What is an online payment system? And how can businesses select the right payment systems? In this article, we’ll examine how eCommerce—and even brick-and-mortar businesses—can benefit from web-based payment gateways.

How Do Payment Processing Services Work?

The first step in this process is the customer’s shopping experience. When they encounter goods or services they like through an online business; they will need to pay with a credit or debit card. In some cases, they may be able to pay through a P2P app like PayPal or Venmo or set up an ACH payment (essentially, a bank transfer).

Your website will bring the customer to a checkout page, where they will review the items they intend to purchase. They will then be prompted to make a payment by inputting card details like number, expiration date, and perhaps the CVV or security code.

This information will not be directly sent anywhere but encrypted using protocols like HTTPS. Encryption is a security feature that involves garbling the customer data so it cannot be appropriated by any hackers lurking “nearby” in the digital sphere.

A payment processor manages the payment gateway, which holds the decoding key to decrypt the card info. This payment processor will communicate with the merchant’s bank. The bank will communicate with the card network associated with the customer’s card (Visa, Mastercard, Discover, Amex).

The card network will then communicate with the customer’s bank, requesting the specific amount of funds involved in the transaction. These funds will be passed to the merchant’s bank through a settlement process facilitated by the card networks.

How Are Online Payments Different From a POS?

Some aspects of this process are the same. A point-of-sale system still needs a payment processor. Card networks and banks are still involved. However, there are some differences. One is that online payments need an online payment gateway.

This interface allows the customer to input their debit or credit card information to complete a payment. In a physical store, the customer presents a card to process payments. As it turns out, both online payments and POS payments involve encryption.

However, online payments are still more susceptible to fraud. The customer is not in front of the merchant. There is no way for them to tell if the person inputting the card data is actually the cardholder. By contrast, when businesses take payments in a brick-and-mortar store, they can gauge if the transaction seems suspicious.

How Secure Are Online Payment Systems?

However, there are ways to gauge the plausibility of online transactions. This is done with advanced AI and machine learning models. These models can assess factors such as location, purchase, purchase amount, and customer spending habits.

As you have seen, multiple parties are involved in a credit card transaction, and all these parties participate in fraud prevention. If the customer’s bank feels that a purchase is suspicious, they can block the purchase and contact the customer to verify it.

As mentioned, online payments encrypt data so that the card information is garbled into meaningless information that an outside party cannot use. These “outside parties” are additionally blocked by firewalls and other digital security protocols to prevent a data breach.

Data breaches do still occur. One of the more famous data breaches was the Target Data breach of 2013. This data breach involved hackers leveraging a “back door” to get inside Target’s systems. They sent a phishing email to an HVAC subcontractor that had done some work for Target.

From here, they were able to leverage that company’s login credentials to access Target’s systems, where they poked around for a surprising two weeks, collecting reams of customer data. Much of this data was probably sold on the “dark web” for further exploitation. Finally, Target became aware of the situation and responded to the threat.

Only YOU Can Create Online Payment Security 

This data breach tells you organizations must play a part in data security. Thankfully, you can outsource many of the security protocols and processes to the payment processor you use. Some of these include adhering to PCI DSS rules (payment card industry data security standards).

However, some aspects of keeping payments secure remain with you. Cybercriminals attack small organizations proportionally more because they know SMEs do not have the defense resources of a larger company.

SMEs also have fewer employees who might not be “wise” to the tactics of contemporary cybercriminals. They are often run by individuals who are doing many aspects of business management themselves. Compare this to a corporation with a team of customer service professionals who are trained in how to spot suspicious emails.

Business owners should get familiar with what makes an email suspicious. Strange sender addresses, poorly formatted content, bad grammar, and bizarre or elaborate requests are just the starting point for a “Trojan Horse.” With the advent of AI, it’s unfortunately likely that cybercrime will get even more advanced. Voice replication and “Frankenstein theft” are becoming more rampant.

Frankenstein Theft and Overseas Purchases

In Frankenstein theft, criminals use bits and pieces of information from places like Facebook to hunt for missing pieces of your identity. Eventually, they can replicate a fairly solid impression of your identity and use it to commit fraud.

Do not rely on the security protocols of your payment processor alone. Stay vigilant about emails from customers and learn to spot suspicious emails. Ask if your payment processor can provide tools for flagging purchases made from a location overseas using a card with a domestic billing address.

One thing criminals will do is attempt to obscure the location of their digital devices. A cybercriminal may take card information from a domestic cardholder (perhaps through a phishing email, by penetrating an unsecured payment gateway, or even by purchasing card data on the dark web).

They will then use that card data from their location. However, they know the transaction will look suspicious if it occurs overseas (meaning, the purchase was made on a phone in India or a laptop in Brazil, to use two examples of countries where online fraud commonly occurs). They may attempt to obscure the location with a “fake” or proxy IP address.

Payment processors can use a tech solution called “proxy piercing” to punch through their “disguise” and discover the criminal’s true location. It’s just one of the many ways digital security needs to be more proactive than reactive. As they say, the best defense is a good offense.

What Online Payment Systems Exist?

The largest names in the online payment ecosystem are probably ones you could’ve guessed: PayPal (56%), ApplePay (12%), and Stripe (9%). Samsung (5%), and GooglePay (3%). However, hundreds of other payment processors work with SMEs and corporations to create online payment gateways.

In fact, businesses are often better off working with a smaller payment processor for several reasons. One is customer service. Vendors like PayPal, Stripe, and particularly Venmo are very difficult to get assistance through, especially in acute situations.

