A, B, C’s of taking payments online

They say, many roads lead to Rome, but for online payments everyone has to start from the same place before options open up, all sites must have:

SSL page

1)  secure web page to take a payment (you know the little lock and https in the url-known as SSL a secure socket layer),

2) a payment gateway (takes the payment online), and

3) a payment processor the entity that works with the banks and the credit card companies who will in the end deposit the funds to your bank account.

The next step is to decide whether you are building a lemonade stand or a store. If you choose store, big or small doesn’t matter.

For the the sale of just a few items with low volume sales or single donation links, paypal.com will allow you to build a lemonade stand with no set up costs, really you don’t even need a programmer, you don’t even need to worry about a secure web page, all of the transactions happens on the paypal website. You just copy and paste the information they give you to your web page.

The reason why I call this the lemonade stand is because you are dealing with a very limited inventory that does not require a lot of updates or sorting, the volume is low so you don’t need much tracking, and chances are high that a lock box and your receipts that you take home with you when you fold up your table is enough.

To become an online store, following are the ongoing investments that should be taken into consideration and added into your business spreadsheets along with all your other investments and risk:

One Time:

Design and software configuration set up based on your sales needs and tracking.

Ongoing Costs:

  1. Software maintenance: Upgrades to your software as new releases are made available. (prices vary)
  2. Domain registration and hosting: Annual renewal. ($29 for domain, hosting varies annual or monthly)
  3. SSL (Secured Socket Layer): are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks such as the Internet. This socket layer (notice on any secure form url address becomes HTTPS) ensures that any information entered on these pages are encrypted and cannot be viewed by anyone without authorization. These pages require a static ip address as well as a certificate that certifies your web page has been secured. (Annual renewal varies from $125 +)
  4. Additional hosting fees for secure website: SSL monthly hosting and Static IP hosting. Annual or monthly fees.
  5. Feature updates: programming work for changes that may be needed to your website.
  6. Encryption software such as pgp or gpg.

The question that always comes up: “I am a small shop, do I really need all of this ssl and encryption stuff?” Answer: “Yes!”

The larger you get, then, the Credit Card Processing Industry has additional requirements to make sure that you are not exposing them to risk. For over a certain volume in sales you will need to move to closed, single client only server arrangement and third party scanning companies are required to scan your site quarterly and review your security policies and procedures.


When taking sensitive information such as credit card data, security is not an afterthought. ICI web services are compliant with HIPPA, COPPA, Visa CISP, and PCI regulations.

Looking for more information on this topic: Web Hosting, Wikipedia >>

Comments are closed.