I personally won't buy from any site that sends me to a third-party page for card processing. I'm sure that many of those sites are legit and run by good business people, but to me it makes a site look less professional. I wouldn't shop at a physical store that required me to drive across town to pay at a different business than the one I received the items from, either.

I personally won't buy from any site that sends me to a third-party page for card processing.

I bet that you have an you don't even know it. PCI Compliance is no joke and it's pretty cost-prohibitive, if not impossible, for smaller online businesses to create and maintain a compliant ecomm app from end to end.

Services like Auth.net's AIM method of payment integration are plenty secure and visitors often don't know they've been redirected for payment.

Just to clarify a point on the previous two posts -

I think ambellina is describing an actual move to a third party site on the payment step, an example, sites that accept only payPal and send the to the payPal site instead of using a silent post. This indeed wards off a lot of web-wary customers.

justgowithit is describing a silent post. Almost all smaller businesses will be doing a silent post to a third-party payment processor. This gives the impression, and security, that the shopper has never left the company web site. But in most cases, this is actually a step that increases credit card security because the gateway will have stringent methods of identifying the originating site, some including a .pem digital signature similar to an SSL digital cert. Additionally, it allows the originating site to operate independent of the credit card data - we don't have to store it on our web site. This is the function of the payment processor, which has to demonstrate PCI compliance.

This is a very secure method of accepting payments for all of the above reasons.

As for being directed to a third-party site, many of these are legit and while I agree it's not a "professional" way to accept payments, it may be the only option within their means (or just too cheap to spring for an online merchant account. :-) ) In any case once on the payment processor site, it's easy to verify if they are legit by investigating the site URL and any digital SSL links you may find.

The worst thing about off-site payment processors is like you say, it worries people because they don't understand the technology and may abandon at this point because it's better safe than sorry.

Hi,

thanks for the replies.

'In any case once on the payment processor site, it's easy to verify if they are legit by investigating the site URL and any digital SSL links you may find. '

What did you mean by this rocknbil? Does it mean you should know most important payment processor sites (paypal, etc.) and then see 'ok it's their URL so I can trust them'?

What are digital SSL links?

Actually using a credit card is quite safe. Many of them even have guarantees against fraudulent charges and other safeguards which are to well know to go into here.

I think ambellina is describing an actual move to a third party site on the payment step, an example, sites that accept only payPal and send the to the payPal site instead of using a silent post. This indeed wards off a lot of web-wary customers.

That is indeed what I meant.

What did you mean by this rocknbil?

Most sites that have a secure checkout page will display the logo of the secure cert issuing authority. Part of what makes a secure certificate secure is it verifies the identity of the website you are on. You can click this logo and it will bring you to the cert issuer's site and display the details of the company.

If they do not display the logo, you can open the "lock" icon on the browser status bar (or up at the top by the address bar for IE 7) and view the certificate details.

By investigating the URL, I meant you can look at the web address of the secure page and visit other parts of that site to get a feel for whether it's a valid site or not. So for [secure.somesite.com,...] you can go to somesite.com and dig around. If you get a bad feeling, you're probably right. An example for **ME** would be a secure certificate that somehow has vague or questionable company data. I don't know if I'd want to continue with a purchase from a company based that appears to be in the U.S. but the secure cert is registered to a company in Nigeria. (Apologies to legit Nigerian web developers.)

New companies spring up every day, so I don't know of a "list" of trustworthy credit card processors.

I personally won't buy from any site that sends me to a third-party page for card processing. I'm sure that many of those sites are legit and run by good business people, but to me it makes a site look less professional.

many!? lol

There's nothing wrong with directing off site to process a credit card payment. Surely as a user you would apply the same rules to both situations anyway? It doesn't make sense to call one method more suspect than the other

When possible, I use PayPal. That way your credit card or bank info is not shared with the merchant. Alot of smart consumers are realizing this.

I personally am very wary about using my credit card online. There were so many cases of online identity theft, that it completely freaked me out.

OK, put a check in the post with all your bank details, a copy of your signature and a covering letter with your name and address. Secure?