Many of these companies have attempted to deal with the avalanche of customer complaints by creating automated, bot-run systems that funnel users to articles or email threads that take days or weeks to resolve. If you’re a merchant with customers trying to make purchases now, that won’t exactly help you.

Smaller fintech sellers have dedicated sales teams and account managers that become point people for your particular relationship with them. This person (an actual person) can be emailed or called directly to get the ball rolling on problem resolution, bringing in tech people as needed.

As a side note, this is the same type of relationship that larger corporations have with their payment processors. You can bet your bottom dollar that when the POS systems go on the fritz at Target or Costco, they are not chatting with a Venmo chatbot. They are on the phone with their account manager and the engineers, getting the problem resolved.

Shopify, Etsy, and Growing Pains

If that’s the case, who exactly uses these large, faceless enterprises like PayPal, Venmo, and Stripe? Actually, a significant portion of small business owners who are just starting out are. Many of these companies use a flat rate to take fairly substantial fees on every sale.

Imagine paying 2.5% plus 30 cents for every single transaction. If you’re just starting on Shopify, that’s not a huge deal. You’re happy just to be selling whatever you sell to customers. You’re making a few sales a day, and it’s exciting.

But eventually, if your business blossoms, your sales volume will increase. 2.5% plus thirty cents per transaction is less appealing if you are selling thousands of items every week. However, for simplicity’s sake and lack of energy to explore other solutions, most business owners leave it that way.

Sometimes, these payment solutions are integrated into a particular platform the merchant uses. They may sell on Etsy, eBay, or Shopify (which uses Stripe). They may have a GoDaddy site that integrates with WooCommerce.

Whatever the case may be, they need these platforms. Platforms (like Amazon) are where the traffic is at. However, a business that reaches a normal sales volume for its industry will eventually have to transition off these platforms and develop its own website.

Interchange Plus Pricing and ACH Payments

Part of that is finding a better payment processing fee schedule. Flat rates do not accurately represent the true cost of every transaction. Visa, Mastercard, Amex, and Discover all have different costs to run, as do debit and credit cards, as do rewards credit cards versus non-rewards credit cards. A better fee schedule that more accurately represents the true cost of transactions is called interchange plus.

You could save significant amounts of money on thousands of transactions if you were not paying flat fees. Another way an online payment processor could save your online store money is by facilitating ACH payments.

ACH Payments are essentially bank transfers from the customer’s bank to your bank. They have much lower fees than credit and debit card transactions. And while it’s cumbersome to request banking information from a customer in a store, it’s not unreasonable to suggest this payment method online.

In fact, integrators like Plaid make it very simple for the customer to input their banking details without having to hunt for a paper check or search around their banking app. ACH payments online are great for recurring charges like rent, bills, tuition, and subscriptions.

Subscription Services NEED Online Payment Gateways

That brings us to subscription services. If your business offers a subscription model, you need an online payment gateway. The payment processor will also have to store the card information, which is a necessary part of creating a functional customer experience. Customers should not be asked to re-enter their card data every month.

For starters, that would be burdensome. It would also lead to a higher churn rate if customers forget or decide they don’t want to. Automating the payments is a must. But this can only be done if the card data is saved.

An online payment processor can facilitate this for you by securely storing the card data. You won’t have to manage any of this data yourself. It will be securely stored and tokenized for future use. This means encrypting the card info into a garbled form (a token) that is only accessed and decrypted when needed to complete recurring payments.

Do Physical Stores Need Online Payment Systems?

They do, indeed, most of the time. Retailers can improve user experience with an online store that lets customers shop even after hours. Studies have shown a sort of “halo effect” that brands with a curbside presence and online store see sales boosts in both areas.

Sometimes, you can even direct customers to an online payment system while in your store. Restaurants and service providers like spas can direct customers to scan a QR code or click on a texted link that will take them to a payment page.

Payment can be completed here without handling any payment from the customer directly, speeding up the payment process. In restaurants, this means turning tables faster. In spas, it might mean keeping the line to the massage room moving.

If you have any questions about online payments and how to set them up, give us a call or fill out the form below. We’d love to hear from you and learn about your business.


Frequently Asked Questions About Online Payment Systems

What is an online payment system?

An online payment system facilitates electronic transactions online. Online payments contribute to a seamless shopping experience. They are crucial for businesses to enhance customer convenience and expand market reach.

What are the steps in the online payment process?  

After a customer selects items they’d like to purchase on a website, the customer proceeds to the checkout page to input credit or debit card details. The payment information is encrypted for security and transmitted to the payment processor that manages the online payment gateway. The processor communicates with the customer’s bank to authorize the transactions, the merchant’s bank, and the card networks to settle the transaction.

What are the differences between online payments and in-person transactions?

While both payment processes involve payment processors, card networks, and banks, online payments require a virtual terminal and online payment gateway for customers to input payment details. With in-person transactions, the customer presents a card physically. Because the customer isn’t physically present, online transactions are more susceptible to fraud, making fraud prevention crucial. To learn more about secure online payments contact ECS Payments.

What measures can businesses take for additional online payment security?

Advanced AI and machine learning models and virtual terminal encryption secures customer data, making it challenging for hackers to access sensitive information. However, businesses must stay vigilant. They must understand suspicious email indicators, train their staff, and actively secure customer data beyond relying solely on the payment processor’s security protocols.