Facilitating online payments

Accepting online payments

One of the biggest challenges in eCommerce is the ability of traders to provide a payment mechanism that consumers perceive as secure, convenient, reliable and easy to use. You need to undertake a holistic approach to security and employ a secure system that makes consumers feel at ease when using credit/debit cards online. This will enhance your credibility, especially if your website is certified and authenticated by agencies dealing with online security. The payment options accepted by the website should be properly explained in simple terms, making it easy for consumers to select the method that best suits their needs. In addition, these should be periodically reviewed in order to guarantee their reliability, accessibility, and security.


To allow customers to effect payment electronically, you need to:

  • open an Internet merchant account with an acquiring bank or other institutions (a bank or institution that accepts or acquires credit card payments from the card-issuing banks or institutions within a scheme, such as Visa, MasterCard, etc) and implement a payment gateway (ensuring that it employs a high level of security[1] such as encryption of card details) to allow for payments by credit/debit cards;


  • register with a reliable third party processing service ( Example: Paypal, etc.) for handling payments.

Payment gateway

This system allows the acceptance of credit/debit card payments on eCommerce websites. Besides simplifying the payment process, this also replaces more cumbersome methods, such as cash on delivery and invoicing. Accepting credit/debit cards also helps attract potential customers from all over the world, as these allow you to conduct dealings even when you cannot see the cardholder or the card. Although the acceptance of payment by credit/debit card can be of concern, cards offer protection from fraud through the Card Security Code (CSC)[2], the three-digit security code, which is mostly found in italics on the reverse of the card. This should imply that the person making the transaction is using a legitimate card. The CSC introduced by the banking industry, helps fight Card-Not-Present (CNP)[3] fraud and provides an extra safeguard against fraudulent activity, whilst saving you the cost of chargebacks. This notwithstanding, it is recommended that you become familiar with the risks associated with CNP transactions and the necessary rules for their acceptance.

Remember: CSC numbers should never be stored by the trader[4].

Qualifying for an eCommerce merchant account

An eCommerce merchant account is a special account that allows you to accept credit/debit card payments and deposit them, at a charge, to a bank account. However, you need to satisfy a set of criteria before you are granted such an account by the banks or other institutions. Generally speaking, if you already accept credit/debit cards in your brick-and-mortar store and have a sound history with the bank or other institutions, the process should be relatively quicker.

When applying for an eCommerce merchant account, you would generally need to supply the following information:

  • Outline of the business plan, including details of cash flow and marketing activities;
  • Website address;
  • Details of the product or service;
  • Suppliers’ details;
  • A description of how the product or service will be delivered;
  • The terms and conditions related to online sales;
  • The expected average online transaction values, the estimated turnover from online sales and the number of credit and debit card transactions;
  • Details of the secure server to be used (the Payment Gateway must be PCI DSS[5] compliant);
  • Audited business accounts available;
  • Bank details and authority to carry out a check with credit reference agencies;
  • A history of your commercial activities;
  • Details of the directors or partners in the business, including full contact details.

 It must be noted that the above requirements may vary between banks and other institutions. Besides, the latter could apply different charges. Normally, the ongoing costs would include either a percentage of the transaction value or a flat fee per transaction. Other charges could include set-up fees (one-time payments) and monthly administration fees for refunds and chargebacks. These will vary from one bank or other institutions to another and therefore, it is recommended to shop around to determine which bank or other institutions best suits your needs. These costs normally equate to a very small percentage of the sale and should not hold you back from implementing electronic payments on your website.


A chargeback is the process that returns funds to a customer’s card account when s/he has successfully disputed a payment. This usually occurs after the legitimate cardholder reports a fraudulent transaction made using his/her card, to the bank or other institutions (although sometimes the trader may have already detected the fraudulent transaction). However, as cardholders do not usually check their transactions until they receive their monthly statement, the chargeback process may kick in quite some time after the original purchase was made.

A chargeback can occur when:

  • a consumer’s card is stolen and used fraudulently;
  • an item did not meet expectations;
  • an item was not delivered;
  • an item was damaged.

To help prevent or reduce chargebacks, you need to:

  • Provide contact information on your website, making it easy for consumers to contact the company in case of any problems;
  • Provide quick and professional feedback to chargeback claims;
  • Not impose any extra charges on payments done by cards;
  • Include taxes and shipping fees in the total cost and not collect them separately;
  • Immediately inform consumers of ‘out of stock’ items and advise expected delivery date. However, if an item remains unavailable, consumers should have the option to either purchase a similar item or cancel the order completely;
  • Provide consumers with accurate descriptions and images of products;
  • Provide a clear return and refund policy and make it easily accessible on the website.

Third party payment service

Third Party Payment Service (TPPS) is an electronic payment method that permits traders to receive money through the Internet. A consumer can create an account with a payment service provider and select a preferred method for effecting payments, by either placing money into the account, or alternatively link that account to a card, or a bank account. Whichever method is selected, the consumer’s card or bank account number is never exposed. Paypal is an example of this type of payment service. TPPS offers you the opportunity to accept different types of payments such as single-item or multiple-item payments, donations, recurring payments, as well as the possibility of integrating the shopping cart with your preferred payment service.

When deciding whether to opt for a third party payment service (TPPS), you should always check about the charges and other conditions that may be associated with the service.

Charges may include:

  • An application charge, which would apply, regardless of whether an application is successful or not.
  • Fees associated with establishing the account, such as set-up fees.
  • A monthly charge for issuing statements on all transactions;
  • A percentage deducted for each product sold which is known as the discount rate;
  • A higher rate for transactions that do not qualify for the discount rate;
  • A flat rate on each transaction, in addition to the discount rate;
  • A monthly minimum charge, regardless of the level of sales each month;
  • Some providers may require the trader to maintain a certain level of liquidity in his account to cover chargeback fees;
  • A chargeback fee.


Payment on delivery/pick-up

You can decide not to allow payments on your website and instead collect money on delivery or during pick-up. However, this limits your consumer-reach to the local market.

[1] All banks and institutions involved in internet payments require compliance with the Guidelines on the security of internet payments issued by the European Banking Authority.  If the institution is local, it must adhere to the Financial institutions Regulation 1 (FIR04 – Security of Internet Payments of Credit, Payment and Electronic Money Institutions) issued by the MFSA.
[2] Where neither the card nor its owner is present at the point-of-sale.
[3] Also referred to as card verification value [CVV] or card verification code [CVC].
[4] PCI Security Standards Council
[5] Payment Card Industry Data Security Standard is a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis. PCI DSS aims to ensure that valuable cardholder account data is stored, transmitted and processed securely. Traders that capture or store card payment information are responsible for the protection and storage of this data. Failure to do so will result in financial and reputational consequences. – https://www.pcisecuritystandards.org