On-line payment is without a doubt the most
misunderstood element of an e-commerce Web site. In
this article, I show you the big picture, then step
through the details. First, the big picture. The goal here is
to transfer money from the customer's credit card
account to your merchant account.
A merchant account is a special account you set
up with your bank for receiving credit card
payments. You may already have a merchant account that
you established when you started accepting credit
cards over the phone or at your brick-and-mortar
business. However, be aware that your current merchant
account may not allow Internet transactions. If it
does not, you will have to convert to one that does or
open a second account.
So how does the money get from the customer's credit card account to your merchant account?
Please refer to Figure 1 while I explain.
The Internet purchase process is generally
broken up into two distinct phases: authorization and
fulfillment. Steps 1, 2, and 3 in the figure represent the
authorization phase (indicated with dotted lines). Authorization verifies that the customer has the
necessary funds available at the time the sale is
made. Steps 4 and 5 represent fulfillment (indicated
with solid lines in the figure). Fulfillment says that
you have shipped the order, so the funds are now yours.
Let's take it step-by-step:
- The customer enters credit card information
and submits the order.
- The shopping cart software processes the
order and submits it to the Internet payment
processor (or payment gateway) such as CyberCash, Authorize.net, or others.
- The payment processor requests
authorization from the customer's financial institution
through the banking network. The response to this
request (accept or deny) is returned to the shopping cart. This step completes the
- The merchant uses administration tools
provided by either the shopping cart or the payment
processor to capture payments for orders that
have been shipped.
- The payment processor settles captured
payments, usually on a nightly basis. At this
point, the funds transfer from the customer'
financial institution to the merchant's financial
institution. This step completes the fulfillment phase.
Depending upon how you fill orders, there may
or may not be a time lapse between the two phases.
If you regularly process orders on a daily basis,
your payment processor may let you automatically
mark your transactions for capture at the end of each
day, which eliminates step 4.
The Devil Is In the Details
Although conceptually, the process isn't complex,
the logistics related to implementing the process are
the source of trouble. The first trouble spot can be
between your customer and your shopping cart. For
example, your customer may want to use American Express or Discover, but your merchant account
may only accept Visa and MasterCard. (Your Web
site should clearly state what cards you accept.)
The next hurdle is between your shopping cart software and your payment processor. Not all
shopping carts support all payment processors. For
example, your shopping cart may support Authorize.net, but not CyberCash.
Finally, you need to make sure that your
payment processor can communicate with your
financial institution's bank network. If it can't, then there is
no way for the payment processor to settle
payments into your merchant account.
The trick becomes selecting a merchant account provider that works with your Internet payment
processor, that in turn works with your shopping cart.
To process credit card payments over the
Internet, you must have some form of merchant account
that receives payments and pays service charges.
Many times, your Internet merchant account can be tied
directly to your business checking account.
Not all merchant accounts can be used to accept Internet payments because Internet transactions
are considered more risky than traditional
point-of-sale transactions. Financial institutions use different
fee schedules to accommodate that risk. So, talk to
your bank first and go from there.
Your payment processor, also known as a payment gateway, makes it possible for your Web site to
collect credit card information and get authorization
for a transaction without human intervention. The
payment processor takes the place of a card swipe in
a traditional point-of-sale environment.
Your shopping cart sends information about the customer's order to the payment processor and
the payment processor negotiates with the banking
networks to get an authorization (or failure) code.
Fees vary, so compare carefully.
Your payment processor should give you a
browser-based merchant interface to let you capture,
void, and refund charges.Once you log in, you can
review your current transactions and your transaction
history. Some services let you download your
transaction history so you can import it into other
You usually capture payments at the end of the business day when you know which orders
you shipped. You use the merchant interface to mark
the payments for shipped orders, and that night, the
payment processor settles the payments, which
transfers the funds from the customer's financial
institution (called the issuing financial institution) to your
financial institution (called the acquiring financial
institution). Depending on your set up, you may need
to process orders in both the shopping cart and
payment processor's merchant interface.
Security, SSL, and Digital Certificates
Web forms are no more secure than e-mail unless you take precautions. That is where SSL
(Secured Sockets Layer) comes in. To implement SSL on
a domain, you must acquire a digital certificate from
a qualified certificate authority, such as VeriSign
or Thawte. Your Web host installs the certificate on
the computer that hosts your site.
The certificate does more than just establish
your identity. It also allows you to encrypt
communications between the browser and the server.
Encrypting the communications makes it nearly impossible
(certainly impractical) to decipher the contents of
You may not need a digital certificate for your Web site if your
shopping cart host provides a common check-out facility.
In that case, the host has the certificate and they
let you "borrow" it to process secure transactions.
Although Internet commerce seems complex at first, once you have
an understanding of the processes involved, it's
much easier to implement them correctly.
Figure 1. How an online transaction is processed.