The Buck Stops Here: Designing the right e-commerce payment process for your business.

By Lisa Cedrone

E-commerce, by definition, indicates electronic payments over the Internet, and “more and more online sellers realize that their online checkout and offered payment options directly influence their conversion rates (converting shoppers into to buyers),” according to Ecommerce WIKI. If an online store does not incorporate the best payment methods for a particular audience, it might miss out on sales due to shoppers’ payment preferences. Therefore, it is important to understand the different payment cultures and pick the right mix for your buyers. 1

In North America, for example, credit cards have become the most common form of payment for e-commerce transactions; they account for almost 90 percent of all online retail sales.2 However, this statistic doesn’t negate the importance of PayPal’s 200 million active account holders worldwide, many of whom opt to avoid sharing their credit card information directly on e-commerce websites. Overall, there are a lot of options to consider and/or combine, and finding the right configuration for your e-commerce website starts with understanding the backend of the process.

The Flow

Overall, an online payment moves through several steps, often with varying providers for each transaction. To accept credit card payments from your customers online, for example, you need a payment gateway and a merchant services account. “The payment gateway is used for facilitating online transactions and helping them get approved, according to an explanation by Hanna Wolsfelt on “It is also the first place the transaction goes when a customer submits an order online. The transaction flows through the payment gateway, to the payments ecosystem, and should it be approved, [it] will eventually make its way into the merchant account.” 3

“Merchant accounts are for reconciling the funds sent to the merchant on successful sales,” Wolsfelt adds. “These are the funds that were approved through the payments ecosystem. All approved payments are paid out to you, the merchant, through your merchant account. This is the last stop before you receive the funds in your normal business bank account.”

Here’s how it works: A customer makes a purchase from the checkout page of your shopping cart. He or she enters credit card information and it is sent to the payment gateway, which encrypts the payment information and then sends it to a payment processor for authorization. The payment is either accepted or declined and the information is sent to the customer. This all takes place in about 2 seconds and, if approved, the money is then transferred from the customer’s bank to your merchant services account.4

Within this process, the data transmission is encrypted using a SSL (Secure Sockets Layer) certificate, which is a small data file that digitally binds a cryptographic key to a company’s details. “When installed on a web server, it activates the padlock and the https (Hyper Text Transfer Protocol Secure) protocol and allows secure connections from a web server to a browser,”5 according to In other words, HTTS/SSL allows for private communications between a website and a user and decreases the risk of hackers obtaining sensitive information such as credit card numbers, usernames, passwords, etc.

Do-It-Yourself Approach

If you have the initial resources to invest in setting up your own online payment system, the extra time and effort on the frontend can result in long-term cost savings. For example, one nonprofit founder I know determined that using a turnkey bundled shopping cart/payment platform would cost more than obtaining an independent merchant services account and linking it to Volusion, a shopping cart platform with no processing fees for nonprofits. Her organization was able to secure a 2.1 percent processing fee from its merchant services provider and use the lowest-cost Volusion plan ($15 per month) with 1 GB of bandwidth. Since the programs offered by this nonprofit are high-priced (from $1,300 to $2,000) and small in number (compared to the number of items an average apparel retailer would offer, for example) this low-cost, low-bandwidth model makes sense.

Other options include payment services such as Stripe, “a suite of APIs that powers commerce for businesses of all sizes,” according to the company’s website. In computer programming, an API (Application Programming Interface) is a set of subroutine definitions, protocols, and tools for building software and applications. An effective API makes it easier to develop a program by providing all the building blocks, which are then put together by a programmer.

If you are going to take the plunge and implement a secure payment system yourself, some of the most important questions to consider include:4

Is your process secure and compliant with The Payment Card Industry Data Security Standard (PCI DSS)? PCI compliance currently has 12 requirements:6

  • Install and maintain a firewall configuration to protect cardholder data.
  • Do not use vendor-supplied defaults for system passwords and other security parameters.
  • Protect stored cardholder data.
  • Encrypt transmission of cardholder data across open, public networks.
  • Use and regularly update antivirus software.
  • Develop and maintain secure systems and applications.
  • Restrict access to cardholder data by business need-to-know.
  • Assign a unique ID to each person with computer access.
  • Restrict physical access to cardholder data.
  • Track and monitor all access to network resources and cardholder data.
  • Regularly test security systems and processes.
  • Maintain a security policy and ensure that all personnel are aware of it.

Is your process reliable and always available with backup systems in place? This includes data validation, “the process of ensuring that a program operates on clean, correct and useful data. It uses routines, often called ‘validation rules,’ ‘validation constraints’ or ‘check routines’ that check for correctness, meaningfulness, and security of data that are input to the system.”7

Is the payment process easy to use, easy to integrate and flexible with accessible technical support? It’s important that the payment process works on all platforms you are using, such as your website, mobile devices, online marketplaces, over the phone and in person, etc.

