Hi There,
Can you tell me does anyone know if payment on your own website is better than payment going through onto Protx payment pages?

Do you get more customers finishing order?
Do you get less abandoned carts?

We were going to go ahead and set up payment on our website and just wondered if was worth it. Has anyone had any opinions on the above??

Sarah

I've always strongly felt that having your own payment pages is the better option. It's cleaner, slicker, and looks a lot more professional. That's the approach we use on most of our sites.

However, we decided to put this to the test last year, and implemented Protx Form on a new site we launched. Dropout rate at the payment stage is exactly the same for our sites which use Protx Direct and the one which uses Protx Form. I was personally surprised by this.

I still think Direct is the better way of doing it, but if you're asking about dropout rate, it makes no difference.

mmmm very interesting. I read that it would help abandon carts, people don't like leaving the website they are on, It doesn't bother me when shopping online. Even if we just get out of it a more professional site I will be happy with that!

Sarah

Conventional wisdom is that it reduces dropouts, and I would have expected it to, just going on gut feeling. The numbers say it makes no difference.

The research I've seen says it makes no difference whether they stay on your site or go to a dedicated payment provider.

The pros as far as the customer is concerned is that they can see they are going over to a secure section to enter the card details and so have more confidence. The cons for the customer are that they are leaving the site they were buying the product from. These balance each other out and so you end up with no real difference.

Personally we send customers away to PayPal or Nochex. Sending customers offsite means we do not have to hold credit card numbers and so reduces the security headache. We can tell customers that we do not hold any credit card details at all which is a good selling point.

Hi There,
Can you tell me does anyone know if payment on your own website is better than payment going through onto Protx payment pages?

Do you get more customers finishing order?
Do you get less abandoned carts?

We were going to go ahead and set up payment on our website and just wondered if was worth it. Has anyone had any opinions on the above??

Sarah


There is more accuracy with Protx on your own site, as Protx insists that the pair match up. This prevents inconsistencies (which are likely to cost you money if you don't spot them instantly) where something fails in the protx side but your site has recorded the sale as complete.

We will move over to protx on our site with our next major payment upgrade.

Can you tell me does anyone know if payment on your own website is better than payment going through onto Protx payment pages?
...
We were going to go ahead and set up payment on our website and just wondered if was worth it. Has anyone had any opinions on the above??
When you take into account the big issue of trust, and how confident a user feels about submitting their all-important credit card details to a particular website/company, then the use of a more trusted third party website like PayPal or WorldPay or Protx is more important (I mention PayPal, WorldPay, and Protx in that order because I think the general public are more likely to have heard of PayPal first, WorldPay second, Protx third, and even if the general public haven't heard of either WorldPay or Protx yet, WorldPay sounds better and is more meaningful as a brand IMO, to get that trust started).

For most small businesses I think off-site credit card processing is the most appropriate solution. Perhaps it is because I'm too cautious and a bit too close to the subject matter working in web development and banking IT (in a previous life). All I can say is that I'm very careful about which sites I enter my credit card details on, even larger company sites. Do I enter them on a site owned by a small business who has spent a few hundred or perhaps a few thousand pounds on their website, possibly still running their website on shared hosting where anyone can open a hosting account and run server-side code, or do I enter my credit card details on a site like PayPal or WorldPay whose owners have invested millions in their security setup, who have security professionals working fulltime to keep their site safe from hackers, and QA/auditing/procedures in place similar to a strict banking environment?

A common misconception is that plonking a SSL certificate on to a site makes that site secure. SSL - secure sockets layer - merely means that the connection between the web browser and the website is encrpyted ('secure') and there is some level of vetting of the site owner depending on what level/cost of SSL certificate is used (from £8 per year less, almost zero, vetting, to several hundred pounds per year more vetting). The important thing is that it doesn't mean a site is secure (safe from hackers trying to inject code to syphon off credit card details on the processing page) nor does it mean that the site owner has to act responsibly with that data, what happens after your credit card details arrive at the site is anyone's guess.

Flipping this issue around 180 degrees, put yourself in the hacker's shoes, trying to hack into a website to obtain credit card details. Do you target the PayPals, WorldPays and the Protxs who have invested millions in security, or do you target the small business website who has decided to take onsite payments? Even if a website is not storing credit card details, which most shouldn't, a hacker could get in and place code on the processing page to tap the data off unobtrusively when the credit card details are received by the website.

