When renovating a house, you might think about all the aspects, except the door, until you realize it’s needed. You can have a fully functioning business, but at the end of the day, it’s all about those transactions that make it count. If your doorway isn’t secure or efficient, perhaps with the lack of a bell, you might just lose visitors. This month, our Computan team really looked into issues commonly faced and not often highlighted or discussed regarding payments.
Costs and convenience
If all the information is overwhelming, that’s understandable. If you look closely, there are some trends. So, to put it simply, these are the factors that could influence your decision to go for one payment gateway or another:
Enterprise Size and Costs
- The most commonly used payment gateways would be the easiest ones to use too, as all you would need to do would be entering your credentials and have the payment gateway integrated automatically. You don’t need to know a lot of coding for that.
- However, what most people tend to forget is keeping in mind the availability or accessibility of a payment method for the customers. PayPal is a method that doesn’t work in a lot of South Asian countries, so if your business outreach or a reasonable percentage of your customers reside in the Middle East or South Asia, using a Payment method that fails would be a huge blunder. Similarly, Muslim countries discourage the use of credit cards, so for a product that has a majority of Muslim customers, there have to be alternative payment methods. Moneris and Islamic Relief are Canadian companies that have taken advantage of these shortfalls for payment methods/availability to customize payment solutions with ease, for nearly any kind of customer/client.
So, what are the kind of features that you need from a payment gateway?
If you know where your enterprise stands and what those needs are, all you need to do is keep in mind the following features and whether or not you really need them, or if you’d be paying a huge fees just to have a fancy payment methods you don’t need. Here are the features you need to look out for:
- Setup, monthly and transaction fees
- While most payment methods (including PayPal) have absolutely no setup fees, Authorize.Net has got a $40 setup fee, and is on par with PayPal with the monthly fees ($25). The final decision would be the result of weighing these costs against the features you’d really want to use
- Currencies Conversion and International Outreach
- One of the main reasons for clients going for more expensive payment gateways would be if currencies need to be converted. Failed conversions could lead to nightmare scenarios. And, as we mentioned earlier, depending on the residence of a majority or large fraction of your customers and the payment options available to them, you’ll have to choose the right gateway. While some gateways have an outreach to more than 195 countries, others could only be local or to a few dozen countries. Lastly, some payment gateways have a cap on the transaction limit. So, if you have all your homework done on exactly what size your business is and what the average transactions could be like, you can choose a relevant method.
- Mobile Payment Access and Payment Method- mobile payments are the present and future of eCommerce. Particularly for small merchants. Even messaging services like WhatsApp are getting in on the mobile payments game and who can forget Mark Zuckerberg’s presentation at F8 on this very topic? If you’re using a payment gateway without the mobile payment option, you’re living in the stone age! Secondly, although we did discuss the importance of the availability of payment methods for customers, it doesn’t mean we go ahead and have ten payment methods available, just in case they are unable to pay using one method Our experts at Computan, and most business owners and marketers would recommend at least two payment methods, one being a Credit Cardand the other, a hosted payment method, like Stripe or PayPal. Lastly, cash on delivery is also something that customers may wish to use, and it doesn’t require any integration! Although becoming fairly obsolete in this day and age.
- Hosted Services- statistics draw a clear conclusion that most customers might drop off mid-transaction if they’re rerouted to a third-party page that they may not trust much. Therefore, you need to make sure that your website has an option to pay within the website, without having to leave the page at all. It’s just one step, but wait and see what a hassle it is when you decide not to go to the shop next door just because of the extra step of taking off your bedroom slippers and putting on your socks and shoes.
Every field has its own issues and downfalls, and most people learn from their mistakes. Luckily, you could also do the smarter thing and learn from the mistakes of others. I asked our team of developers what issues customers regularly face when dealing with payment gateways or transactions, and here’s what they came up with:
- Choosing the wrong gateway that doesn’t fit your company’s needs
- Currency translation issues, because of misconceptions about the ability of a payment gateway to provide certain services or transactions from countries you believed your payment provider could cater to.
