Building a transactional website involves many aspects, but accepting payments is vital. With 59% of internet shoppers using credit cards as their preferred method of payment, companies need to be able to accept and process these payments. UK shoppers will spend £78bn a year online by 2010, doubling the web's share of retail sales to 20%.
If you're doing business outside the UK, ecommerce can be an essential way of taking payments from consumers in different countries. In Europe, ecommerce is experiencing rapid growth, with the number of online shoppers predicted to grow to 174m by 2011. The UK, Sweden and Germany lead the way with 70% of internet users shopping online.
According to Dan Starr, executive vice president, merchant services division, at payment services provider Neteller, two of the biggest issues for any small business launching a transactional website are to ensure they stay on the right side of the law and to protect themselves against credit card fraud.
Neteller offers the following tips to help you minimise any potential problems:
Complying with the law
To take
payments on your website, compliance with PCI DSS is mandatory. This is a set
of guidelines covering all aspects of transaction security and data protection.
On top of these, every merchant must also have a merchant ID, a unique
electronic ID assigned by a bank that allows a company to accept credit card
payments. They must also demonstrate a base level of compliance and may be
subject to stringent requirements. There are strict penalties and consequences
if a merchant does not comply or fraudulently self-certificates and is then
subsequently found out.
Budget for compliance
For small
businesses the cost of in-house compliance could be massive. It's
difficult to estimate what it costs as there are many factors influencing this
expense, but for merchants with a robust security system, compliance costs as
little as 1% to 2% of IT budget. But other companies estimate their compliance
expense to be more than 10%.
Don't take shortcuts
Make sure
your website is secure and compliant with the appropriate legislation as not to
do so would be a false economy. Data hacks or mismanagement of sensitive data could
cause all types of costs including customer notification, security upgrades,
lost productivity, regulatory fines, legal fees, brand erosion and lost
customers.
Outsource payment
processing
Instead of
applying yourself for compliance and a merchant ID, you could outsource the
whole process to a payment service provider (PSP). PSPs act as a payment
gateway, accepting payments on your behalf, handling PCI compliance and taking
the necessary steps to avoid fraud and indemnify merchants against any losses.
Take fraud seriously
Once you have started trading
online, the next possible threat is card-not-present (CNP) fraud. In 2006, this
increased by 16%, costing merchants ₤212.6m. You can physically verify neither the
presence of the card nor the cardholder. This means you are forced to rely on
the card issuers' transaction verification. But authorisation does not
guarantee payment. Fraudsters further cost online retailers in the form of
disputed transactions, charge-backs and penalties levied by credit card
companies against repeat offenders.
Evaluate fraud risks by country
If you are trading throughout Europe, fraud prevalence varies by country. For example, Russia is considered high risk while Sweden and Norway are low.
Keep up with the technology
As a
minimum, ensure your network is secure and data is protected (not least for
compliance with PCI DSS). To minimise fraud, stay up to date with ever-evolving
credit card security features and build identity checking and real-time fraud
monitoring systems into your web application. However, new techniques such as
the 3D-Secure authentication protocol can lower conversion rates by
discouraging shoppers from completing their purchase.
Alternative payment methods
Credit
cards are not the ideal online payment method, and alternatives may be safer
and appealing to customers. For example, consider new systems that allow
payment direct from shoppers' online bank accounts or e-wallets.
