Ecommerce Merchant Account

If you already accept credit card payments either by telephone/mail order or for face-to-face transactions, then an Internet Merchant Account (or Ecommerce Merchant Account)may be the best way for you to start taking online credit/debit card payments.

You should also consider an Internet Merchant Account if you require more flexibility in the way you operate your business (e.g. being able to process payments for part shipments), or you anticipate a fairly high number of  simple and low risk online transactions.

In order to start taking  credit/debit card payments online and processing them yourself, you will need an Internet Merchant Account with one of the main acquiring banks, such as:

  • Barclaycard Merchant Services
  • Bank of Scotland
  • HSBC
  • Streamline
  • Lloyds TSB
  • Alliance & Leicester

Online card payments are classed as ‘card-not-present’ (CNP) transactions, because you can’t physically check the card or the cardholder.

Even if you already have a merchant account for face-to- face transactions,  or for mail order / telephone order Card Not Present transactions, a separate Internet Merchant Account will still be needed for Internet transactions.

Acquiring banks, as usual,  will charge for their services – there may be a sign-up fee of around £200, and day-to-day charges could be a fixed fee in the case of debit card transactions or a percentage of each transaction for credit cards .

Getting an Internet Merchant Account is not always an easy process, particularly for start up businesses, as some banks may require you to have a proven record of two years trading.

Once you have an Internet Merchant Account, you will need a way of handling the payment process  yourself.

The credit card issuers now require merchants to be PCI-DSS compliant, which basically requires the merchant to have secure, regularly audited procedures in place to ensure the security of credit card details;  if you are in breach you will lose the ability to accept card payments.

If you decide to  implement PCI-DSS compliance, and collect the credit card details yourself and process them through a terminal, you need to use a secure SSL server and purchase a  SSL certificate for handling the card details (this provides the “Golden Padlock”).

This is how it works – the shoppers browser is directed to a secure server or area and downloads the encryption key and certificate. The certificate is checked by the browser to make sure that it was issued by a trusted authority, is still valid, and relates to the right website. All data sent between the browser and the server is then encrypted before being sent, and decrypted at the other end, ensuring that personal information cannot be intercepted or tampered with by unauthorized persons.