- Not ensuring that the payment gateway has visa/credit/master card support
- Error on the customer’s or customer representative’s side when filling in erroneous information, like CVC
- When the customer has insufficient funds, and there’s no technical glitch, even though it might seem like one
- Bank transaction incompatibility with the payment provider. It’s not your fault or the customer’s fault. This is an issue that is only realised when they face it. To make sure nothing goes wrong, you have to look into the local banks, or the banks the customers are using and if your payment provider is compatible with them.
- People not making sure that the majority of the customers’ banks support online transactions
- Not making sure that there is a direct integration of the payment provider/gateway into the website, instead of losing the customers because they get redirected to a third party page
- Don’t get greedy! Just because a payment provider has many features, it doesn’t mean you go for it blindly. Just cross-check and try to make sure that the important, core features I mentioned above are available and that whatever option you choose, it’s affordable for you company size
So, after listening to all these issues, I wanted to have a look at the brighter side, and to look into some preventive measures and advancements in the field of online payments. When I asked Haseeb Ilyas, one of Computan’s senior eCommece experts. Here’s what he had to say:
HI - Yes, this is something that is really overlooked, and the only time it gets concerning to clients is when they realize this is after the fact. . So, instead of learning it the hard way, I recommend that they should be familiar with the know-hows.
AK - So, keeping aside all those things that could go wrong, what could be something that people using these online payment gateways for their business should know?
HI - Ah yes, now we’re at the crux of the matter. I’ll try to be as brief as possible, but these are some really important things everyone in this business should be familiar with
- Classic gateways have API integrations that only support the XML response format, which requires parsing, making it difficult to read or handle, because the formats are long code syntaxes. The newer payment gateways have new standards integrated, including newer and better formats, speed and data optimization. Marketers don’t don’t need to concern themselves too much with all this jargon. All they should know is that they should be on par with recent advancements… which are….
- New API standards involve JSON format.This requires less code-writing and makes it easy to understand and deal with. Converting to JSON format gives you more flexibility. It uses small code syntaxes to obtain the API response data, as it's easier that way. JSON is a standard that's getting implemented by all gateways. The background systems and technologies are always updated for security and data performance. Due to open source technologies, they are constantly being customized and improved. If you want to stay on top and want a smooth transaction, you better be up-to-date with all these advancements.
AK - You mentioned earlier, how some transaction issues are because of some human error while entering credentials or a CVC code. What other factors might not be the customer’s or provider’s fault?
HI - The standards in this age and time are excellent, if you know they exist and actually take advantage of them. These standards don’t implement the usage of open source technology. If any bank that has legacy operating systems, you’ll see that even though Windows XP and Linux are more secure and powerful, they’ll still use Windows XP. Other banks are improving their operating systems. If the transaction is slow at an ATM, then it’s not your fault, and its your bank or payment gateway that hasn’t improved to the latest technologies. Really, really slow transaction speeds are due to outdated systems from the bank, and not because of you or a customer’s fault.
AK - Okay, so getting back to something that could be our fault- what could be the downfalls of not being up-to-date?
HI - Great question, Captain Obvious! But if you talk about outdated or inefficient APIs, let’s say that they’re the middle-man that carry out the transactions to and from. We call them the "gateway" endpoints and the success / failure response messages are received in certain response types supported by the systems integrating those APIs. The "API response" is something we, as developers make sure go through smoothly. A popular payment gateway such as PayPal is highly supported in any country and Bank of America (the bank behind PayPal gateway) supports almost all kinds of payment methods, without running into the hassle of other banks not being very cooperative with your chosen gateway. Affiliation with the Bank of America is also one of the reasons some gateways are more expensive, and for good reason!
