Your browser is no longer supported. For the best experience of this website, please upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Protection money

Improving online payment security can help reduce last-minute cancellations of transactions

No one will ever know what is going on in the minds of customers who decide to ‘drop-off’ or cancel their online purchases just before completing a transaction. But etailers can try to reduce the phenomenon by making payments as efficient and secure as possible.

One of the key issues to consider is whether to offer PayPal or other internet payment providers, cash vouchers, cheques, or major credit and debit cards, which would widen consumer choice but might increase costs for retailers.

By using PayPal, customers give their card details when they sign up and do not have to do so again when they make a purchase. Garreth Griffith, head of risk management at PayPal UK, says increasing speed at the online checkout not only reassures customers, but results in a 14% fall in drop-offs for small and medium enterprises (SMEs) and 1% to 5% for larger etailers. “Security is more of an issue when people don’t know who they’re buying from, but even with known brands people can still be nervous,” he explains.

Cash vouchers are another alternative and the Prepaid Services Company, a provider of prepaid payment solutions, launched its Cash-Ticket product in May. Consumers can buy pre-paid cash vouchers and use them by entering a pin number when making purchases online.

Binu Vaman, Prepaid Services Company’s UK marketing manager, says: “A lot of people do not have a credit card or are scared of using it online, and in the current economic climate they want to keep a tight control of finances.”

For SMEs, the decision of what payment methods to accept comes down to their customer base and the costs of taking on extra methods. John Nicholson, a director of T-shirt etailer Kettlewell Colours, does not believe American Express (Amex) is worthwhile, but is considering PayPal. “Everyone who has Amex usually has an alternative Visa or Mastercard,” he says. But Sonja Todd, general manager of accessories retailer Tatty Devine, takes Amex. “We take a lot of orders in the US and a higher proportion of people use it out there,” she explains.

Adding payment types is simpler for etailers who use third-party processing services, says Simon Black, managing director of one such firm, Sage Pay. “It is very easy for us to integrate other aspects of ecommerce and we are able to offer 24-hour support,” he says.

Perhaps the biggest advantage of outsourcing payment processing is security. By October, all etailers will have to become compliant with the payment card industry’s Payment Card Industry Data Security Standards (PCI DSS) regulations, covering access to the payment network and protection of cardholder data.

Those using third-party processing firms have no need to be compliant if the customer is diverted seamlessly to the processor’s system at the point of transaction and then back to the retailer’s website. In this case, the retailer would never receive customers’ card details and any onus to be compliant would rest with the processor. However, if retailers want to be certain their customers’ details are safe, they could check that the processor has received a favourable report from an approved Quality Security Assessor, which they must do each year under the regulations (see box).

But for any retailer that holds customer payment details, the consequences of non-compliance can be severe, including unlimited fines. A recent survey of online retailers by Sage Pay showed that 60% of retailers did not know whether they were compliant.

Alan Calder, chief executive of training and consultancy firm IT Governance, says it is in the etailer’s interests to have the best security. “Although the fines from the payment card industry can be painful, what can be more painful is the damage to your reputation,” he says.

Top tips

  • Weigh up the costs of adding different payment types against likely extra business
  • Consider using a third-party processor to take the onus off you Visit the website of the
  • PCI Security Standards Council which sets the regulations and offers advice (www.pcisecurity
  • standards.org)
  • Investigate private sector resources such as IT Governance (www.itgovernance.co.uk)
  • Cut the risk of fraud by using ‘3D’ security which requires customers to enter a password

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.