Visit the glossary
E-commerce, and how it works

We talk to a lot of clients who have not yet taken the step to take credit cards over the web, either because they don't trust it, or they don't understand it. Hence, this short treatise.

How does it work?
Your customer enters their credit card info into a form. The form data is transmitted to a 3rd party credit card processor who validates the card, drafts the funds, deposits the money in your business account, and provides a receipt or other verification that the charge was completed.

Is it safe?
Using SSL-technology, the data transmission is encrypted in both directions, with 40-bit military-grade hashing algorhythms. A packet-sniffer could get the transmission, but they could not read it. It would take a Cray super-computer years to break the code. It is quite safe. This is the exact same technology used by all the major online companies.

Do I have any liability?
Not unless you store credit card numbers on the server, and a hacker got in. We never store those numbers on the server, which is why we use 3rd party processors. Let them take the risk. They have a lot of money invested in securing their servers.

Can I be defrauded?
Yes. Someone could use a stolen credit card to pay you. To minimize that risk, we usually implement AVS (Address Verification System) checking, which requires that the customer know the street address, city, and zipcode to which their bills are sent. Thieves seldom do, so they go on to some other website where the programmers are not as savvy. We have seen AVS checking drop online fraud from $400/month to $4/month.

In addition, the credit card companies are moving toward an even more secure test using the CVV and CVV2 protocols. Currently, only Discover fully implements it, but the others are getting there. When they do, we'll be ready to implement that as well.

What do I need to implement credit cards?
Unfortunately, this is one step we can't handle for you. There are two paths you can take:

Create a Paypal account, and we can process transactions through them. Funds do not automatically move to your checking account, but it is straightforward, and less expensive than the other path. They have a very sophisticated API, and you are isolated from PCI compliance issues.

For more sophisticated accounting needs, use a traditional processor who will drop the funds directly into your business account. You will need:

  • A business checking account. Many banks now offer a Small Business account, which is hardly more than a personal account.
  • A merchant account, usually through the same bank. It has to be a real (brick-and-mortar) bank, under Federal law.
  • An account with a credit card processor. The bank above probably has one they work with, but it will cost less to use an independent company.

What are the costs?
The cost usually includes a monthly minimum, about $20-35, plus a percentage of the charges, about 2.3%. There is very little difference in cost between different processors, just some difference in the API (Application Programming Interface). Not all processors offer an API, so it is very important that you confer with your programmer before signing up for a service, or you may be sorry.

Who are some good credit card processors?
We have used several, including iTransact, LinkPoint, 2Checkout, TheProcessingNetwork, eProcessingNetwork, and, but, for technical reasons, we do not recommend LinkPoint, and do highly recommend No, we do not get a commission for that.

Copyright Apptech Services