Let’s talk about the elephant in the room. This is people’s precious money we’re talking about. It’s about your own earnings we’re talking about. We’ve got sensitive information like credit card numbers. It should send shivers through you to even think about any security breach and some jolly robber getting away with all that you seek to protect. So, I spoke to Muhammad Nasir, Computan’s head of development operations, and he had a lot to say about security:
Avoiding fraud or theft should be your first priority. There are several ways in which hackers could get to your information, but at the same time, you can always take some good, old precautionary measures:
Phishing: While dealing with any aspect of the payment process, including names, security card numbers, credit card information or any other sensitive information, please do NOT share/use it until you are pretty sure about the source. If the source is not trustworthy or rings any alarm bells in your head then always ignore those requests, and go with the standard rules or procedure prescribed by your organisation.
Identity theft: Try to upgrade your servers/sites regularly so you could have the latest and most updated protection against the identity thieves.
Pagejacking: Hackers can reroute traffic from your eCommerce site by hijacking part of it and directing visitors to a different website. This isn’t something that’s as well known as identify theft, as no movies were made over it. Anyway, the unwanted site may contain potentially malicious material that hackers use to infiltrate a network security system. Ecommerce business owners must be aware of any suspicious online activity in this capacity.
AK - So, what are the media through which a breach of security could really take place?
MN - Besides what I’ve mentioned above, any endpoint can be used. These could include:
- Texting malware to smartphones
- Instant messaging
- Rerouting traffic to fraudulent websites
- Phone calls
- Online auctions
AK - We do know that hackers are the most obvious threat, but customers could be fraudulent too. How could we mitigate payment fraud?
MN - Well, there’s no certain way to go about it, really. Here are some of the things we could do:
- Maintain awareness of the latest fraud trends and any red flags you should catch
- Partner with verified payment processors
- Encrypt transactions and emails containing confidential information
- Ensure that tokens and login credentials are regularly changed
- Establish a policy regarding access to confidential information
- Constantly run security checks with antivirus software
- Require customers to log in to an individual account prior to making a purchase
- Improving data security and trust level
AK - So going past fraud from both sides, at the end of the day, the customer and service/product providers have to build a trust level to some extent. Surely, not enough to spill our darkest secrets, but enough to share our bank account details with! How do you suggest we ensure that?
- First things first: Always use Https. Period. By now, pretty much everyone knows why, but let’s get it cleared out again- there’s no such preventive measure like data encryption while transferring information. Interception and manipulation by anyone determined enough to do it is fairly easy. Your sensitive information, inclusive of passwords and credit card details remain safe during transactions if you use HTTPS.
- Try not to save the secure data on a server for a long time. You know the winner of hide and seek is always the one who secretly shifts their location.
- Always setup proper and limited access to sensitive directories on your server
- Keep your site/plugins/server updated to the latest software versions and coding languages and versions
- Include a firewall protection to your server and site if that’s available, as this will be the first line of defense.
- If you are using a payment method which has their own strong payment process protection level, then the work/risk reduces for you. However, if they don’t have strong preventive measures, then you might want to ensure protection on your website.
- If you’re using the Cash On Delivery Option, or allow return of products, then you have to be very particular about your refund policies, or you could practically go into loss
- I repeat- regulating refunds due to fraudulent activity is a bigger threat than you’d imagine, which might cost you more than you expect. The website owners put up things that are out of stock, and it might be different from what they want. There SHOULD be a refund policy page and the conditions for refund. The best way is to create two pages- one for privacy policies and legal issues for shipping details, etc. So they could return it only if there are legitimate issues.
AK - Are plug-ins recommended, or are they also a huge risk factor for your website?
MN - Most open source platforms have hundreds and thousands of free/premium addons/plugins/extensions and hence, the level of risks also increases as we are not 100% sure how a plugin has been written on a code-level, and what their coding standards are. Also, are they compatible with latest upgrade or to the latest to coding language? If your plug-in isn’t made by a trusted source, you might fall into more trouble then ease.
Hopefully, all the concerns regarding payment options have been covered from our deep-dive into them with our developers. A second, well-informed opinion about the perfect payment gateway, combination of features or preventive measures to avoid virtual robberies doesn’t hurt to say the least!