If you are considering starting an online store there is something you need to know about people giving you money; It is going to cost you money.
Well, it is not as bad as it sounds, but it is still true. In this age of credit card fraud and identity theft, it is totally essential to lock down all transactions to ensure it is both safe for you as the vendor, and for your clients. Broadly speaking there are three ways to achieve it:
This is the nightmare option. With this option you take total responsibility for all transactions you accept. The Payment Card Industry Data Security Standard (PCI-DSS) is imposed by an international data security council. This standard sets out stringent and complex security guidelines for handling payment information, from the security measures on the server your website is hosted on, to how backups are handled, where and how client information is stored, and the fact all security measures must be always kept up to date.
If you are found to be non-compliant, the transaction service involved (eg. Mastercard, Visa, Amex etc) will fine your bank up to $100,000/month for every month you were not compliant. The sad truth of it is, the banks don't like paying these fines (I bet that surprised you) therefore they then pass the fines on to the merchant (that's you).
I think that's a good enough reason for most to avoid this option.
PayPal acts as a middle man. Your website redirects customers to the PayPal website where customers pay with their PayPal account and the funds are given to PayPal, which then go into your PayPal account from which they can be transferred to your bank account. Paypal simply takes a percentage of the sale (2.4% for sales under $5000) and a thirty cent transaction fee before it is paid to the merchant.
Our final contender is an integrated payment gateway. Although there are several we use and recommend eway is our gateway of choice. They can provide either a gateway only service (i.e. you still need to set up merchant services with your bank) or they can do a merchant services+gateway package if that works out to be better for you. Eway have several plans which makes it difficult to say here what it will cost you, but usually they work out cheaper overall when compared to the likes of Paypal, especially as you start selling higher volumes.
The other great thing about payment gateway is that they do not require the customer to leave your site. Not only that, you still remain PCI-DSS compliant because by smart coding, they arrange it so your site passes all the information over to eway to complete the transaction, meaning the burden of compliance is on them, not you.
Hopefully you now have all the details you need to make your e-commerce, development experience as painless as possible. If you have any questions, don't hesitate to get in touch in the comments below, on twitter (@farbox1) or even by good old email.