This might sound like scaremongering, and I'm sorry if it does, but I like to err on the side of caution and I honestly believe that onsite processing is not the way to go for most small businesses, and I've only mentioned a few of the reasons why here. If you are a small business that is growing more into a medium size business then onsite processing might become more appropriate. That is if you are at the stage where sales are increasing, and you can afford to seriously invest in a more secure website setup, preferably avoiding standard shared hosting and moving onto a more dedicated server solution, and you are investing in every other part of your website to ensure it looks professional to instill trust in your visitors (if a site owner hasn't taken the time to do this then how can a site owner expect people to assume they have taken the time to do other more important things like make the site secure).

There can be synchronisation issues with offsite credit card processing but these are usually due to incorrectly implemented client sites. Correctly implemented sites, which make use of offsite payment processor callbacks, and change the order status accordingly, shouldn't have these issues, e.g. see Store is completing order before payment (http://www.ukbusinessforums.co.uk/forums/showthread.php?t=68360) and Worldpay callback not working with osCommerce (http://www.ukbusinessforums.co.uk/forums/showthread.php?t=62108) threads.

Using VSP direct also allows more control over the transaction in deciding whether to accept or investigate further a completed sale.

Thought i would put my 2 cents in on this one.

Having seen sales data for thousands of merchants over the years I can say 100% that direct processing increases sales. For small SME doing from a handful to a couple of hundred it is statistically hard to show as their Tx rates will often fluctuate considerably and the difference is lost in "chatter".

All merchants regardless of size will have monthly patterns for time of year, industry etc. When you compare a merchant performance over a time period against others then the difference is easily spotted. It is usually 10-15% increase.

Now to the reasons.

1. Doubt - If the consumer at any stage has any doubt about what is going on, ie jumping to some third party you introduce doubt and one of three things will happen. They will continue and buy, they will not buy and go elsewhere, or they will phone you. Obviously point 2-3 are bad.

2. Browser controlled jump to secure pages - There are god knows how many browser types and versions out there with god knows what settings. There is a message that pops up with some settings warning you are jumping to a secure third party. I know what it means but trust most people will just see it as a warning and what do you get -> Point 1

3. Browser control post back and or redirect. A certain % of these will fail post transaction as again its controlled by a browser. This means phone calls from the consumer and reconciliation headache for the merchant.

I could go on but I think you get the point.

By far the biggest thing that increases sales is moving away from Paypal and going to a direct/paypal combination. This is normally at 25-30% increase in sales.

Hope that helps.

Iridium, while I totally accept the data you've seen, do you think there may be other factors here? For instance, the majority of sites who use their own payment pages will tend to have better overall site design, and be a lot more respectable looking.

The experiment we did compared sites which were very similar in design and overall user experience, with the only difference coming at the payment stage.

Sysop,

The great thing about the internet is it is a great leveler. With a properly designed site where everything on it is of Tier 1 merchant grade the person buying has no idea if your a one man band or 200 employees.

I think a direct merchant to merchant comparison would show nothing to be honest. Trends like this need a lot of data to even out anomalies. And of course there will be situations where one method has no direct effect on completed sales, for example a unique product. If there is only one place to get what you want you pay the way they tell you to.

We see it time and time again and like a broken record say the same thing to merchants regardless of size. There are technical and strategic reasons to use to pay direct.

Trust me if using a hosted method completed more sales that would mean more money for Iridium and you should have no doubt I would be preaching that method.

Some Merchants we have sorted are literally gob smacked at the difference and you can see them mentally calculating the money they have lost.;)

Another benefit to hosting the payment pages is that if you have a 3rd party PSP and it has downtime they will not process the payment for you and you are likely to lose the customer.

However, by processing payment yourself you hold the card details and therefore you will be able to re-process the order at a later time when the system is working again.

Personally I use Protx Form because I am on shared hosting. So there are other costs to consider when choosing, i.e. will you need to upgrade your hosting solution.

It may be worth my changing to Protx Direct now that my business is established but a 10-15% increase in sales when I first started would not have offset the additional costs associated with Protx Direct.

PCI compliance rules are also now more strict so it is not just a simple A or B choice.

