The essential elements of an ecommerce store are the shopping cart, payment gateway, security certificate and merchant account. All processors (merchant account) that we work with now require a certified PCI Compliant shopping cart.

The store or shopping cart components include order and content adminstration, inventory managment, product management, customer management and search engine optimization among other elements.

The payment gateway is just that- a gateway that allows the secure transmission of credit card and debit card payments from the shopping cart to a merchant processor. The gateway is a standard security mechanism for the internet.

The security certificate is issued to a business. Digital security certificates provide two essential security functions: authentication and encryption.
The business is verified to be legimate. It also enables the SSL protocol,or secure socket layer for encrytion, which includes displaying HTTPS and the little lock symbol that appears in browsers.

The last element is the payment processor. Merchants accept credit and debit cards by opening a merchant account with a payment processor. Just like you can’t go to the federal reserve to do your personal banking, you can’t go to Visa and Mastercard to do your credit card processing. Payment processing is offered through banks, payment processing companies and independent service organizations (ISO. Sometimes the same company offers their services through all channels. For example, First Data offers direct payment processing direct, through banks they have partnerships with, and through registered ISO’s. Because of the complexities of the industry, the best prices and value are not necessarily achieved by going direct. In fact, indirect service thrives because of value added and volume partnership pricing.

In the past, processors required a secure gateway, however this has now been extended to the actual shopping cart software as well. One reason is that some carts allowed for storing card data unencrypted somewhere on a server. For some shopping carts, getting certified is a formality. For others, there are security issues somewhere within the process- whether front end or back end, and work is needed before the cart can be certified.

The quick solution for those carts that are not compliant has been to disallow credit card processing except for paypal and google payments.

Virtually every cart accepts authorize.net as a gateway and it’s one of the most popular. I recommend it, when appropriate. The Orbital Gateway may be a cheaper solution for those processing on the Paymentech platform, however not as many carts have Orbital integration.
Orbital Gateway Integration & Certification Program - Orbital is a Chase Paymentech gateway and only works with those processing on the Chase Paymentech platform.

We are hearing that merchant processors are offering to waive credit card fees on donations for the disaster. Is that something that your company is doing? The processors are not waiving fees to my knowledge, however the card associations are. So far Visa, MasterCard, Discover and American Express have all announced plans as of January 15. The good news is that over 95% of credit card processing costs are typically in interchange fees, the same fees that are being waived.

If your non-profit is not on the list, you can ask your processor to help you get on the list, but it’s pretty unlikely. Your charity will need a long track record of donor dollar efficiency to hope to qualify. Contact your merchant account provider to make this request.

The charities covered varies by the card brand.

Visa Waives Interchange Rates for Select Charities

San Francisco, January 14, 2010
Visa Inc. (NYSE:V) today announced a comprehensive commitment to help the people of Haiti following the recent devastating earthquake, which includes a $200,000 donation to the American Red Cross Haiti Relief and Development Fund. Visa will also match employee donations to Haitian relief efforts on a two-to-one basis through the end of January.

As part of Visa’s response, through the end of February, Visa will also donate revenues generated by charitable contributions to the crisis in Haiti directly to the American Red Cross.

In addition, Visa will waive interchange fees through the end of February on donations made to a select group of major, U.S.-based charities that are providing support to Haitian relief efforts. Eligible charities are:

* American Red Cross
* AmeriCares
* CARE USA
* Direct Relief International
* Habitat for Humanity
* International Rescue Committee
* Mercy Corps
* Oxfam America
* Save the Children
* US Fund for UNICEF
* World Vision

As part of this initiative, Visa is reaching out to the U.S. and Haitian governments to explore how its payment technology can be helpful in effectively distributing relief funds, as Visa has done in the past.

##
Here are the plans for other cards:
Discover waives merchant fees and matches donor dollars
MasterCard Waives merchant fees
American Express rebates merchant fees retroactive

It’s that time of year of heavy deposits for summer camps. Camps have learned they’ll get more early bookings by allowing parents to register online than if by mail alone. Here are some tips for camp companies:

1. PCI Compliance- if you take an order via the phone, do not store the CVV code. Once you have verified the card, you no longer have a need for it anyway. All card data must be stored under lock with restricted access.

2.  There are 3 types of merchant accounts: retail, ecommerce, and MOTO (mail order/ telephone order- card not present. Make sure you have the correct type(s) since this will affect your pricing plus your compliance with Card Association Operating Rules. For example, if you have a retail account, and you run ecommerce orders, you’ll not only pay hefty additional fees, you’ll also lose any chargebacks because you won’t have a signed receipt as required for retail transactions.

3. Debit usage is nearly on par with credit cards now. If you offer recurring billing, be sure to inform the customer of your procedures. Do you send a reminder email that you will be charging their account? This will help prevent potentially overdrawn accounts.

4. On your payment page, make sure you have a checkbox for the customer to “agree” to accept your refund policy. You can use a pop up for details or have the text right there. The box should be required to be checked. This step is needed to defend against future chargebacks.