The essential elements of an ecommerce store are the shopping cart, payment gateway, security certificate and merchant account. All payment processors that we work with now require a certified PCI Compliant shopping cart.

The store or shopping cart components include order and content adminstration, inventory managment, product management, customer management and search engine optimization among other elements.

The payment gateway is just that- a gateway that allows the secure transmission of credit card and debit card payments from the shopping cart to a merchant processor. The gateway is a standard security mechanism for the internet.

The security certificate is issued to a business. Digital security certificates provide two essential security functions: authentication and encryption.
The business is verified to be legimate. It also enables the SSL protocol,or secure socket layer for encrytion, which includes displaying HTTPS and the little lock symbol that appears in browsers.

The last element is the payment processor. Merchants accept credit and debit cards by opening a merchant account with a payment processor. Just like you can’t go to the federal reserve to do your personal banking, you can’t go to Visa and Mastercard to do your credit card processing. Payment processing is offered through banks, payment processing companies and independent service organizations (ISO). Sometimes the same company offers their services through all channels. For example, First Data offers payment processing  directly and also through banks they have partnerships with, and through registered ISO’s. Because of the complexities of the industry, the best prices and value are not necessarily achieved by going direct. In fact, indirect service thrives because of value added and volume partnership pricing.

In the past, processors required a secure gateway, however this has now been extended to the actual shopping cart software as well in some cases. One reason is that some carts allowed for storing card data unencrypted somewhere on a server. For some shopping carts, getting certified is a formality. For others, there are security issues somewhere within the process- whether front end or back end, and work is needed before the cart can be certified.

The quick solution for those carts that are not compliant has been to disallow credit card processing except for paypal and google payments.

Virtually every cart accepts authorize.net as a gateway and it’s one of the most popular. I recommend it, when appropriate. The Orbital Gateway may be a cheaper solution for those processing on the Paymentech platform, however not as many carts have Orbital integration.
Orbital Gateway Integration & Certification Program - Orbital is a Chase Paymentech gateway and only works with those processing on the Chase Paymentech platform. Merchants must complete either the shopping cart certification, or use a hosted payments solution such as CenPOS or CRE Secure.

Ecommerce stores may be forced to shut down if there is a data breach related to credit card processing, but it all depends on the circumstances. Why did the data breach occur? Where did the breach occur? What steps have been taken to prevent a reoccurance? Did the company meet PCI Security Compliance standards at the time of the breach? Who do you think will force you to shut down your site?

If your company was in PCI compliance, and preventative measures have been taken, it’s doubtful you’d be forced to shut your site down. You’d be protected by Safe Harbor from financial liability.

Who can force you to shut down your site? The card associations or your payment processor are the most likely. The actual site doesn’t need to be closed, but you may not be able to accept credit cards online. You may still be able to accept Paypal, Google, or other payment types, again, depending on the nature of the breach. For example, Paypal etc would take the transaction off your site for secure payment.

A review of a new Volusion ad for merchant accounts reveals the truth and hidden information about merchant services. I thought my web store CEOgolfshop.com was highjacked when I went to my admin page and all I saw was an ad for merchant services from Volusion. I hit reload. I checked the URL I was at, and yep, it was my web store. But it was my admin page, not my public home page and they interrupted my ‘home’ page with their ad for a Volusion merchant account.

It’s actually a pretty compelling ad. I’ve used Volusion for several years and if I wasn’t in the merchant services business, I’d definitely call or click through. Since I am in the business, I clicked through and here’s what comes next.

Here’s why I don’t like this advertisement and you shouldn’t be enticed this or any similar ad. We all know there isn’t one low rate for everything, right? They capture a bunch of information about your company, and you have no details at all about the deal. Not only that, but it isn’t any where else on their web site. If you read my web site, you’ll find lots of information about interchange rates, the real truth about the merchant account application and underwriting process and lots of other insights so you can make an informed decision before providing company details.

Beyond my personal annoyance, let’s look under the hood at the offer. What? There is no information?
Fortunately, I’ve already been through the details of their merchant account offer before, so I’m familiar with more than what’s posted here. However, if you look harder, there is more information on the web site, they just don’t provide any links to it from the ad or sign up form. As of this writing, they are using Global Payments Direct, Inc. as their merchant services partner provider. Global Payments Direct is a publicly traded independent services provider GPN :NYSE). Current assets are down, intangible assets are up significantly compared to other years and debt is up 50%. But I digress as all of that is irrelevant.

The retail rates quoted have nothing to do with your Volusion merchant store. Retail rates only apply to card present transactions, and the customer must sign a receipt.

Will you save with a volusion merchant account? There’s no way to tell based on the information provided. You will not be getting 2.17% ecommerce as a flat rate. They do explain on their site there is a $.27 per transaction fee, gateway fee, statement fee, etc all pretty standard stuff. But what you don’t know is, what transactions will qualify for the 2.17% ecommerce rate?

Is that for debit cards? With debit interchange for ecommerce at 1.55% plus $.15 per transaction, that’s 63 basis points profit. Now I don’t know if that’s what they are referring to, but if you have a sizable business, please call me and you’ll save real money! I can’t imagine this being a good deal for anyone but small businesses with under $50,000 per year. What is their rate for rewards cards, which represent usually over 40% of cards presented? If you authorize, but don’t capture on the same day, it’s highly unlikely you’ll ever pay that rate, but will probably pay 20-70 basis points more or .20% to .70% more.

See also my article review of Volusion merchant accounts 101.

In conclusion, you can’t tell from their ad, but in all likelihood their solution is as good as any if you have a very small business with under $5000/mth since it will be easy to implement. However, be sure to read the fine print. Is your business expected to grow? What are the penalties for switching to another provider if you are unhappy with rates later ?