Accept payments online: a guide for merchants

The events of 2020 made some retailers and companies reconsider the way their products and services are distributed. Some of them temporarily closed their physical subsidiaries, and other businesses had to leave the market altogether. 

Hence, starting to sell your products or services online, or move at least a part of your merchandise there seems like a good idea. Same goes for the entertainment businesses, like casinos, which can definitely benefit from the online revenue, while their physical branches remain under the lockdown.

But how do you accept online credit card payments or alternative payment methods? Well, there are a few steps you need to make for that, and the first one is creating your website.

How to accept payments on a website

You need to have a website for e-commerce. Surely, you can also use different marketplaces to sell goods, but to do that you will need to pay fees, adhere to the marketplace’s rules and depend on its success. 

There are different ways you can organize and design your website – the sky is the limit. Still, there some things you are required to have on the site to accept payments. These are:

  1. A set of legal and policy postings. First and foremost, your company’s full name and
    its address should be listed on the website. Make sure that your domain is registered in your company name – for transparency reasons. 
     
    As for the legal documents, you are required to have privacy, shipping, and refund policies posted on the website, as well as terms and conditions, including a governing law clause. We advise you to design a separate header for all these.  
     
  2. The website content. The description of your products and/or services should always be truthful, descriptive and up to date to minimize the risk of chargebacks, which could potentially put your company in jeopardy, especially if you are a high-risk business. If you need to know how to deal with that, check out the article “How do I manage chargebacks for a high-risk merchant account?”.
     
    Your contact information and customer support details should be properly displayed. Overall, you’d better hire a team to proofread the website before launching it, so they can tell if your online shop is comprehensive and easy to navigate.  
     
  3. Card scheme companies’ logos. Depending on the financial institution you will end up choosing, you will be able to accept payments by credit cards like Visa and Mastercard. Thus, you are also required to display the valid logos of companies, the cards, and other payment methods of which you can accept. 
     
    The logos usually can be found on the companies’ official sites with all the necessary branding guidelines. Besides, customers will feel more confident shopping on your website, if they know about all the available payment methods beforehand. 
     
     
  4. Security. To protect your clients’ data while they are buying goods from your web store, you should get an SSL certificate. The certificate allows encrypting the information exchange between a website and its visitors, to ensure it doesn’t get to the fraudsters.  
     
    Merchants should comply with a Payment Card Industry Data Security Standard (PCI DSS), established by Visa, MasterCard, Discover, and American Express. It is basically a set of regulations aimed at ensuring that the companies and institutions, that are dealing with any type of procession, storing, and transfer of the credit card information, are doing so securely. 
     
    PCI DSS includes 12 general data security requirements for merchants, which are:
     
    1. Install and maintain a firewall configuration to protect cardholder data;
    2. Do not use vendor-supplied defaults for system passwords and other security parameters;
    3. Protect stored cardholder data;
    4. Encrypt transmission of cardholder data across open, public networks;
    5. Protect all systems against malware and regularly update anti-virus software or programs;
    6. Develop and maintain secure systems and applications;
    7. Restrict access to cardholder data by business need to know;
    8. Identify and authenticate access to system components;
    9. Restrict physical access to cardholder data;
    10. Track and monitor all access to network resources and cardholder data;
    11. Regularly test security systems and processes;
    12. Maintain a policy that addresses information security for all personnel;
     
    For more information on the requirements and how to follow them please visit the PCI Security Standards Council webpage. Your bank or payment service provider (PSP) must also be PCI DSS compliant. 

Also, if your company is based within the European Union, or intent to sell products there, your online store, as well as the financial institution you will use, should also comply with a General Data Protection Regulation (GDPR) – another legislation intended to protect customers’ data by 
providing a set of rules on how to store, collect, and process it. 
 
You can find the full document here to make sure you can follow the requirements. Remember, going the extra mile with these regulations not only will save you the legal trouble but show your customers that you care about their personal information being safe. 
 
These are the basic things you need to pay attention to while establishing a website. Of course, there might be more requirements depending on different industries. For instance, we have a separate article on how to open an online casino, feel free to check it out, if interested. 
 
To make the site development even easier for you, visit banks’ or Fintech companies’ sites you’d like to open a merchant account at, and find out if there are any specific requirements they have for their potential merchants.

Choose a bank or PSP to accept credit card payments online

 To start taking online credit card payments and accepting other payment methods, you need to open a merchant account within a bank, or with the help of a Third-Party Provider (TPP).  
 
We suggest you pay attention to these criteria while searching for a merchant account:

A bank’s reputation and expertise. Make sure that the financial institution is reputable and has working experience with other companies within your industry.
 
Pricing. Compare the prices for services among a couple of banks and choose the one that suits you the most. But please note that low service prices are not always a good thing, as it might mean that the bank is lacking in security instruments or other features. So always collate the price with a quality of services.
 
Compliance. As we’ve mentioned earlier, a financial institution should follow a list of regulations, like PCI DSS, GDPR (for the EU), and PSD2 – the Revised Payment Services Directive, also introduced by the EU to improve upon the security of online merchants and customers.
 
The variety of payment methods. Not all your potential clients would want to use credit cards to pay for the goods, so make sure the bank supports other payment methods as well.
 
Security. A merchant should be able to use the 3D-secure protocol, which is a technical solution that requires customers to use two-step verification to buy something online. Ultimately, 3DS allows averting fraudulent transactions with stolen cards. To find out more about the benefits of 3DS, check out Maxpay’s article: “What is 3D Secure and why merchants need it”. 
 
The PSP should also have a secure and proven anti-fraud system to protect merchants from fraud and chargebacks. And it’s crucial nowadays, as the number of chargebacks and fraudulent cases grew due to these uncertain times. High-risk companies especially have a hard time, as they are already having a greater chargeback probability. And that’s why we at Maxpay approach our high-risk merchants’ safety very seriously. 
 
We use Covery anti-fraud platform, which is in the list of the top fraud solution providers, to significantly minimize the number of fraudulent transactions. A high-risk business that uses Maxpay can get chargeback representation services – a chargeback will be processed by us so that we can give dispute recommendations.
 
Recently, Maxpay’s merchants got another layer of protection from chargebacks thanks to Verifi’s dispute management solutions. Through Covery, Maxpay is integrating Verifi’s Order Insight solution, which has a record of effectiveness with a dispute deflection rate of up to 42%. You can find out more about the solution here

Maxpay has over 30 bank partners with easy-to-integrate API and offers multiple acquiring solutions and a master account to manage and aggregate all of the merchant’s MIDs.
 
Are you a high-risk company that’s thinking of trying out our services? Feel free to contact our support team, if you have any questions, or need help with the onboarding.