As an online seller, ecommerce payments and security are of the utmost importance. And with more people staying home and spending time online, cyber-attacks have actually increased by as much as 400%. So it’s more important than ever to ensure your online portals are safe and secure.
What Is Payment Security?
Online payment security means the order checkout forms that collect customer data are hosted securely, data is properly encrypted during transmission, and any stored payment information is protected. There are two types of online checkouts you can use: a self-hosted checkout or a hosted checkout.
What Is a Self-Hosted Checkout?
A self-hosted checkout collects and transmits customer payment data on your store’s servers. This puts the security risk on you and makes you responsible for managing secure data connection, transmission, and storage systems. Even if you use a top ecommerce platform, you can be responsible for handling security. Not all ecommerce platforms ensure secure checkouts with every payment processor.
What Is a Hosted Checkout?
With a hosted checkout, sensitive payment data is entered directly into your secure payment provider’s system via a secure, encrypted connection called SSL (secure sockets layer authentication). Simply put, sensitive data never touches your store’s servers. In some cases your ecommerce platform ensures this, in others, your payment provider makes it happen. Either way, using a hosted checkout takes the bulk of ecommerce security risks off your shoulders.
This is one reason why hosted checkout providers like Square and Stripe are so popular. If you want to minimize your security risk by using a hosted checkout, you have three options. Here’s a look at each, plus some providers to consider:
1. All-in-One Payment Processors
All-in-ones roll a secure hosted checkout and merchant account into one service. They’re the most popular choices for small online sellers because of their ease of setup, straightforward pricing, multiple services, and selling options, and, of course, security. Most all-in-one payment processors offer quick 1-click integrations with top ecommerce platforms, so for most, setup takes just a few minutes.
Here are three top names in secure all-in-one payment processing solutions:
| All-in-one | Ecommerce Pricing | Notable features |
|---|---|---|
2.9% + 30 cents per transaction; no monthly fees | Gives you a free online store, a full suite of business management tools, and a industry-leading point-of-sale system. | |
2.9% + 30 cents per transaction; $0–$20/month | Lets you process PayPal Payments along with all major credit cards. Can be used with any website. Some plans are self-hosted. | |
2.9% + 30 cents per transaction; no monthly fees | 1-click integrations with more than 50 top online shopping carts, plus offers checkout customization. |
2. Ecommerce Platform Payment Services
Many top ecommerce platforms offer their own payment processing service as a secure option. This makes launching an online store with a secure hosted checkout easier than ever. Plus, they meet or beat the pricing of some top all-in-ones and are a breeze to set up.
Here are two top online store platforms that offer their own secure payment processing:
| Ecommerce platform | Ecommerce Payments Pricing | Notable features |
|---|---|---|
From 2.4% to 2.9% + 30 cents per transaction, depending on plan | Built-in to any Shopify plan, takes mere seconds to enable and start accepting credit card payments through Shopify’s secure system, includes a sitewide SSL certificate. Top-rated ecommerce platform. | |
From 2.2% to 2.9% + 30 cents per transaction, depending on plan | BigCommerce partners with PayPal and Fast for 1-click activated credit card payments, includes sitewide SSL certificate. |
3. Traditional Gateways With Secure Integrations
Unlike all-in-ones and ecommerce platform payments, traditional payment gateways let you use your own merchant account for payment processing. This can be a lower-cost solution than options 1 and 2, but it takes more work to set up. When going this route, you also need to make sure it’s a truly secure solution.
Note: Most traditional payment gateways that offer a secure hosted checkout also support self-hosted checkouts. It’s up to you to make sure the gateway/ecommerce platform/merchant account combination all works within a secure hosted checkout. If not, you’ll be back to square one, having to ensure ecommerce payments and security yourself.
A few top providers make secure gateway integrations easy, including:
| Payment gateway | Pricing | Notable features |
|---|---|---|
Your merchant provider fees + 10 cents per transaction, $0 Setup, $0/mo. | Lets you use your own merchant account at their competitive payment processing rates, plus accepts PayPal Payments at the standard 2.9% + 30 cents per transaction rate. | |
Your merchant provider fees + 10 cents per transaction, $49 Setup, $25/mo. | Lets you use your own merchant account at its competitive payment processing rates. |
Self-Hosted vs Hosted Checkout: Which Is Right for You?
For many small online sellers, a hosted checkout delivers everything needed to process payments in a tidy, secure package. But for others, factors such as checkout customization and lower credit card processing costs come into play. In these cases, the flexibility that self-hosted checkouts offer can be worth the security headaches.
Here’s a closer look at the major differences between the two:
| Self-Hosted Checkout | Hosted Checkout | |
|---|---|---|
| Your security responsibility | High | Minimal |
| Checkout customization options | Very customizable | Limited, or requires developer skills |
| Payment processing costs | Tend to be lower | Tend to be higher |
| Merchant services choices | More options | Fewer options |
What Are the Best Security Practices When Accepting Electronic Payments?
