Forum Moderators: buckworks
Making a decision about whether to go for one of the new manual credit card payment gateways or to stick with the more conventional real time system.
My thoughts are mainly security motivated. I like the idea that I'll have a unique key and all my cc's will be encrypted to only my key. I don't think any real time gateway does this. The manual system is quite a bit cheaper too which is an unexpected plus.
I already have a cheap manual merchant account at my bank and I can't see myself receiving huge numbers of credit card payments so its not going to be a problem charging these myself into my merchant account facility. I'm leaning towards the manual option at the moment.
Has anyone else chosen the manual system over the real time system?
Thanks.
[edited by: engine at 9:09 am (utc) on Mar. 10, 2007]
[edit reason] TOS [/edit]
Cons to using a retail (swiped) merchant account on your e-commerce website:
You will be charged a non-qualified rate on all your keyed transactions. This rate can sometimes be 2% more than your qualified rate. The reason being, you keyed the transaction, and the provider might not think you saw the card - thus leading to a high risk of a chargeback.
Look at your contract and see what you told your provider what percentage would be keyed. If you go over this percentage, they might come back to you and up your rate. I saw one provider do this and the merchant was at 1.55% and after he was at 2.95% on all his swiped transactions.
How are you going to get the numbers? Storing them will require you to be PCI compliant. If you are not compliant and have a breach, you can be subject to $25,000 in fines. You can lose your merchant account and might be placed on the MATCH list
Pros to have a gateway on your e-commerce site:
You can do all your fraud prevent on the site (AVS, CVV (which you can never store), etc)
Most providers have a monthly fee of $10.00. This fee is usually waived on other merchant accounts so you won't be paying that fee. Check with your provider to see what they can offer.
I cannot tell you what an electronic payment gateway is unfortunately due to the TOS of the board but there are a number of them. I think it is OK to mention Paypal though and you might even consider their Pro option. They also own one of the gateways as well that was purchased from Verisign last year.
They pros definitely outweigh the cons on this. Some providers might have a monthly minimum of $15.00 but usually that won't come into play if you process more than $700 or so a month (depending on your discount rate).
-Corey
I've checked with my bank about using e-Path and they say the rate will remain the same. This is something I looked into early on in the piece. They said it has something to do with their 2,048 bit aysemmetric encryption.
The security side is actually one of the reasons why I'm considering the manual option (the cheaper cost is another). I have read quite a bit about how people are taking their merchant accounts off the open internet as a way to gain some sort of control. I like this idea because it means nothing changes for me and I can check things.
The other one is what the bank mentioned about encryption. I think its fair to say I'm pretty paranoid about security now especially after hearing the news of the latest round of hackers hacking into a real time gateways server and grabbing 15,000 or so credit card numbers. 5,000 credit card numbers belonging to Australians were compromised (according the the news). Why does this still happen? Don't they encrypt the stored data?
Anyway, with e-Path I receive the encrypted data directly. It goes nowhere except to me and I decrypt it using my key. There isn't any storing of any data by them from what I read so that's a huge relief about security for me.
Since I posted my question I've looked into it a lot further and I'm pretty close to choosing the manual system. Security is something you can't mess around with and as you say the fines would kill.
But thanks for your reply, certainly food for thought.
Thank you
-Corey
Thanks for your reply. What is WHT? I'd like to have a look at any info I can find on them just to make sure I'm making the right choice.
Thanks
Item out of stock (you can not charge before notifying a customer thus preventing complaints over charging their card without shipping first and giving problem customers in general no recourse until this time); you can cancel orders without having to do a credit which saves fees and does not look troublesome on your merchant account; you can charge right when an item ships like the credit card regulations say (rather then beforehand and taking it on faith); the fraud control is better (you can check details on suspicious ones without charging and risking a chargeback); gives you a feeling that you are in control of your business (rather then an observer); you can change the charge amount if something happens (like a customer requesting express delivery which needs to be charged in the exact amount with their order).
Thanks for that. Are you familiar with e-Path? Is this one of the manual gateways that will do what you say?
I've been reading where a lot of companies are now taking their merchant accounts off the internet, dumping their electronic gateways and going to the manual way just because of added security.
I don't like the sound of cc payments going into my account without me knowing then being hit by a charge back weeks after I've sent out the goods. You gotta be kidding me.
I'm still checking things out but yeh the advantage looks in the manual gateways corner from where I sit. But there are not too many choices out there, e-Path is the only one I've found so far.
Thanks for your advice
The real issue is security. If you are confident you can adequately secure your own systems, I'd say go with it. If not an online gateway makes a lot of sense.
Conversely, if we automated the system in a way where we charged right away then what would happen if we were not able to ship within 48 hours? We would be charged a higher fee! Also as mentioned by other people here you might charge someone too soon and cause customer service issues - we will only charge when we ship the order. Most of the time we ship immediately but sometimes the order is delayed.
Like a previous poster, our fraud rate is very small and well below our industry standards.
I don't like the sound of cc payments going into my account without me knowing then being hit by a charge back weeks after I've sent out the goods.
1) How would you NOT know a charge has hit your account. I get a daily settlement report. I can login and view activity in real time if I want to. There's no option of 'not knowing', unless it's "Stick my head in the sand day" :)
2) Chargebacks can be made to either automated or manual processing.
we are able to change the amounts to be charged before shipping or delete the order if it's fraud.
Those are excellent features of our service. I have multiple sites hitting the same CC processor, and on some of those sites I allow automatic authorization. One site is set up for manual authorization where I can change the amount.. as long as I change to a lower value. I can't enter a higher value without re-billing.
what would happen if we were not able to ship within 48 hours?
I make fresh widgets, and getting any order out the door in less than 48 hours is close to impossible. That's only a problem with 'instant gratification customers' who don't bother to read the bold print. It's a non-issue for my CC processing.
The security side is actually one of the reasons why I'm considering the manual option
I don't see how manual processing is more secure at all, as long as you are using a reputable vendor.
the cheaper cost is another
You get what you pay for...
I have the luxury of automation, but I can also manually process a card. I don't see a down side to that.
-Corey
