Shape Your Business logo
Follow Us:

Accept Payments Online – Safely, Securely

Sunday, August 05, 2007   By Mike Reddy


Websites are now capable of allowing pretty much the full gamut of customer experience that a bricks and mortar business can - apart from that sheer ‘hands on' feeling. But that lack doesn't seem to be proving any hindrance to the popularity of shopping online.

What does act as a turn off for would-be shoppers is how secure they perceive your website to be and how diligent you are in guarding credit card details and the other personal details they hand over as part of the transaction.

For many businesses the process of accepting payment online is one that can no longer be ignored. Internet buyers expect a speedy, uncomplicated, full service transaction. Initially that meant doing away with the ‘print off this order, fill it in and post it to us' approach to ordering and replacing it with an online order. Now it means the ability to use a credit card to complete the transaction by paying right now instead of going through the rigmarole of waiting for an invoice to turn up in the mail and then having to pay by cheque.

The process is advantageous to the seller as well because they can cut out extra processes of invoice production and mailing and at the same time minimise the waiting time for cash inflow. A number of innovations - both new technologies and new ways of doing business - have done much to make even small value transactions (micropayments) less expensive for merchants and extended the range of products that can be sold on a website.

But as transactions have become more ubiquitous, they have also become the targets of fraudsters. These days few buyers would be unaware of the dangers inherent in putting their credit card details onto the Internet. Even if they aren't familiar with the technological tricks that fraudsters use to collect this information from the unwary user, they have developed a natural suspicion and wariness of openly providing their card details. As a trader relying on them to do just that, your site has to offer one major incentive - a sense of security. There are two areas that need protecting - the Internet connection and the data that ultimately comes to sit in the databases on your computer.

Providing a secure connection

Standard Internet connections do not provide a secure mechanism in which credit card and personal details, such as delivery address and phone number, can be transmitted. This information should only be transmitted over a connection that actively protects this data to keep it secure from hackers. The mechanism that allows this is called ‘encryption' or Secure Sockets Layer (SSL). Enabling SSL requires special programming, special set up of your web server and a website certificate from a Certificate Authority (an organisation that certifies that your business exists and that you own your domain name). Your ISP or web developer will be able to organise secure Internet submission facilities for you.

The way to recognise a site with encryption is in its url - it will start with https:// rather than the usual http:// and the web browser has a lock shown at the bottom of the screen (log in to your online bank site and check). Don't rely on just those hints though. An obvious screen message telling your potential online shopper that your site is secure and that your online payment systems, such as credit card processing, are safe to use is also a must.

The reality of online transacting is that using SSL to transmit credit card details is less dangerous than handing over your credit card in a bricks and mortar shop. There, and at ATMs, fraudsters have come up with a range of methods to observe and capture people's credit card details that can make transactions at these places more dangerous than over the Internet. However it is the perception - that online transactions provide the most danger - that you have to deal with. Installing SSL and advertising the fact should remove any hesitation on the part of the customer about going all the way online.

Protecting the data on your computer

SSL ensures that credit card details and other confidential information remains secure as they cross the Internet. But once it's on your computer the data is open to hackers. In fact, while customers may worry most about the transmission of their data, really the data is much more vulnerable once it is on your computer. Hackers rarely have the ability or access facilities to reliably capture data on its way through the Internet, so their preferred target is the destination computer.

The only way to protect data from hackers is to ensure your website developer is conversant with the latest methods of building security procedures into the design of the website itself. They may have a great talent for eye-catching design and making navigation around the site easy but in areas that will hold confidential information, pulling in an expert to build the code is essential.

In the online environment the ability to provide an end to end transaction is now a must have as far as customers are concerned. To make it work for you and them though you will need to put the time and effort into developing a secure procedure for both the transmission of customer information to your computer and for maintaining it securely in your database.

Mike Reddy is a Chartered Accountant, business coach and advisor helping businesses in Sydney, Melbourne, Brisbane and Gold Coast to easily increase their profits and cash flow. He is currently President of the North Sydney Chamber of Commerce, a Regional Councillor for Sydney North East and a member of the Institute of Chartered Accountants Sydney leadership team. As well as advising businesses, Mike presents business development seminars and webinars and is regularly contacted by the media to comment on small business matters. You can connect with him on Facebook, Twitter and Google+.