We talk to a lot of clients who have not yet taken the step to take credit cards over the web, either because they don't trust it,
or they don't understand it. Hence, this short treatise.
How does it work?
Your customer enters their credit card info into a form. The form data is transmitted to a 3rd party credit card processor who
validates the card, drafts the funds, deposits the money in your business account, and provides a receipt or other verification
that the charge was completed.
Is it safe?
Using SSL-technology, the data transmission is encrypted in both directions, with 40-bit military-grade hashing algorhythms.
A packet-sniffer could get the transmission, but they could not read it. It would take a Cray super-computer years to break the
code. It is quite safe. This is the exact same technology used by all the major online companies.
Do I have any liability?
Not unless you store credit card numbers on the server, and a hacker got in. We never store those numbers on the server, which
is why we use 3rd party processors. Let them take the risk. They have a lot of money invested in securing their servers.
Can I be defrauded?
Yes. Someone could use a stolen credit card to pay you. To minimize that risk, we usually implement AVS (Address Verification
System) checking, which requires that the customer know the street address, city, and zipcode to which their bills are sent. Thieves seldom do,
so they go on to some other website where the programmers are not as savvy. We have seen AVS checking drop online fraud from
$400/month to $4/month.
In addition, the credit card companies are moving toward an even more secure test using the CVV and CVV2 protocols. Currently,
only Discover fully implements it, but the others are getting there. When they do, we'll be ready to implement that as well.
What do I need to implement credit cards?
Unfortunately, this is one step we can't handle for you. There are two paths you can take:
Create a Paypal account, and we can process transactions through them. Funds do not automatically move to your checking account,
but it is straightforward, and less expensive than the other path. They have a very sophisticated API, and you are isolated from PCI
For more sophisticated accounting needs, use a traditional processor who will drop the funds directly into your business account. You will need:
- A business checking account. Many banks now offer a Small Business account, which is hardly more than a personal account.
- A merchant account, usually through the same bank. It has to be a real (brick-and-mortar) bank, under Federal law.
- An account with a credit card processor. The bank above probably has one they work with, but it will cost less to use an independent company.
What are the costs?
The cost usually includes a monthly minimum, about $20-35, plus a percentage of the charges, about 2.3%. There is very little difference
in cost between different processors, just some difference in the API (Application Programming Interface). Not all processors offer an API, so
it is very important that you confer with your programmer before signing up for a service, or you may be sorry.
Who are some good credit card processors?
We have used several, including iTransact, LinkPoint, 2Checkout, TheProcessingNetwork, eProcessingNetwork, and Authorize.net, but, for
technical reasons, we do not recommend LinkPoint, and do highly recommend
Authorize.net. No, we do not get a commission for that.