As an online seller, you can make ecommerce security easy or you can make it hard, and it mainly depends on how you process online payments. Top store platforms and payment processors make ecommerce security easy, but you need to know how it works to ensure you pick the right solutions.
Before we dive in, many secure payment processors support online, in-store, and mobile payments, but one really stands out from the crowd, and that’s Square. See all the ways Square can help you securely process payments anywhere they happen, plus manage your entire business.
How Ecommerce Security Works for Online Payments
Online payment security starts with a secure checkout. That means the order checkout forms that collect customer data are hosted securely, data is properly encrypted during transmission, and any stored payment information is protected.
There are two types of online checkouts that you can use: A self-hosted checkout or a hosted checkout. Let’s see how each handles payment security:
What is a Self-hosted Checkout?
A self-hosted checkout collects and transmits customer payment data on your store’s servers. This puts the security risk on you and makes you responsible for managing secure data connection, transmission, and storage systems Even if you use a top ecommerce platform, you can be responsible for handling security. Not all ecommerce platforms ensure secure checkouts with every payment processor.
What is a Hosted Checkout?
With a hosted checkout, sensitive payment data is entered directly into your secure payment provider’s system via a secure, encrypted connection called SSL (secure sockets layer authentication). Simply put, sensitive data never touches your store’s servers. In some cases your ecommerce platform ensures this, in others, your payment provider makes it happen. Either way, using a hosted checkout takes the bulk of ecommerce security risks off your shoulders.
How do You Choose?
Wondering why anyone would choose a self-hosted checkout over a secure hosted checkout? That’s a good question. For most small online sellers, a hosted checkout delivers everything needed to process payments in a tidy, secure package. But for others, factors such as checkout customization and lower credit card processing costs can come into play. In these cases, the flexibility that self-hosted checkouts offer can be worth the security headaches.
Here’s a closer look at the major differences between the two:
|Self-Hosted Checkout||Hosted Checkout|
|Your security responsibility||High||Minimal|
|Checkout customization options||Very customizable||Limited, or requires developer skills|
|Payment processing costs||Tend to be lower||Tend to be higher|
|Merchant services choices||More options||Fewer options|
Checkout Customization Options
This concerns the appearance and functionality of your online store’s checkout page. For most sellers, a basic checkout page provides everything you’ll ever need. But some businesses want to tweak this for various reasons. When they do, a self-hosted checkout provides freedom to customize the form design and checkout flow any way you wish. Certain secure hosted checkouts, like Stripe, also support customized checkout pages, but changes can require developer skills.
Payment Processing Costs
To ensure high-security standards, hosted solutions tend to combine a limited number of secure payment gateways and processors. This gives you fewer choices in processors and most charge higher fees compared to regular merchant accounts. For low-volume sellers, the peace of mind that comes with a secure provider is well worth the cost. However, if you process more than $18K/mo. in credit cards, you can save on processing fees using a self-hosted solution with your own merchant account.
Merchant Account Choices
Most self-hosted checkouts integrate with a large number of payment gateways and through them, merchant services providers. Going this route, large-volume sellers can compare many payment processors to find the lowest credit card processing rates. But again, many of these providers leave checkout security to the seller. For most small online businesses, hosted checkouts provide plenty of choice with minimal security worries.
Now you know the differences between hosted and self-hosted store checkouts, and the security implications of each. If you’re like most other small online sellers and prefer a secure hosted checkout, you have plenty of options. Let’s see what they are.
Secure Hosted Checkouts & Payment Processors – Your Options
If you want to minimize your security risk by using a hosted checkout, you have three options. Here’s a look at each, plus some providers to consider:
1. All-in-one Payment Processors
All-in-ones roll a secure hosted checkout and merchant account into one service. They’re the most popular choices for small online sellers because of their ease of setup, straightforward pricing, multiple services and selling options and, of course, security. Most all-in-one payment processors offer quick 1-click integrations with top ecommerce platforms, so for most, setup takes just a few minutes.
Here are three top names in secure all-in-one payment processing solutions:
|All-in-one||Ecommerce Pricing||Notable features:|
|2.9% + 30¢ per transactionNo monthly fees|
|2.9% + 30¢ per transaction$0-$20/mo. fees|
Lets you process PayPal Payments along with all major credit cards. Some plans are self-hosted, learn more about all of PayPal’s plans here.
