Accepting online payments

To accept, process, store or transmit credit and/or debit card payments a company must comply with the requirements of the Payment card industry data security standards (PCI DSS).

This is a complex standard with in excess of 300 security controls that covers many different forms of payment including phone and online.

To reduce security complexity many companies use a third-party payment service provider (PSP)

In addition, all companies collecting payments must validate PCI compliance annually.

For small companies using a PSP, this might be by an annual self-assessment related to the integration method used.

When choosing your PSP the following are some considerations

  • Fees. monthly or per payment transaction, chargebacks (disputed payments)
  • supported cards
  • PCI compliance level
  • support for multiple currencies
  • customer friendly
  • branding
  • GDPR and data transfers outside EU
  • settlement days before payment in bank
  • uptime and reliability
  • fraud detection
  • prohibited products and services
  • integration with eCommerce software and online stores. e.g. plugin availability, shopping cart support
  • subscription/recurring payments
  • payment links and customization

The following lists a few of the third party payment service providers that have products for online payments. Remember to check out the online reviews from service users before signup