Free guides & tools

We like to share the resources we have available to us which keep us constantly up to date with the changes in the law.

Explore the documents and tools available using the menu on the left

Wells Associates

How to handle payments online

Increasing numbers of businesses are choosing to sell their goods and services online, not least because customers expect the convenience that internet retailing offers.

It is, of course, possible to accept payment for online sales through conventional means: a cheque sent in the post. But given that the main virtue of online shopping is its speed and efficiency, most customers prefer to pay with debit or credit cards.

In order to process online card payments, businesses must set up a system in addition to that which is used to handle in-store card transactions.

Types of online payment system

There are various types of online payment system available to businesses. Choosing a particular method will depend on the nature of an individual firm and the scale of its online business.

Internet merchant accounts

An internet merchant account is a payment system which is managed through a bank. It tends to suit businesses that anticipate a high level of online sales, that require a consistent and immediate cashflow, and that already have the ability to handle face-to-face card transactions.

A business will need to contact its high street bank in order to set up an internet merchant account. Most major banks offer this service but not all.

Under the system, the bank will receive the payment from the online customer, process the transaction and then credit the firm's account with the money. The business will require a payment service provider (PSP). A PSP - which must be compatible with the firm's e-commerce software - takes the customer's card details online and sends them to the bank. So that the card details can be sent to the bank safely, an internet merchant account must use secure socket layer (SSL) technology to encrypt the information.

Banks will charge a fee for managing an internet merchant account. The fee will either be fixed or will be calculated as a percentage of the individual transactions.

There may be other fees connected with purchases by credit or debit card.

Should a purchase turn out to be fraudulent, the money will be retrieved from the business's merchant account. Since there is a potentially higher risk of fraud affecting 'cardholder-not-present' transactions, banks will expect a business to supply certain information before agreeing to set up an internet merchant account. The information may include online cashflow projections, online trading terms and conditions, the method of delivering the product or service, the predicted value of online transactions, online turnover and details of the server that is to be used.

Complying with data and security rules

All businesses that take card payments, both off and online, have to comply with a set of global rules designed to protect cardholder data.

This means that you, as a merchant, have to meet a series of 12 requirements on security management, policies and processes. These rules are known as the PCI DSS (Payment Card Industry Data Security Standard) and are enforced by individual payment brands.

Compliance is not a one-off event. You will need to continuously:

  • assess the data you hold and your processes for potential weaknesses;
  • fix any vulnerabilities that you find; and
  • report all relevant information to the bank and card brands you do business with.

Your specific responsibilities under PCI DSS rules will depend on the size of your business and the card payment company you work with.

You can find information on how to be DSS compliant at the PCI website

Alternative methods of dealing with online payments

Outsourcing payment processing

A payment processing company receives the card payments from a firm's online customers and then passes the money on to the firm.

Using a payment processing company may suit businesses that do not anticipate a large number of online transactions and do not depend on prompt or immediate payment.

The benefit of using a payment processing company is that the business is saved much of the work involved in running an internet merchant account.

There are, though, downsides. It can take much longer for the payment to reach the firm's account. Fees and charges tend to be higher than for internet merchant accounts too.

Fraudulent payments can be reclaimed from the business, although there are insurance policies that cover this eventuality.

Online shopping malls

Using an online shopping mall may suit small businesses that have fewer IT resources and a simple web presence, that sell straightforward products or services, and that do not already handle credit card transactions.

An online shopping mall is especially helpful for businesses that only wish to use the internet as a supplement to their traditional, bricks-and-mortar high street sales.

A mall works by offering several businesses a place on the same website. The websites are often dedicated to firms from the same or similar business areas.

The hosting and payment processing is dealt with by the mall itself. It usually supplies the software needed to establish an online shop too. The only responsibility that falls to the business is that of keeping the online shop updated and relevant to its customers.

Opting to join an online shopping mall means that a business will not have to concern itself with the complete process of establishing a customer-friendly website. Often malls will provide guidance and advice on the practicalities of managing an online shop.

The drawback is that it invariably costs more to sell online through a shopping mall than it does using other methods of trading via the internet. A business choosing an online shopping mall must be prepared to pay a membership fee and a percentage of each transaction and perhaps a monthly fee as well.