2.9% + 30¢ per transaction No monthly fees
1-click integrates with more than 50 top online shopping carts, plus offers checkout customization.
2. Ecommerce Platform Payment Services
Many top ecommerce platforms like Shopify and BigCommerce now offer their own payment processing service as a secure option. This makes launching an online store with a secure hosted checkout easier than ever. Plus, they meet or beat the pricing of some top all-in-ones and are a breeze to set up.
Here are three top online store platforms that offer their own secure payment processing:
|Ecommerce platform||Ecommerce Payments Pricing||Notable features|
From 2.2% to 2.9% + 30¢ per transaction, depending on plan
BigCommerce partners with PayPal for 1-click activated credit card payments through PayPal’s secure system, includes sitewide SSL certificate.
From 2.75% to 2.9% + 30¢ per transaction, depending on plan
|Built-in to any Ecwid plan, in 1-click you can accept credit card payments through Ecwid’s secure system, includes sitewide SSL certificate.|
From 2.4% to 2.9% + 30¢ per transaction, depending on plan
Built-in to any Shopify plan, takes mere seconds to enable and start accepting credit card payments through Shopify’s secure system, includes sitewide SSL certificate.
3. Traditional Gateways with Secure Integrations
Unlike all-in-ones and ecommerce platform payments, traditional payment gateways let you use your own merchant account for payment processing. This can be a lower-cost solution than options 1 and 2, but it takes more work to set up. When choosing this route, you also need to take care to put together a truly secure solution.
Note! Most traditional payment gateways that offer a secure hosted checkout also support self-hosted checkouts. It’s up to you to make sure the gateway/ecommerce platform/merchant account combination all works within a secure hosted checkout. If not, you’ll be back to square one, having to ensure security yourself.
A few top providers make secure gateway integrations easy, including:
|Payment gateway||Pricing||Notable features|
Your merchant provider fees + 10¢ per transaction, $0 Setup, $0/mo.
Lets you use your own merchant account at their competitive payment processing rates, plus accepts PayPal Payments at the standard 2.9% + 30¢ per transaction rate.
Your merchant provider fees + 10¢ per transaction, $49 Setup, $25/mo.
|Lets you use your own merchant account at their competitive payment processing rates.|
So you’ve seen how hosted and self-hosted checkouts impact your security risk and know some options for both. Now let’s explore why these security issues matter to your business.
What is PCI Compliance & What Does it Mean to You?
Payment security standards are governed by a set of rules referred to as PCI compliance. They outline security measures that sellers accepting credit card payments must meet to help prevent security breaches and data theft. Secure payment providers’ hosted checkouts meet these rules for you. But if you choose a self-hosted option, you are responsible for maintaining PCI compliant checkout and payment data systems yourself.
If you choose a self-hosted option, your merchant services provider will request PCI compliance documentation each year, based on your processing volume. If you process fewer than 20,000 Visa credit card payments annually, you’ll have to fill out a self-assessment questionnaire and perform a system security scan. Reporting and scanning requirements increase as your processing volume increases. You can learn more about payment security and its impact on your business in our full guide to PCI compliance.
Remember! If you choose a self-hosted solution, your ability to accept credit cards depends on keeping your systems secure and your PCI compliance current. If you don’t, your merchant services provider can charge a non-compliance fee or close your account. And if you ignore security concerns and suffer a data breach, you can face hefty fines from credit card companies. Clearly, PCI compliance isn’t something to take lightly.
The Bottom Line
Ecommerce security plays a key role in the trust relationship between your company and your customers. Every small business owner must take care to understand and ensure online security, especially when it comes to payment data. If that sounds like a daunting task, believe me, it can be. Knowing the ecommerce security differences between hosted and self-hosted checkouts is the first step. After that, you just need to know your options.
Luckily, secure payment processing technology is getting better and better. Plenty of online store solutions provide secure hosted checkouts that protect both you and your customer. All-in-one payment processors, platform payment services, and traditional gateways all offer secure checkout options for the small online seller.
Sellers who want to use their own merchant services account can find secure options through traditional payment gateways. But for most small businesses, the quick-start convenience and worry-free security of all-in-one payment services with built-in management tools, like Square, are the ideal choice:
How do you handle ecommerce security for your online store? If you use one of the providers mentioned or have another solution, we’d love to hear about it in the comments below.