Online Payment Processing 101

Rich McIver is the founder of Merchant Guide LLC, a company that helps match online business owners with the ecommerce credit card processing solutions for their business. Follow Rich on Google+ and on Twitter @mnegotiators.

Online sales are an important opportunity for growth. Online merchants face a number of technical hurdles that they’ll need to confront in order to accept payments from their customers over the Internet. The more you understand the complexities of accepting payments online, the better you can steer your company to the best payment solution for you.

In this article we’ll cover some of the basics of online payments, shopping carts, payment gateways, and some helpful tips on how to choose your merchant account provider.

How Do Online Credit Card Payments Work?

In order to accept payments online, a business needs three key elements: a shopping cart, a payment gateway and a merchant account. Businesses can work with a single merchant account provider to set up their cart, gateway and merchant account, or may contract with separate providers for each feature independently.

A shopping cart allows customers to verify the items they want, and to enter payment and personal information. Once they enter their credit card information in the company’s shopping cart, that information is immediately received by the payment gateway. The gateway verifies the payment data and transfers this information from the merchant bank to the issuing bank or processor over a secure and encrypted Internet connection. This process assigns the business’s merchant account ID to the transaction, crediting the sale to them so that they ultimately receive payment.

A shopping cart for a software purhcase
A shopping cart for a software purhcase

What Is a Payment Gateway?

Aside from having a shopping cart, a business that wishes to take payments online must also have a payment gateway integrated with their cart. The payment gateway is a stand-alone piece of software that serves as a secure link between a company’s website, its merchant account and a customer’s issuing bank. Typically, a merchant account provider will deliver the merchant a payment gateway, but merchants with very specific needs may obtain one independently from a payment gateway developer. However, most merchant account providers offer an array of integration options for shopping cart software that will meet a company’s specific needs.

What Is a Merchant Account?

In order for a retailer to offer credit card processing options to their customers, they cannot simply obtain a contract with card issuers directly. Rather, they must obtain a merchant account with a merchant account provider. Since the credit card companies do not contract directly with merchants, a merchant account provider acts as a middleman connecting a business to the credit card companies.

credit card issuers
Your merchant account provider connects you to major credit card issuers

Once a business has contracted with a merchant account provider, who in turn has a contract with the credit card issuers, the merchant can begin accepting payments by credit and debit cards. There are several merchant account providers out there to suit a given businesses’ processing needs, but most attempt to distinguish themselves by offering unique features or underwriting guidelines. So before seeking out a merchant account provider, a business should first determine its specific needs.

Factors may include how a business plans on accepting credit cards (e.g. point of sale, mobile phone or tablet, phone order, or ecommerce), which types are credit card brands a business plans to accept (e.g. MasterCard, Visa, Discovery, Amex, etc.), and if a business requires additional processing features such as online processing gateways, accounting software integration, gift card processing or chargeback prevention packages.

How Do I Choose a Merchant Account Provider?

Merchant account providers tend to distinguish themselves in three ways: the types of payment gateway integration they provide, variety of payment options available, and the security features they support.

There are a few types of payment gateway integrations to choose from. The two most popular types are known as direct integration and third party payment processing. Direct integration seamlessly integrates a businesses’ shopping cart with the payment processor. This means that customers stay on the same website for their entire transaction. The fees for this option are slightly higher, but is preferred by most merchants because of the seamless checkout process it offers customers.

With third party payment processing, the customer is directed to the payment processor’s website to complete their order. Once the payment is approved, the customer is then automatically returned to the company’s website. Though this option tends to be less costly for merchants, some customers feel nervous providing payment information to a separate checkout site, which can increase your cart abandonment rate.

Whichever type of gateway a company chooses, they should make sure that it supports all of the credit cards and currencies your company plans to process. This is especially important if a business plans on selling internationally, or works in an industry, such as energy or healthcare, where customers often use niche types of credit cards.

Merchant account providers further distinguish themselves via the security features they offer. Most use a trusted source to meet payment data security compliance standards, such as PCI-DSS. This ensures that a cardholder’s data is protected and maintained through a secure network. PCI-DSS is the industry standard and is becoming ubiquitous. A company should, at any rate, verify the compliance standard with a potential merchant account provider before agreeing to use their gateway.

Processing payments online is one of the quickest routes a business can fall victim to fraud, often through chargebacks. For this reason, many merchant account providers specializing in online and ecommerce businesses offer additional services designed to reduce or avoid chargebacks. These services include providing gateways that use security card codes (CVC2 and CVV2) to verify a customer’s possession of a credit card during an online order. This feature can limit the amount of transactions processed by credit card thieves in possession of a stolen credit card number and not the physical card itself.

security features
Additional security measures

Additionally, an address verification system (AVS) can help a business identify suspicious orders processed with inconsistent address data. AVS matches the customer’s credit card billing address with the address provided at checkout. Gateways and processors differ significantly in the number of chargeback and fraud prevention measures they offer. If a retail business is prone to fraud or sells big ticket items, make sure to select a processor that will assist in minimizing fraud and chargebacks.


By enabling online payment processing, businesses can expand their customer base geographically and demographically. In an era of compressed margins and increased competition, having the opportunity to expand their market reach is well worth jumping the hurdles necessary to accept online payments. With the right provider, your customers will rest assured that their data is safe, and your business can expand with confidence.

Learn more about the complexities of managing online payment processing by downloading our complimentary white paper


  1. Fred

    Well damn, this was a really great 101. I know all about this stuff now, but I really could’ve used this a couple years ago. Payment processing seems basic now but when you don’t know anything about it, it can really seem super confusing!

    1. Nick Liebman

      Thanks so much for the feedback, Fred. We would love to hear more about the payment solutions you found along the way.

  2. Jonathan

    Thanks for posting this I needed to refresh these different ideas in my mind again. We currently have Paypal hooked up to our checkout page. The other option is for a customer to give a CC over the phone, which always takes longer and ties up an employee. For some reason a few customers still think you need to have a Paypal account to process payment. Do you happen to know any other companies that might have lower fees?…Thanks

    1. Nick Liebman

      Hi Jonathan,

      Thanks so much for your comment. When it comes to fees, you will want to be sure you are balancing fees with the actual services provided. For instance, working with a full-service ecommerce or subscription commerce solution could free your team from taking credit card information over the phone. Better than saving on costs with your employee time, taking credit card details only through a secured online portal also reduces the risk of a data breach, and helps keep your business free of fines or the damage to your reputation a breach could spark.

      Check out this post from cleverbridge’s compliance manager, Daniela Hagen and let us know what you think.

Comments are closed.