The essential elements of an ecommerce store are the shopping cart, payment gateway, security certificate and merchant account. All payment processors that we work with now require a certified PCI Compliant shopping cart.
The store or shopping cart components include order and content adminstration, inventory managment, product management, customer management and search engine optimization among other elements.
The payment gateway is just that- a gateway that allows the secure transmission of credit card and debit card payments from the shopping cart to a merchant processor. The gateway is a standard security mechanism for the internet.
The security certificate is issued to a business. Digital security certificates provide two essential security functions: authentication and encryption.
The business is verified to be legimate. It also enables the SSL protocol,or secure socket layer for encrytion, which includes displaying HTTPS and the little lock symbol that appears in browsers.
The last element is the payment processor. Merchants accept credit and debit cards by opening a merchant account with a payment processor. Just like you can’t go to the federal reserve to do your personal banking, you can’t go to Visa and Mastercard to do your credit card processing. Payment processing is offered through banks, payment processing companies and independent service organizations (ISO). Sometimes the same company offers their services through all channels. For example, First Data offers payment processing directly and also through banks they have partnerships with, and through registered ISO’s. Because of the complexities of the industry, the best prices and value are not necessarily achieved by going direct. In fact, indirect service thrives because of value added and volume partnership pricing.
In the past, processors required a secure gateway, however this has now been extended to the actual shopping cart software as well in some cases. One reason is that some carts allowed for storing card data unencrypted somewhere on a server. For some shopping carts, getting certified is a formality. For others, there are security issues somewhere within the process- whether front end or back end, and work is needed before the cart can be certified.
The quick solution for those carts that are not compliant has been to disallow credit card processing except for paypal and google payments.
Virtually every cart accepts authorize.net as a gateway and it’s one of the most popular. I recommend it, when appropriate. The Orbital Gateway may be a cheaper solution for those processing on the Paymentech platform, however not as many carts have Orbital integration.
Orbital Gateway Integration & Certification Program- Orbital is a Chase Paymentech gateway and only works with those processing on the Chase Paymentech platform. Merchants must complete either the shopping cart certification, or use a hosted payments solution such as CenPOS or CRE Secure.