To accept, process, store or transmit credit and/or debit card payments a company must comply with the requirements of the Payment card industry data security standards (PCI DSS).
This is a complex standard with in excess of 300 security controls that covers many different forms of payment including phone and online.
To reduce security complexity many companies use a third-party payment service provider (PSP)
In addition, all companies collecting payments must validate PCI compliance annually.
For small companies using a PSP, this might be by an annual self-assessment related to the integration method used.
When choosing your PSP the following are some considerations
- Fees. monthly or per payment transaction, chargebacks (disputed payments)
- supported cards
- PCI compliance level
- support for multiple currencies
- customer friendly
- GDPR and data transfers outside EU
- settlement days before payment in bank
- uptime and reliability
- fraud detection
- prohibited products and services
- integration with eCommerce software and online stores. e.g. plugin availability, shopping cart support
- subscription/recurring payments
- payment links and customization
The following lists a few of the third party payment service providers that have products for online payments. Remember to check out the online reviews from service users before signup