The sheer number of different ways available in which the payment interface can be implemented with an Ecommerce platform can overwhelm the most of accomplished system integrators and decision makers.
I have listed below some of the options of implementing payment interface and the pros/cons. The details below are for card type of payment. For other payment methods, such as PayPal, bank transfers, I may write a separate post.
Ecommerce platform : Any Ecommerce shopping cart that is being used. It could be a product like ATG, WCS, Hybris or could be an in-house developed application. It is the application that runs various channels such as desktop, mobile, call centre etc.
Payment Gateways: Sometime it is also known as Payment Service Providers. They facilitate the transfer of information between Ecommerce platform and acquiring bank. http://en.wikipedia.org/wiki/Payment_gateway
1. Hosted payment page solution Vs API method
First let us see the difference between Hosted payment page solution and API method of implementation for card payments.
In a hosted payment page method, during the checkout, the page that captures the payment information ( the page where the shopper types-in his card information) is hosted by the payment gateway on its server. So the retailers’ Ecommerce platform does not capture, store or transmit any sensitive card information.
Whereas in the API method, the payment page is very much the part of the Ecommerce platform. Card information is captured by the Ecommerce platform and transmitted to the payment gateway.
|PCI DSS compliance||Most of the responsibilities are transferred to payment gateway as the merchant does not store any card information.||Since merchant stores the card information, merchant’s implementation needs to be PCI and compliant and the mandatory QSA audits need to be done at regular intervals.|
|Control||The page that captures the card details, is hosted by Payment Gateway and hence the merchant doesn’t have direct control over this page. However, normally payment gateways can style this hosted page, to be in-line with overall website.||Merchant can decide the look & feel of the page that captures card information. Style/CSS information can be modified by Merchant without being dependant on the payment gateway.|
|User experience||1) Since the shopper on the site, is taken to a different URL for providing card information , it doesn’t provide a seamless user journey.Some payment gateways, provide an Iframe approach ( rather than a completely different hosted page). In Iframe approach the Iframe part is also hosted by the Payment Gateway but there could be issues with this Iframe as well. Sometimes Iframe may render later than the other page elements, giving a not so satisfactory user experience.2) Since the card details are not available with the merchant ( to be precise, on the Ecommerce platform of the merchant), the shopper can’t save his card and reuse next time he comes to site, when registered and logged-in. (some payment gateways provide a complex API to achieve this )||1) Card details page, is part of the main site, hence shopper is never taken out of the main site. This gives a seamless user experience.2) Since the card information is stored on the Merchant site, shoppers can chose to save their card details and reuse next time they do a purchase.|
2. Delayed capture Vs Authorise & capture at checkout
Based on when the card is authorised and money captured there are two modes possible.
2.1 Delayed capture: The payment card is authorised only during checkout on your channel ( web, telephone, mobile), so that the shopper’s card is verified and the equivalent amount is blocked/reserved but actually money is not taken out from the card. The actually money is charged on the card ( known as capture or settle) , when you (as a retailer) are ready to ship the item ( which ensures that you are charging your customers’ card only when you are sure that the item he has requested to buy is actually available in warehouse and you are about to ship it).
This type of process is normally used by retailers who have a delayed fulfilment process. Where it takes considerable time between placing the order and actually shipping the item. It is also used by retailers, who are not sure of the inventory position, when the order is being placed on the Ecommerce channel.
Following diagram shows, delayed capture process with API method of integration. The Fraud screening element is left of for simplicity.
Following diagram shows, delayed capture mode with hosted payment method. ( Fraud screening element is left out for simplicity)
2.2 Authorise & capture at checkout
During checkout itself, the card is authorised and captured ( i.e. money is charged on the card).
This is particularly popular among the Ecommerce retailers who sell high value goods such as electronics or jewelry and have normally no issues with item availability.
Following diagram shows, Authorise & Capture mode with API payment integration ( Fraud screening element is left out for simplicity)
Integration of Ecommerce platform is an involved subject with various aspects to consider such as PCI compliance, Hosted Vs non Hosted, capture type (delayed Vs same time), fraud screening. I have covered a few aspects here and certain could not cover all possible aspects. I might update this post with more information ( mainly with Fraud screening and PCI) but meanwhile please provide your views and opinions on the post .