Integrated Online Payment Options

[projectsdesignwear]

Firstly, awesome forum!!!!

Basically, we currently have an online business and we use a method of sending the customer to NoChex to take payment. We seem to be losing about 35% of customers at this point.

We have decided we'd like to upgrade our payments system so that the transaction is taken on our own site, this way the customer is never redirrected from the site.

The main problem I have is that I'm on a shared server with a dedicated IP. I've used 3/4 different hosting companies and I'm finally really happy with who I use.

I was wanting to use protx and embed it onto my site, but they have said I need a dedicated server for security. Basically, is this true on all embedded payment systems? Even If I use verisign on a shared server, is there no way of been able to embed some sort of payment onto my own site.

Any help would be much appreciated.

 

[webpayments]

Most Payment Service Providers offer a hosted payments solution. I know Realex Payments and HSBC do so in the UK. The checkout process will happen on your web site but then at the point where the user must enter their cardholder information they are redirected to the secure hosted payments page. This is hosted on a secure sever by the payments service provider. Typically you can brand this page so to the average internet user it will not look like they have left your site. This is the easiest way to take payments on your website as you do not have to worry about the security aspect of processing cardholder information, you leave that to the experts.

I am unable to add links to my post as I am a new member but you can find out more information about the options available to you at my web site

www . webpayments . ie

The provider comparison section is geared to Ireland but the other information on the site should be useful to you to explain the options available. You can PM me if you have specific questions.

 

[Nicole.S]

Have you consider using third party payment processors as an alternative to NoChex/Protx.

 

[Peter Bowen]

I've done a couple of Protx and WorldPay integrations.

Protx require that you have a fixed IP and a certificate - (most web hosts can provide these at quite easily) if you want to take the card details on your site.

If you don't meet these criteria the process is slightly different, here it is from the customer's point of view:

1. Your customer fills their details (addresses etc) on your site.
2. They are sent to a Protx page to fill in their card details.
3. They are sent back to your site (success page or failure page).

Cheers

Pete

 

[Optegris]

I was wanting to use protx and embed it onto my site, but they have said I need a dedicated server for security. Basically, is this true on all embedded payment systems? Even If I use verisign on a shared server, is there no way of been able to embed some sort of payment onto my own site.

Any help would be much appreciated.

No this is not true. You do need a SSL certificate for your domain and you also need to pass through a level 3/4 PCI compliance scan. This compromises of two parts, a self-test questionnaire and a scan of your hosting platform.

Most hosts will be able to assist in getting your through the PCI compliance if the scan throws up errors or issues.

Although a dedicated server would give you extra benefits, it is most certainly not a requirement.

 

[Peter Bowen]

Phil,

I've done several of these integrations (worldpay and protx) and have never found the need for PCI compliance by the vendor. I understood that the card processor (worldpay/protx etc) did this.

Cheers

Pete

 

[projectsdesignwear]

Thanks for all your help, I have spent a whole day surfing to find the answer to this problem, thanks guys

I know alot of people have mentioned taking people to a 3rd party site and that it can be configured to look the same but we currently do this, I've tried to customise it as best as I can but I'm still getting a lot of people drop out at this stage (30-40% over the weekend) which I think is just too high, esp. when so close to completion, that's why I think I have to have my own integrated payments page, esp. as I think rest of the site looks pretty slick.

So the guy at protx telling me that I needed to have a dedicated server to use protx direct is talking "jive"? I thought this might be the case but just wasn't sure. I currently have an SSL licence on my site. Who would you recommend payments system wise to have in terms of ease of integration?

Also, is it something my developer should be able to do or would it be easier to get an expert in, can't help thinking the securecode part of the transaction could be complicated. Has anyone any experience of moving from a third party off-site payment system to an integrated on site-one.

Also, do I just need to speak to my hosts about becoming PCI compliant?

PS.Please have a look yourself and let me know why people fall over at login and at nochex

www
projectsclothing
com

 

[webpayments]

I tried your site there and when I went to checkout it wants me to create an account on your web site before I can continue. I think this might be part of your problem - why not give the option for not becoming a member and just entering the details once.

The telephone number is a required field - why is this? I think you are discouraging potential customers by making them sign up and requesting this type of information. Perhaps you could add a note to the page say that you will not use or distribute my personal details to external parties.

 

[Peter Bowen]

I helped some guys with exactly this problem - they were losing too many people with a multiple step payment process.

We built a single payment form where customer and card details were taken. They reported a significant increase in conversions. This project uses Protx VSP Direct which allows you to take card details on your site and transfer them to protx using the https protocol.

The actual coding is straight forward and they have good examples in their documentation (we used PHP for this project).

Cheers

Pete

 

[Optegris]

Phil,

I've done several of these integrations (worldpay and protx) and have never found the need for PCI compliance by the vendor. I understood that the card processor (worldpay/protx etc) did this.

Cheers

Pete

If you are using an embedded solution where the credit card details are entered onto your site then you do need to pass a PCI compliance test. If the user enters their card details on the gateways site, not your own, then you do not need to go through PCI compliance.

So the guy at protx telling me that I needed to have a dedicated server to use protx direct is talking "jive"?

Very polite way of putting it but yes he is

I currently have an SSL licence on my site. Who would you recommend payments system wise to have in terms of ease of integration?

