to complete this certification can subject you to severe penalties that quickly consume any profit which you are making from online sales.
PCI standards govern every step of the sales process, from the moment a customer clicks on an item to buy it until the money for the sale is deposited to your bank account. There are three major components in this process:
- A shopping cart application to compile a list of buyer selections
- A gateway application, which captures and verifies the credit card information
- A merchant account provider, which effects the transaction, receives the money on your behalf, and transfers it to your bank account.
With the possible exception of the shopping cart, you incur expenses for each of these components. In order for you to be PCI compliant, your shopping cart, gateway, and merchant account provider must work together seamlessly, using secure protocols. It's worthwhile therefore to look at the function of these components individually.
Your Shopping Cart
A good shopping cart does more than simply collect a list of items which the buyer wants to purchase. It also determines any tax due on the purchase, computes the weight of any shipment, calculates the shipping cost, and applies any discounts. If you are selling items that are delivered electronically (such as ebooks), many shopping carts also automate the online delivery of these items once the sale is complete.
You can choose to purchase shopping cart software and install it on your website. Or you can use an online shopping cart service. If you select an online service, your "store" is actually hosted on the vendor’s website. Your main website merely provides a link to your store.
For the higher quality shopping carts, online hosting typically costs from $20 to $60 per month, dependent on how many items are in your catalog and the type of features you want. You can therefore obtain a fairly quick return on your investment by purchasing shopping cart software to run on your own site. For one of my sites I recently bought one of the most highly-rated shopping carts and paid less than $200.
Be aware, however, that shopping cart software which you purchase is not necessarily "plug-and-play." You have to do minor source-code editing in order for the cart to work properly with your site. But these tweaks are easily made by anyone with rudimentary web programming skills.
There are also some free shopping carts available for download, most notably OpenCart. In my judgment the carts that you pay for are usually more robust and have a level of technical support that the free software does not necessarily provide.
Your Gateway
Once the shopping cart computes the total price to be charged, it passes control to the gateway for the next step in the sales transaction. Gateways do not process the transaction themselves. They simply capture and validate the credit card information, then pass it through an encrypted communication link to the merchant account provider.
Because your shopping cart software manages the link between your website and the gateway, you should confirm that your shopping cart and your gateway are mutually compatible. Shopping cart and gateway websites normally provide this information, although you may have to dig to find it. Or you can contact their technical support staff for confirmation.
Most gateways do not operate on your website. That is, when the buyer has finished making selections and clicks on a button to start the purchase, the shopping cart transfers the buyer from your website to the gateway website.
There are exceptions, however, such as PayPal Payments Pro, one of several options for credit card processing at PayPal. PayPal Pro actually captures the credit card information on your website. This allows you to keep the customer on your site for the entire transaction. And it allows you to make the payment capture screen identical to the rest of your site.
The downside to onsite card processing is that you now have a much stiffer PCI compliance challenge. Because a site under your control is capturing and transmitting sensitive data, you must put additional security measures on your network and demonstrate that every element in your sales process (including your shopping cart and the hosting service for your web site) are PCI compliant.
By contrast, when you separate your gateway from your site, you place the heaviest burden for PCI compliance on the gateway service. Most small businesses prefer this approach since it is much less of a hassle and is cheaper to maintain.
The fee for gateway service, whether hosted on your computer or not, is about $10-$30 per month in most cases. Some, particularly those with a lower monthly sbuscription rate, may also charge a fee for each transaction. Subscriptions are usually paid on a monthly basis, which allows you to change gateways on short notice. You may receive a discounted fee, however, if you prepay an annual subscription.
You should also check out the options at PayPal. Their PayPal Standard program has no monthly fee and PayPal Advanced is only a $5 monthly fee. However, these options from PayPal lack some of the features found on more expensive gateways.
Your Merchant Account Provider
Once the gateway validates the credit card data, it passes this information to the merchant account provider by means of a secure communication link. Simultaneously the gateway returns the buyer to your website.
The merchant account provider then finalizes the transaction in the background, collects the money that you have coming to you, and deposits this money to your bank account. Any transaction fee charged for these services is deducted from the deposit.
To effect this series of tasks, your merchant account provider utilizes the services of the ACH, the Automated Clearing House. It’s not really a house at all. Rather, it’s the electronic system by which credit and debit card transactions (along with fund transfers between banks) are posted to the proper accounts.
Just as you must secure a relationship with a gateway service, you must also establish a relationship with a merchant account provider. These providers charge a monthly fee whether you use their service that month or not. The fee is generally about the same as a gateway fee. But PayPal, which packages both the gateway and merchant account services as a unit, charges a single fee that covers them both.
Merchant account providers usually charge setup fees, and these can be as much as $100 or more. Many of these providers now bundle their package with the services of a gateway company, so that a single setup activates both the gateway and the merchant account.
While most gateways do not charge transaction fees, merchant account providers always do. This is because they must pass the fee from the credit card company — the so-called ACH fee — back to you.
This fee is a percentage of the total transaction. The percentages are normally in the range of 2.0% to 3.00%. There is a set minimum, however, regardless of the percentage calculation. In addition, the provider often adds a flat fee (most frequently in the 15 to 50 cent range) to each transaction.
With very small transactions, the minimum ACH charge and this additional flat fee can create a considerable increase in the actual percentage that you pay for the provider's services. So if you envision a great many small sales on your site, be sure to take these add-ons into consideration when identifying a merchant account provider and when setting your own prices.
Annual PCI Certification
Whatever your configuration, you must complete annual recertification of your PCI compliance. For most startups this is primarily a matter of completing a short form. You can download forms and guidelines at the PCI Security Standards website. There are companies that will charge you a fee for helping with compliance. But there is no need to use these services unless it's required by your merchant account provider.
As you can see, credit card processing can add significantly to your cost of doing business. Just the monthly fees for a shopping cart, your gateway, and a merchant account can be upwards of $100, especially after you factor in setup fees. Be certain that you take all of these expenses into account when you are setting prices for items that you may sell on the web. Otherwise, you may cut your profit margin too thin.