 |
Introduction To
e-Commerce |
|
Introduction To
e-Commerce
by:
David Risley
Many people new to websites
and/or ecommerce are
confused at the in and outs
of ecommerce. Even many
people who are fairly adept
at scripting can set up a
store using some popular
package such as OSCommerce
and then are left stumped by
the idea of making it work
with a payment gateway to
actually collect money and
put it into their account.
In this article, I will give
a brief overview of how the
system is set up to collect
your money. I will then
discuss briefly what to look
for in evaluating payment
gateways. As usual, I will
keep this basic and
understandable just as I do
with all of my articles.
The
Basics - How Funds are
Collected
Ecommerce simply refers to
the practice of shopping
online. From the site
owner's perspective, it
entails collecting funds
from sales transactions on
their website and depositing
that money into the bank. In
order to collect funds, you
need to have a merchant
account and a payment
gateway (discussed below).
Basically, when a person
enters their credit card
number on a website, the
card number and buyer
information is sent to a
payment gateway. This is
done securely. The payment
gateway will interface with
a payment processor to check
availability of funds as
well as any other criteria
set for accepting
transactions. If the funds
are available, the payment
processor will then deduct
the funds. The payment
gateway will then report
back a successful
transaction to the merchant,
at which point the
merchant's shopping cart
system will respond by
displaying a "Thank You"
type message to the buyer.
Funds will sit until the
transaction is settled,
which means the funds are
collected and deposited to
your bank account. Until a
transaction is settled, the
transaction will not post to
your bank account and the
corresponding debit will not
post to the buyer's credit
card account.
Merchant Accounts
A Merchant Account is a
special type of account
specifically for online
retailers. They are designed
to allow non-POS (point of
sale) transactions using
credit cards, or
transactions where you don't
have the person's credit
card in hand. In other
words, you don't have a card
swiper. A merchant account
is not the same as a bank
account. It acts as a
go-between between your
payment gateway and your
bank account, accepting
funds from credit cards
which are then deposited
into your bank.
A merchant account is a
relationship based on trust
between you and the issuing
bank. The bank takes funds
from the buyer's account and
deposits into your account.
A payment processor takes
care of checking for
availability of funds and
debiting from the credit
card account. The bank
issuing the merchant account
is trusting that you will
fulfill your end of the
transaction by providing the
product or service that the
buyer purchased. In case
where this does not occur,
the buyer can dispute the
transaction. This puts the
issuing bank on the line
because they are then
obligated to return the
funds to the buyer's card (a
chargeback). Therefore,
merchant providers are
taking a risk in allowing a
merchant to take credit
cards under their name.
The organization providing
your merchant account will
do underwriting on the
account when you apply to
check your credit. If you
have a history of too many
chargebacks, you may be
denied. In fact, too many
chargebacks can result in
you, as a merchant, being
put on the Terminated
Merchant File (also called
The Match File). This is a
blacklist which will
effectively prevent you from
ever receiving a merchant
account again.
Payment Gateways
A payment gateway serves as
the front end to your
merchant account, allowing
you to manage funds,
transactions, and the like.
It also serves as a
connection between your
website and your merchant
account. It takes data
submitted via your secure
order forms and presents it
to your processing bank. The
processing bank then
approves or declines the
transaction and sends its
response back to the payment
gateway. The payment gateway
then turns around and
provides this data back to
the merchant for appropriate
handling of the transaction.
A payment gateway, then,
does not offer services such
as merchant accounts or
shopping carts, although
some of the larger-known
gateways do provide such
options as value-added
services.
Some of the better known
payment gateway services are
Authorize.Net, Verisign,
2CheckOut.com, Linkpoint,
Paysystems.com, Worldpay.com,
and MerchantCommerce. Some
of the things to look for in
a payment gateway are
compliance with CISP, SDP
and DISC (security
initiatives put out by the
major credit card
companies), virtual terminal
(to be able to accept
transactions over the phone
by typing in their data
rather than only relying on
your website), fraud
prevention, recurring
billing, methods of
integration, cost and
whether they can accept
e-checks or not.
Fraud prevention is a big
one because, as stated
above, too many fraudulent
transactions will result in
chargebacks which could end
up putting you on the Match
List and your merchant
account closed. Some of the
common fraud detection
mechanisms are Address
Verification (AVS) which
compares the customer's
address with that on file
with the issuing bank, CVV2
which makes use of the
3-digit security code on the
credit card (4-digit on
American Express cards).
Most gateways will provide
instructions on how to
interface with their servers
from your web store. Most
gateways offer two methods
of integration.
One method is to have your
site POST a form to the
gateway's server which is
pre-populated with your
customer's information. At
that point, the customer
will provide the customer
with the payment form which
allows them to type in their
credit card number in a
secure environment. After
processing occurs, the
customer is then routed back
to your website along with
the results of the
transaction. Your site again
takes over the process. This
method is usually easier to
set up for site owners and
it also means the site owner
does not need to purchase
their own SSL certificate
(allowing secure
transactions on the site
itself). The tradeoff is
that you do need to send
your customers off of your
website for payment
collection. Many gateways
offer ways to make the
payment form look like your
website using customized
headers and footers, but the
fact remains that the
visitors are leaving your
website.
The second method is totally
invisible to the customer.
If the site owner has an SSL
certificate, they can set up
security on their own site.
This means they can host the
payment form themselves,
totally customizing it to
their website. When the
customer submits payment,
your site will securely and
invisibly submit the
information to the payment
gateway. The payment gateway
will do the usual processing
and then invisibly send the
response back to the
merchant's website, allowing
it to respond properly. From
the customer's perspective,
they never left your
website. And they never did.
This type of setup requires
an SSL certificate as well
as access to the CURL
library.
Many gateway providers can
get you set up with a
merchant account at the same
time as the gateway. So, in
most cases, you do not need
to sign up for them
separately.
Conclusion
Hopefully this has given you
a brief introduction to how
credit card payments are
processed on the internet.
About
the author:
David Risley is a web
developer and founder of PC
Media, Inc. (http://www.pcmedianet.com).
Specializes in PHP/MySQL
development, consulting and
internet business
management. He is also the
founder of PC Mechanic (http://www.pcmech.com),
a large website delivering
do-it-yourself computer
information to thousands of
users every day.
Circulated
by
Article Emporium
|
|
|
 |
|
|
|
|