Also, is it something my developer should be able to do or would it be easier to get an expert in, can't help thinking the securecode part of the transaction could be complicated. Has anyone any experience of moving from a third party off-site payment system to an integrated on site-one.

Protx, or sagepay as they are now called, offer a variety of methods. The simplest to implement is their form version where the uiser enters the card details on the the SagePay site. The more complex method is Direct where the card details are entered on your site and the authorisation happens in background. The second method is more complex in terns of programming but can be easily completed by a PHP/ASP/.NET/ColdFusion developer.

Also, do I just need to speak to my hosts about becoming PCI compliant?

You will need to liase with your host about becoming PCI compliant as they will need to allow a scan to take place on your site and also resolve any issues that are thrown up. We will be shortly offering a full PCI compliance testing and compliance service for arounf £99 pa which will satisy all the requirments for becoming a level 3/4 PCI compliant merchant.

 

[webpayments]

To follow up - I create an account on your site to try out your checkout process. At the bottom of the screen you have some nice graphics indicating the steps in the checkout process.

Delivery Information -> Payment Information - > Confirmation - > Finished!

But you do not enter your payment information on the Payment Information step. It is after the Confirmation Page that you get redirected to nochex.com. This is confusing. The graphics highlighting the steps are great to help your customers understand the process but if they are a true reflection of what is happening then they will confuse things more.

I agree a fully integrated payments solution is the best idea but this will cost time and money to implement. Until then I think you can make some small improvements to your checkout process that should increase your conversation rate.

 

[webpayments]

One last point - The confirmation email that I get was I register on your site comes from a gmail address. This doesn't exactly inspire confidence, why not use your domain name for your email?

 

[projectsdesignwear]

I helped some guys with exactly this problem - they were losing too many people with a multiple step payment process.

We built a single payment form where customer and card details were taken. They reported a significant increase in conversions. This project uses Protx VSP Direct which allows you to take card details on your site and transfer them to protx using the https protocol.

The actual coding is straight forward and they have good examples in their documentation (we used PHP for this project).

Cheers

Pete

Pete could you give me an example of what you did please, just so I can get a feel for it

Thanks for all the comments, webpayments, I'm curently going through your comments with a fine tooth comb

 

[Cromulent]

One last point - The confirmation email that I get was I register on your site comes from a gmail address. This doesn't exactly inspire confidence, why not use your domain name for your email?

Yep, never ever use a gmail account for business correspondence. It looks really unprofessional.

 

[webpayments]

Thanks for all the comments, webpayments, I'm curently going through your comments with a fine tooth comb

Glad to be able to help.

 

[projectsdesignwear]

I've analysed the payments and come up with an improved version for now (which should go live on Sunday). I'll email you the updated version and get your expert feedback if that's okay.

I just have one more question, is there any card processing company that I can use that would be able to load up my customers card details so that they wouldn't have to re-enter it the next time they came onto the site. They would simply be asked "do you want to use the last card used ending XYZ". Much liek the one ASOS use.

That's would amazing!!!

 

[webpayments]

I am not overly familiar with the UK Payment Service Providers but what you have described is a common service that is provided. It is typically used for recurring payments for subscription based services.
I think Realex have an offering in this area but you would need to contact them to confirm. I have not used it personally.

 

[projectsdesignwear]

Thanks again Webpayments. Just spoke to Keith at Realex and he gave me the headsup. Really nice bloke, v.helpful. They can do all of the above and even have a plug in for the cart to make life easy for us .As you guys said, all I would need is a secure server (can be shared as Openmind said). To go onestep further with the card details appearing for each customer we would have to follow PCI compliance tests, but that part can be done at a later date. Best of all it's 9p a transaction (with a miminum of £29/mth if you don't hit that that amount, which would mean 323 transactions per month which works about spot on for me)

Good work guys, chuffed to bits, been pulling out my hair for ages on this!!!

 

[webpayments]

Glad to see you found an option that suits the needs of your business. I know Keith personally and I have worked with him on a number of projects in the past and I agree he is a good guy and is always very helpful.

 

[projectsdesignwear]

He's dropping me an email later this afternoon, I'll be sure to metion it was you who recommended them. If you ever need a cheap xmas pressie just let me know and I'll make sure you get from the site at cost

Thanks all again

 

[webpayments]

Thanks and please do mention webpayments. We launched an Irish online payments web site recently and have been getting good feedback so far. The site is focused at the Irish market but certain aspects of it are appropriate worldwide such as our animation explains how an online payment is processed.

 

[projectsdesignwear]

I'll definately mention itwas you who recommended them. I was wondering what fees I should aim for
apparently there's a charge of £99 setup fee (with a £29 mthly fee)
plus another £99 for the 3d secure which I thought would've been thrown in for free. (£5 mthly fee)
Is there any wiggle room in these prices

 

[Martin P]

No this is not true. You do need a SSL certificate for your domain and you also need to pass through a level 3/4 PCI compliance scan. This compromises of two parts, a self-test questionnaire and a scan of your hosting platform.

Most hosts will be able to assist in getting your through the PCI compliance if the scan throws up errors or issues.

Although a dedicated server would give you extra benefits, it is most certainly not a requirement.

Phil's my host^ [or hostess ] and I have [finally] got a Barclaycard epdq MPI which means credit and debit card transactions are done on my site. [I needed an SSL certificate from Phil]. It's a merchant and payment processor in 1 too.