Safe selling through the storm

The value of online sales channels is growing, despite the global economic slowdown. Irish payment services processor Realex Payments said that in 2008, the average value of transactions it processed online per day per day was EUR15.3 million, compared to EUR7.9 million in 2007.



…and Colm Lyon, managing director of Realex, said that January 2009 is also “turning out to be a record month”. “There are more and more buyers coming onto the market, there are more sellers coming onto the market everyday. The market is growing rapidly,” he says, referring to the amount of companies selling online in Ireland and abroad.

With online shopping booming, it would be a real discredit to your business if a customer visited your website, was happy with your product, but at the last minute didn’t make a purchase because they believed it was not safe to do so.

Professional services firm Deloitte recently examined over 100 Irish based e-commerce websites. It found that 53 percent used an out-of-date encryption standard for their site, 2 percent did not use any encryption software at all and 7 percent of sites did not ask shoppers to input a CVV2 number (the three-digit code on the back of credit cards).

Thankfully, there are numerous established online security tools and standards that allow businesses to sell online securely and reassure consumers about the safety of online transactions.


What do I need to sell online?

SMEs who want to sell their products online need a merchant services agreement with their bank and a payment services provider to handle online credit card transactions. The merchant services agreement is a legal contract that allows firms to accept Visa, Master Card or Laser. The bank supplying this agreement will ask if you are selling your product over the phone, at a bricks-and-mortar store or online.

Credit cards are the most popular method of payment used by online shoppers. If you want to sell online you will have to decide how you are going to handle your customers’ credit card details: you can handle these yourself or hire another company to do it. “The company can allow the end-user to put their credit card details into the company’s website, or they can redirect the customer to a secure page provided by a payment services provider,” says Lyon.

SMEs can set up a payment solution on their website, whereby they handle and store all their customers’ credit card details. However, the overheads of controlling the full shopping experience can prove costly, and this method is normally favoured by larger companies. “You as the merchant have to get a secure server, you collect the credit card details and the customer never leaves your site. You have got to make sure that you complied with [security] standards,” explains Lyon.

The majority of SMEs who are selling online in Ireland use a hosted payments service. These work with SMEs so that customers making a purchase are redirected to a secure page, hosted by the payment services provider. This page is typically branded similarly to the SME’s website. The main difference is the SME doesn’t process their customers’ credit card details.

“SMEs don’t have to get a secure server. The credit card details are not entered into [the SME’s] domain at all. As a consumer you can see that a merchant is collecting details from you. You know that those credit card details are not going to the merchant at all but they are being stored by [the payment services provider] and processed that way,” says Lyon.

Realex Payments is just one of the many payment service providers authorised by the major credit card companies to handle transactions. Others include EMerchantPay, PayPal and CashTronics. The credit card companies post lists of all authorised vendors on their websites for anyone to read.


What does the customer look for?

There’s no question that customers are very concerned about the level of fraud on the internet and are cautious about where they input their financial details. To address these concerns, credit card firms and banks insist on a range of tools and standards.

Firms who want to control the entire shopping experience have to ensure their website complies with the Payment Card Industry data security standards. It’s also important that the company’s SSL certificates, confirming it as an authorised vendor, are up-to-date. Credit card companies and banks can advise about how best to meet these obligations.

“We would advise merchants to meet with their bank or card processor to discuss the fraud/crime prevention options available, to make themselves aware of related mandates from card schemes such as Visa and MasterCard and to ensure that they are compliant with any card acceptance rules,” says Una Dillon, head of Card Services & Communications with the Irish Payment Services Organisation.

Taking charge of your customers’ financial details also means you will have to keep up-to-date on the latest technologies and trends. For example, Realex Payments noted last year that debit cards are becoming more popular with online shoppers.

Similarly, Visa and MasterCard have developed a new security measure which many online retailers are implementing. 3D Secure requires cardholders to authenticate themselves with a security code, which operates similarly to the chip and pin method. Keeping on track of all these standards and rules can be a big burden for SMEs though.

Michael Gulliver, Regional Credit and Risk Director with AIB Merchant Services, says the best way SMEs can meet these obligations is to “not store card numbers whatsoever and to use a redirect page for a payment service provider.”

Similarly, it’s best to secure the webpage you are selling from. This can be done by adding a secure socket layer (SSL) to the technology that communicates between your web server and web users – that is, the Hyper Text Transfer Protocol (HTTP). If a computer user’s internet browser sees this security protocol it will inform the shopper they have entered a “secure session”. HTTPS is generally used by trusted online merchants like Amazon and eBay and the developer of your website can help you set up this security protocol.


Reassuring customers

There are a few other simple steps firms can take to reassure customers that it’s safe to shop.

  • Let customers know about your refunds policy. How will you reimburse the customer if they have to send an item back?
  • Make sure you provide an address and contact phone number. It’s reassuring for online shoppers to know your physical location and to be easily able to contact you.
  • Make it clear how you handle customers’ financial information. Customers like to see familiar names such as the bank you use or the name of your payment services provider.

The state of the economy means SMEs can’t afford to lose business simply because they haven’t taken steps to secure their online sales channel, and to reassure customers about its safety. But there’s a good chance a satisfied and secure customer will return, and that’s something very important to anyone selling online today.