Secure Payments

 Preamble
Secure payment represents one of the biggest obstacles for commerce on the Internet.

The reason that "business to business" commerce develops more easily than "business to consumer" commerce probably lies in the fact that businesses are used to taking and placing orders by fax or by mail and don't see any particular inconveniences to doing the same by means of a website.

Furthermore, when a business receives an order from another business, the buyer is possibly already on credit, it's reasonably easy to verify the solvency of a business, etc...
 
 What is a secure payment?
"Is the payment really secure?" is one of the questions that comes up most frequently.

There is no one word answer.

First of all, there is an answer to the question for the merchants and an answer to the question for the buyers.

This isn't because the answer needs to change for one or the other, but simply because their fears aren't the same.
 
 What worries the customer?
A customer pays for an object with a credit card.

Their fears will be: "Am I going to receive the object; the one that I ordered; and will I receive it on time?"

"Who is going to store my credit card number and will it be used again without my knowing about it?"
 
 What worries the merchant?
The merchant wants to know if the credit card is valid, if the customer is going to retract the purchase, etc.
 
 What makes a payment secure?
There are several links that contribute to reasonably securing a purchasing act.

The global solidity of the chain is secured by the weakest link. Therefore, all of the links are important.

While the visitor surfs on your site and fills their shopping cart, they are completely anonymous because they haven't entered any confidential information and they don't see any confidential information. By nature, this information is public because you publish it on your website.

However, once they're ready to checkout, things change.

You're going to ask your customer to identify themselves: Perhaps they are going to enter their password so that we can find their contact information, perhaps they will enter their credit card number.

Even though the customer is willing to entrust the merchant with this confidential information, and even though the merchant is willing to accept and protect this information, neither the customer nor the merchant wants a third party to have access to this information.

This is where data encryption comes into play.
 
 Encrypting Data
Whenever your customer has to enter confidential information, your site goes into https mode ('s' for secure). This means that the information provided by each party is going to be encrypted with SSL protocol.

SSL protocol is a technology that secures information to a maximum on the Internet while remaining widely usable by all browsers.

In addition to SSL encryption, your site comes with our certificate of authenticity.

Issued by VeriSign after numerous validations, this certificate allows your visitor to verify that they are really on an Actinic site with just a simple click.

Indeed, it isn't enough to guarantee that the information is encrypted for transit. You must also ensure that the person who receives this information is, in fact, the person to whom you want to send the information.

This is the second link in the security chain.

This is where technological data securization ends. The Internet has done its job.
 
 Distance Selling Regulations...and Common Sense
A customer just placed an order and provided a merchant with a payment method. The physical transaction was performed correctly. No one was able to access this information. This is the moment where all of the legal problems linked to distance selling (whether it be by mail, fax, phone or Internet) begin.

First of all, the law authorizes the buyer to change their mind during a certain period of time. This means that if someone buys three jars of honey from you, they have the right to cancel their order during this period. Again, this rule has nothing to do with the Internet. If you sell by mail or fax, the same rules apply.

Does this mean that you need to wait for this period to end before shipment? Not necessarily. You know your customers better than us. However, this means that you should be wary of any unusual orders. If someone orders 50 Kilos of honey all at once and they've never ordered from you before, beware! Wait a while before shipping their order. You'd do the same thing in the real world.
 
 How to collect money with a credit card number?
You've received an order, you're ready to ship the order and you have a reasonable amount of trust in your customer.

How do you collect the order amount? Acquiring a credit card number from the customer isn't enough.

If you don't use any of our online payment services (PayPal, for example), and you decide to collect the credit card number yourself, know that you can't use the credit card number without having acquired a merchant account from your acquiring bank (financial institution that handles your credit card transactions).

Indeed, imagine that anyone possessing a credit card number could debit the credit card. This would mean that when you introduce your credit card in a point of sales terminal, anyone capable of memorizing 16 numbers could then write the number down and go home in the evening with several dozen numbers, allowing them to debit the cards of several dozen individuals who haven't ordered anything at all. To grant you the privilege of being able to debit a credit card, your bank is going to qualify you and possibly award you merchant status.