PCI compliance rules are also now more strict so it is not just a simple A or B choice.

As well as the above, you'll have to factor in the cost of an SSL Cert, the rest of the infrastructure, etc...

However, by processing payment yourself you hold the card details and therefore you will be able to re-process the order at a later time when the system is working again.

PCI compliance rules are also now more strict so it is not just a simple A or B choice.

Precisely. Which is why holding the payment details yourself amounts to storing the information and requires a very high level of compliance so is completely pointless.

Phil

Not sure what you mean by completely pointless?

Earlier in the thread you seemed to be in favour of storing the info yourself
Using VSP direct also allows more control over the transaction in deciding whether to accept or investigate further a completed sale.

There are obviously merchants who benefit from doing it themselves - large scale merchants where they have their own system support and web development teams, financial departments who deal with the PCI and legal stuff. They already have people in place and just need a little training to add this to the mix.

There are also merchants who may not benefit from doing it themselves - small businessess with no system support - they may be doing the web development themself or may have outsourced it, financial dept is the owner, and as for employing people to deal with all the other stuff it may not cover the costs you might save from the extra sales.

In between the two is the ambiguous line where it becomes the right way to go - where that line is (the opportunity cost), is what I thought people wished to know.

Surely nothing in life is completely pointless, otherwise why would people do it?

Phil

Not sure what you mean by completely pointless?

Earlier in the thread you seemed to be in favour of storing the info yourself


There are obviously merchants who benefit from doing it themselves - large scale merchants where they have their own system support and web development teams, financial departments who deal with the PCI and legal stuff. They already have people in place and just need a little training to add this to the mix.

There are also merchants who may not benefit from doing it themselves - small businessess with no system support - they may be doing the web development themself or may have outsourced it, financial dept is the owner, and as for employing people to deal with all the other stuff it may not cover the costs you might save from the extra sales.

In between the two is the ambiguous line where it becomes the right way to go - where that line is (the opportunity cost), is what I thought people wished to know.

Surely nothing in life is completely pointless, otherwise why would people do it?

I didn't advocate the storage of data at all. Using VSP direct you receive the AVS, address and 3D checks in the post back provided by Protx. This, when coupled with other anti-fraud services such as MaxMind, provide the majority of detail you need to process the transaction or not.

It is pointless storing the detail because:

a) You don't need to
b) You need to achieve a very high level of PCI compliance
c) You run the risk of fines/penalties/removal of service from your merchant proivider.
d) It's insecure even if the emails/storage medium is encrypted


ergo there is no point unless your name is Protx ;)

I thought the point of VSP Direct was for customers to enter their details on your website which you then send to Protx.

By doing so, you are taking and transmitting card details and thus must have a higher level of PCI compliance together with SSL and secure server which increases costs, than you would with Protx Form.

Apologies if I'm getting all this wrong.

You are correct, the customer is indeed entering the card details on your site, it is then transmitted via XML to protx for authorisation who will then send back the appropiate responses for 3D checks/authorisation.

You do need a slightly higher level of PCI compliance but noweher near as high if you are storing the card information in a database or emailing the information through to the store owner.

You do need a slightly higher level of PCI compliance but noweher near as high if you are storing the card information in a database or emailing the information through to the store owner.

What people seem to forget is even if the information is emailed, faxed, written down, or any such medium you are still storing card details and therefore need to go through a PCI self questionaire and system scans but in this case your office system. PCI is not just electronic procedures but actual business procedures like have a cross shredder to deal with old card details and not a strip shredder.

If you as a merchant are compromised, even if your website does not touch card details, you will be delt with by the card schemes. This could be a fine, suspension of account, loss of account or even worse a life time ban for the company directors or owner from processing cards the dreaded black list.

I think people are mad to have card details emailed to them. Most of the compromises we have assisted in resolving in the last couple of years have been through emailed and or faxed details. We have only seen two cases where card details were being harvested off a website. In both cases it was the same programmer who put in a back door so was not an outside hack.

Hi Everyone,

Thanks for all your great feedback!
You've left me completely baffled now as to which way to go. :|

I just wanted to take out that extra checkout step, but it's a lot to think about as to whether it worth doing. I'd like to think so. If we do go ahead I can always give you my feedback on what effect it has had on our site.

Sarah