There are hundreds of online stores out there but they all need a secure payment gateway in order to store customer card details. The security technology and cost behind these systems mean most store payment gateways are run by a select third party. This is common place in e-commerce as its doesn't make financial sense to host your own due to running and implementation costs.
There are around 20 to choose from when using ECWID and all are secure ways to take payment within your store.
When you arrive at a checkout of an online store, you'd need to input card details in a secure environment. The payment processor then tkaes your details, talks to your bank, confirms you have enough money to cover the payment and then comes back as successful. The money is then sent from your card to the payment gateway provider in the usual manner.
This process takes place within the same browser window on your website, giving the impression it is your own site taking payment. Once complete it usually re-directs back to a thank you page within your site and the various account and confirmation emails are sent. You can test this process within our test store TDS Boarding.
The main point of using a payment processor is security and peace of mind for the customer. They need to know their card details are secure and thus, all details are held with the payment processor and NOT within your own website or ECWID control panel.
As with anything in life none of this is free so you need to factor in a monthly payment for ECWID (probably 15$-35$) and then the % from each transaction. A company like Stripe will take a 1.4% cut from each transaction, whereas Sagepay will also want a monthly fee of £20 for 350 transactions.
This amount of money is minimal compared to the cost of designing, developing and supporting your own gateway, hence why nearly all online stores use these types of gateway.
If you take our example of Snow Boards - 1/10th of a single sale pays for the monthly payments to the store and gateway services leaving every other order free for profit making.
Please see some technical information below regarding the 2 payment procesors we have mention. You can also use Paypal, Amex and a host of other supplier that all do the same job. We can guide you through the process and advise which processor will suit your business.
TALK TO US ABOUT E-COMMERCE
Stripe has been audited by a PCI-certified auditor, and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.
All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe's internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe's infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn't share any credentials with Stripe's primary services
SagePay are the largest independent payment service provider (PSP) in the UK and Ireland, Sage Pay provides a secure payment gateway (Level 1 PCI DSS), processing payments for thousands of online businesses, including ours.
Sage Pay uses a range secure methods such as fraud screening, I.P address blocking and 3D secure. Once on the Sage Pay systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards.
Sage Pay is PCI DSS (Payment Card Industry Data Security Standard) compliant to the highest level and maintains regular security audits. They are also regularly audited by the banks and banking authorities to ensure that their systems are impenetrable.