There are a few industry best practices that can ensure secure online payments and put both your and your customers’ minds at ease:
Update Your Business Software
The software you use to manage your business often releases updates which you can download to ensure your technology stays current. These updates impact a range of things, and failure to keep your tech updated could make it more susceptible to data breaches and other cyber threats. So when an update is released, ensure you install it in a timely manner.
Choose the Best Merchant Account
Most self-hosted checkouts integrate with a large number of payment gateways and through them, merchant services providers. Going this route, large-volume sellers can compare many payment processors to find the lowest credit card processing rates. But again, many of these providers leave checkout security to the seller. For most small online businesses, hosted checkouts provide plenty of choice with minimal security worries. See our recommended merchant accounts to find a solution that’s right for your business.
Ensure You’re PCI-Compliant
Payment security standards are governed by a set of rules referred to as PCI compliance. They outline security measures that sellers accepting credit card payments must meet to help prevent security breaches and data theft. Secure payment providers’ hosted checkouts meet these rules for you. But if you choose a self-hosted option, you’re responsible for maintaining PCI-compliant checkout and payment data systems yourself.
If you choose a self-hosted option, your merchant services provider will request PCI compliance documentation each year, based on your processing volume. If you process fewer than 20,000 Visa credit card payments annually, you’ll have to fill out a self-assessment questionnaire and perform a system security scan. Reporting and scanning requirements increase as your processing volume increases. You can learn more about payment security and its impact on your business in our full guide to PCI compliance.
Remember, if you choose a self-hosted solution, your ability to accept credit cards depends on keeping your systems secure and up-to-date PCI compliance. If you don’t, your merchant services provider can charge a non-compliance fee or close your account. And if you ignore security concerns and suffer a data breach, you can face hefty fines from credit card companies.
Limit Data Storage and Access
Data is a double-edged sword when it comes to security. On one hand, the more data you have, the more insights you have to make informed business decisions. But on the flip side, the more data you have, the more you have to lose.
If you can, limit the amount of data you store. Perhaps you strike out certain fields or only store customer data for a shorter period of time. Additionally, it’s important to ensure only the people who need access to the data have it. Use tools and technology that allows for user accounts and permissions.
Always Use SSL and AVS
SSL is Secure Sockets Layer, which encrypts data during online payment transactions. This makes it harder for hackers to get to the information.
Customers can tell whether or not your site is SSL secure based on how the URL appears in their browser.
AVS is address verification services, which ensures the billing address the customer enters matches what the card-issuing bank has on their records. This mitigates unauthorized use of customer credit cards. Most payment gateways and some ecommerce platforms have settings to require certain address verification codes in order to accept the transaction. If you’re selling online, this is a crucial step for preventing fraud and the chargebacks fraudulent transactions can result in.
Activate Multi-Factor Authentication
Multi-factor authentication is another way to make it harder for hackers and data thieves to get to your customer and payment information. These multi-factor authentication settings require customers to log in with more than just a username/email and password. They might need to enter a security token, scan their fingerprint, or confirm identity via some other means.
Though this adds an extra step in the purchase process—and potential friction—it’s becoming more widely used. And as consumers are more aware of cyber threats, they’ll likely be more open to extra security steps like this.
Flag Suspicious Activity
Over time, you’ll gather more data about ecommerce payments and security. You’ll be able to unearth trends—for example, are there trends related to chargebacks? How can you address those trends? Do you have lots of orders with different credit cards from a single IP address? You might need to block that IP. Did you receive an unusually large order? Perhaps reach out to the customer to confirm or ask for a different payment method.
“Where we see most of the fraud and vulnerabilities today is in the digital space. Not only are fraudsters able to exploit vulnerabilities on insecure sites, they are able to scale in unprecedented ways. Still, most of the risks are coming from human lack of cyber hygiene, poor passwords, old software, clicking on unsafe links, or emails that open the door to individual or corporate information that leads to breaches and eventually to fraud on payments.” This is what Mohamed Abdelsadek, executive vice president of North America services for Mastercard, told the National Retail Federation in October 2020.
The Bottom Line on Ecommerce Payments and Security
Ecommerce payments security plays a key role in the trust relationship between your company and your customers. Luckily, secure payment processing technology is constantly improving. Plenty of online store solutions provide secure hosted checkouts that protect both you and your customers. All-in-one payment processors, platform payment services, and traditional gateways all offer secure checkout options for the small online seller.
Sellers who want to use their own merchant services account can find secure options through traditional payment gateways. But for most small businesses, the quick-start convenience and worry-free security of all-in-one payment services with built-in management tools, like Square, are the ideal choice. Visit Square to create a free account.
