Taking payments on site vs redirecting customers to other sites?
What are your thoughts?
Any1 knows a good platform wich works with Sagepay Direct????

My personal thoughts are to re-direct to another specialist payment site such as sagepay (or other), as they take care of the continual security updates and pci compliance etc. Unless you're big enough to have your own people look after those types of things, suggest that using someone else who already have a team dedicated to keeping up to date with security changes is a good option.

I agree with Lewey

This week I have dealt with 2 stores infected with viruses, and one can only make the assumption that if they had been taking credit card details, that the data would be exposed. Yes the data can be encrypted on the server, but the issues go much deeper than that

You need to consider many things out of your direct control, that happen in real time. Secure connections, other users on the server, staff at the server company, your staff, your webdesigner (who has access to all the data). Reaction time at the server company to security threats, arethe servers fully patched. Is your software fully patched

Companies like paypal, have teams of very busy people constantly making sure things are secure

hi,

Agree all round. Taking payments on site can lead to quite a lot of work to ensure security. And then, you are never sure you are completely secure. Leave taking credit card details to the experts.
Regards

Hi,

Another agreement here for the exact same reasons posted above, i.e. the payment provider is dedicated to providing a secure PCI compliant process compared to a smaller online shop's own installation who's prinicpal focus will be on selling and shipping the products from their business and the ongoing maintenance of the IT infrastructure for that business will most likely be a secondary concern.

As a shopper I personally feel more secure when a shops checkout process transfers me at the final payment stage to someone well know, like PayPal to process my credit/debit card payment. It also speeds things up for me because I can log on to my PayPal account and all my address details are there, instead of having to enter them each time on every different shop's own custom payment or registration process.

Hi!
Yeah, i got that lots of people wanna use Paypal when you shop on a website, but my experience that lots want to use their card on the site where they are actually shopping (i never had a problem to do so for 5 years, and lots of my freinds got the same opinion).
So I wanna offer both of course!
Just wondering that how many customer would leave the shopping basket because of the pushing to an other payment site????!!!!!
Any precentage somewhere, some statistics etc..????????????

when buying stuff online I prefer it when the shop is using sagepay, worldpay, paypal etc... i have more faith in their ability to protect my data than if the site takes my details itself.

Agree with everyone on having the payment taken on the payment service provider's site & server as opposed to your own. It makes proving PCI compliance cheaper and easier as well.

You should look for customisable options on a hosted payment page e.g. can you co-brand with your logo and messaging? This contributes to a more seamless customer experience and ensures fewer dropouts at the re-direct stage.

Hope that helps!

I have just switched from SagePay Direct to SagePay Form due to the much easier PCI Compliance, everyone will need to be PCI compliant by the 1st of October 2009. Some banks are going to charge non-compliant fees and god help those people that are not compliant and have data breaches.

I have just switched from SagePay Direct to SagePay Form due to the much easier PCI Compliance, everyone will need to be PCI compliant by the 1st of October 2009. Some banks are going to charge non-compliant fees and god help those people that are not compliant and have data breaches.
I know. some people says it is not that hard and its only 150 pounds for an annual audit, oh i dont know???????????????!!!!!!!!!!!!!!!!!!!!!!!!

I know. some people says it is not that hard and its only 150 pounds for an annual audit, oh i dont know???????????????!!!!!!!!!!!!!!!!!!!!!!!!

It is just like having an MOT done on your car.

The audit is your minimum spend in this area. If the audit says you are not PCI compliant, then you will need to spend more time resolving the technical issues yourself, or more money if you need to pay someone else to resolve the PCI failures.

On top of the cost of having your systems upgraded to fix the PCI compliance issues, I would imagine that it depends on the company performing the compliance audit as to whether they charge you any more money to re-audit the system and confirm the issues have been resolved to give you your PCI compliance.

Hi there,

I use Romancart for my shopping cart solution & have recently changed from manually taking the credit card payments/ Paypal to using Sagepay & sending customers to an new window for secure payment.

I have to say it seems so far to have improved conversions & definitely has reduced the number of failed transactions I have to deal with. There are a few more drop outs at the checkout stage but nothing major. I'm no techie & the integration is very simple & basic & doesn't look very pretty but still seems to have been worthwhile :-)

Jo

Hi!
Yeah, looks like lots of people use Sagepay Form
How about Paypal Website Payments Standard? You have to redirect but they can pay there without having or creating an account with Paypal?!
Customers trust Paypal? It is just easier to set up and if you dont have a lots of orders every month than cheaper as well. Sage 20 pounds a month plus 20 pounds a month for the merchant account

Total Web Solutions have a Payment Gateway. We have made it available as a Plug-in to our Shopping Cart. Seems to be a cheap option as well.

I think it looks more professional keeping the customer on your site. I use Paypal pro for ours.

Definitely a more professional and faster checkout procedure if you can keep them on site.

It really depends on your size and aims. If you want to provide the slickest fastest checkout procedure possible then you have to do it on your site really.

Thats what i think too!

There is also sagepay VSP server which you can do inline so although it can be made to look like they aren't leaving you site they are.
Im looking at integrating it into our site using shadowbox (so the background fades out) and the inline content is more prominent. Solves PCI compliancy plus looks like they haven't left your site.