The Technology Behind Accepting Credit Card Payments Online
Although there are an increasing number of payment options available to online merchants,such as voucher-based payments, there are still many compelling reasons for accepting credit card payments online as none of these, as yet, carry the same degree of brand recognition and trust as credit card machines.
Finding a partner bank
Even if you already have the facility to accept credit card payments, you will probably need to get an explicit agreement from your bank to accept these payments online.
This is essentially because accepting online payments requires an entirely different set of security processes. In order to be accepted for online payment facilities you will need to firstly demonstrate that your website is secure.
This means that either you need to implement fully-encrypted payment facilities, or you need to work with someone else who does.
Most smaller merchants take the latter approach and enlist the help of a Payment Scheme Processor (PSP), a company which takes care of providing secure payment facilities and will usually help merchants to find a partner bank if required.
The mechanics of payment – completing the order form
Taking online payment typically requires the cardholder’s name and billing address (even if the goods are being delivered to a different address), plus the long card number (usually 16-digits), the expiration date and the 3-digit number on the back of the signature strip.
Once these pieces of data have been entered into the payment form, then they need to be sent securely (i.e. encrypted) either to your bank or to your PSP.
Most small merchants choose the latter, to avoid having to implement and support the relevant security technologies themselves.
Taking this approach, once the cardholder clicks the button to confirm payment, your site will send a message to your PSP, which will encrypt the data and collect it for processing.
The mechanics of payment – authorising the transaction
The encrypted data will be sent by the PSP to your bank, (larger merchants will have direct connections with their banks).
Your bank will then make an initial check to see if the cardholder is enrolled in an enhanced security scheme, which is generically known as 3D secure, in which case the cardholder’s bank will be notified that their customer wishes to make a payment and will prompt them to enter a password into a dialogue box.
Assuming the cardholder enters the correct password, the cardholder’s bank will provide a reference number to your bank, which will be added to the data you have already collected and sent to the cardholder’s bank.
This time, the cardholder’s bank will be asked to confirm whether or not their verified cardholder can proceed with the transaction.
If they agree that they can, they will generate a number called an authorization code, which will be returned to your bank as confirmation.
The mechanics of payment – completing the transaction
Once all this has been completed, your PSP will forward the results to you. They will either return the cardholder data, along with any extra data in an encrypted form, or, they will keep the data on their servers and provide you with a code, which can be used to identify the transaction if the need should later arise.
The cardholder should be provided with a confirmation message, which should contain a reference number in case they have questions about the transaction.