Turnkey Approach

If your company has limited startup funding to outsource piecing together all the parts of an online payment process and lacks the tech experience to take an in-house DIY approach, you might want to opt for a bundled, turnkey solution to accept payments, such as the built-in options from many hosted shopping cart platforms. Shopify, for example, offers integrated credit card processing for 2.9 percent plus .30 cents per transaction with its $29-per-month program. Shopify online “stores” also include a free 256-bit SSL certificate, and “all pages, content, credit card and transaction information is protected by the same level of security used by banks,” according to the website. Additionally, “based on your location, Shopify will automatically handle major country and state tax rates” and integrate automatic shipping rates from major carriers including USPS, FedEx, and UPS.

PayPal is another easy-to-use turnkey option to accept secure payments online. “Available in more than 200 markets around the world, the PayPal platform, including Braintree, Venmo and Xoom, enables consumers and merchants to receive money in more than 100 currencies, withdraw funds in 56 currencies and hold balances in their PayPal accounts in 25 currencies,” according to the PayPal website. “Creating PayPal buttons, which can be inserted as code into any website, is an easy way to offer customers an option to log in and use their personal PayPal account or to pay directly by credit card.” It’s also possible to configure a PayPal account to collect tax and add shipping costs.

Here’s one example of how this can work in the United States based on one of my own client projects for a trolley company: Using the company’s PayPal account, I created individual PayPal buttons by date to sell seats for the company’s annual Holiday Lights Tour. The button code for each date was inserted on an individual date-specific website landing page that linked to the main website. The PayPal inventory option was used to make sure that the number of seats was limited to how many people would fit on the trolley car, and sales would not process when the maximum number of seats available for each night sold out. It was a simple process that required little modification to the company website. Once a tour date passed, the link was manually removed from the main “Holiday Lights Tour” page of the site.

Using PayPal, small sellers such as this trolley company do not see or have access to customers’ credit card information, which is processed through the PayPal site. Hence, it’s not necessary to implement a SSL directly on a company’s website or pay for an annual hosting fee with a shopping cart platform such as Squarespace or Shopify. The PayPal rate, like Shopify’s, is 2.9 percent plus .30 cents per transaction.

Additionally, PayPal is the established go-to payment method for most shoppers on the Etsy and Ebay marketplaces. “PayPal has become one of the most trusted payment platforms online. It was one of the first that provided freelancers with a way to accept credit card and debit card payments without having to partner with a credit card processing company and face high monthly and transaction fees,” notes Brett Relander in an online article in Entrepreneur magazine.8 “Over time, PayPal has evolved into offering personal and business accounts, its own debit and credit card, a revolving credit line and business loans. It allows you to accept payment in foreign currency and then handles the currency exchange process for you for a minimal fee.”

Whatever payment option you choose, make sure you are comfortable with the level of sensitive data that your website will house and people will have access to view. Think through the process carefully on the frontend, document flowcharts and, as the old carpenter’s saying goes, “Measure twice and cut once.”

Lisa Cedrone is the editor of Transformation Magazine and a freelance editor, writer, and graphic designer working primarily in the spiritual and alternative healing communities. Prior to establishing her Sarasota, FL-based freelance business in 2008, Lisa spent 20 years as an editor/editor-in-chief for two of the Top 10 business-to-business publishers in the United States, serving the apparel manufacturing and residential construction/building markets. Her company, DragonFly Nation, offers a wide range of creative services, with an emphasis on cost-effective, turnkey editorial and design projects for both print and web. Contact her at or visit


1. “What are the Latest Trends?” Ecommerce WIKI, online report at

2. “Everything You Need to Know About Merchant Services,” by Darrah Brustein, December 16, 2014, Entrepreneur, online article at

3. “Merchant Account vs. Payment Gateway: What’s the Difference?” by Hanna Wolsfelt,, online analysis at

4. “Understanding Online Payments,” PinnacleCart, YouTube video at

5. “What Is SSL (Secure Sockets Layer) and What Are SSL Certificates?” website, online definition at

6. “PCI Compliance Checklist for 2017,” Town Square Business Resource Center Blog, online checklist at

7. “Data Validation,” Wikipedia, online definition at

8. “25 Payment Tools for Small Businesses, Freelancers and Startups,” by Brett Relander, July 16, 2016, Entrepreneur, online article at

9. “E-commerce Payment System,” Wikipedia online article at

This entry was posted in Coaching. Bookmark the permalink.