Having merchant status is going to give you an important privilege. However, in return you are going to accept that the customer has a certain period of time during which they can retract the sale and have their account re-credited (and have yours debited). It's up to you to prove that you have delivered the merchandise that was ordered, in which case the bank will credit your account again. Understand that we have just described an extreme case and that if a customer actually orders an item, you deliver it, it arrives in good condition, and you have proof of shipment (shipping order), the customer can't legally retract the sale. This would be fraud and would be treated as such by their bank.

Also note that this situation doesn't only concern Internet use. The same situation could take place with an order by fax, by mail or by phone. Internet sales that are correctly managed aren't any more dangerous than other sales methods.

Again, bear in mind that not many customers (even dishonest ones) are going to waste their time trying to retract the sale of a small sum.

On the other hand, be wary of large transactions that don't correspond to the standard use of what you sell.

If you sell DVD players and you receive an order for 10 DVD players from a private individual (as opposed to a professional customer), be careful!

The most common case of retracted sales involves a stolen credit card number. A perfectly honest person's credit card number (not their actual card) is stolen and they aren't even aware.

The crook uses this number to make purchases. The only thing that could allow you to detect the anomaly is that the delivery address doesn't match the address of the card holder.

If you process the card manually using your point of sales terminal, you wouldn't be able to see this. Our payment processor partners, in association with the banks, have begun to practice verification processes based on the consistency of the address. This is why we highly recommend using them.
 
 Operating costs...who gets paid?
Another point: The transfer of payment by credit card always costs a percentage. In fact, there are two actors that must be paid: the payment processor and the acquirer. These two roles can sometimes be played by a single company: Your bank.

The first actor (by the order that they come into play in a payment transaction) is the credit card processor, that is to say, the agency that handles the transaction between you and your customer by means of the Internet. These processors may be specialized companies or may be your bank, if your bank also plays this role.

The second actor is your bank, who is going to take a certain percentage of the sale (generally from 0.3% to 2%). You are the one who will negotiate this percentage, which depends on the volume, average amount and quality of the transactions that you perform.

In general, your financial institution won't ask you for any fees up front for setting up your merchant account and will be paid later on by taking a commission on your sales. This also means that if you don't sell, then your bank doesn't get paid! This is why banks insist on "selling" you their internal payment solution, because they are sure to receive a monthly subscription fee, no matter how much you make in sales.

Attention: The cost, guarantees, services and legislation surrounding distance selling bank transactions (on the Internet or by phone) evolve rapidly. The information contained in these pages only represents a synthesis of our partner's propositions at a given time. Only the contract between your company and these providers contractually defines the roles and responsibilities of the different parties.

When choosing a secure payment solution, be wary of things that are seemingly too cheap or too expensive. For example, it's logical to think that 3 or 4% of the sales amount is an exorbitant sum for a payment processor. However, if you don't sell anything, it doesn't cost you anything either. Once the sales figure becomes significant (we wouldn't even say large), the cost of transactions should fall to around 1%.

A good approach to the problem would be to say: That there are two possibilities (which aren't exclusive from one another in the end).

In the first case, you see your website as a plus. You use the services of a processor like PayPal that takes a large commission for each sale, but that doesn't cost you anything when you don't sell. After all, even if the commissions are large, these are just additional sales. This allows you to sustainably establish yourself on the Web without incurring too many expenses.

In the second case, you see your website as a real sales tool and you consider not being able to make a sales figure of one or two thousand pounds a month as a failure. You are going to invest in the necessary marketing methods so that this happens. In this case, a solution proposed directly by your bank or by a specialized solution is absolutely ideal, as much in terms of cost as for the professionalism of your site.
 

Add to favorites: http://www.actinic.co.uk/Help/HelpCenterContent.asp?ActionID=512&TID=1225&MID=9000%7C55315&LangID=1
© 2001-2018 Actinic. All rights reserved.