How to accept payments online

Something I wrote for IT Donut.

In my job I come into contact with a lot of ecommerce businesses and the range of sites is quite staggering in terms of both products and company size. However there is one common factor: they all have to be able to take card payments.

Accepting payments online can be a fairly daunting process, especially for the first time merchant. There is a lot of jargon, bureaucracy and confusion about how to get started. In this article I’ll attempt to demystify the topic.


In the 12 years since its launch PayPal has become one of the most successful online businesses of all time. There is huge trust in the brand and most importantly it’s incredibly simple to set up. To me, every merchant, regardless of size, should accept payments via PayPal. Independent research has indicated it may also increase orders by as much as 10%.

There is a downside however: the fees. As a rule PayPal charges 3% per transaction. This may not sound a lot when you are starting out it can become fairly painful in the long run, especially if you are successful.

Merchant accounts and PSPs

Eventually everyone selling online will want to take more control and accept card transactions directly. If you want your bank to handle your card transactions the starting point is an Internet Merchant Account (IMA). Many people selling online come from a traditional retail environment and may already have a merchant account. First step is to contact your existing bank as often this is the quickest and most cost effective way.

Once you are set up with an IMA the next step is to sign up with a Payment Service Provider ( PSP). Well known companies include RBS WorldPay, Sage Pay and my own company’s Actinic Payments.

The PSP is the bridge between your online store and your bank. Think of it as an electronic till. Check how well a PSP will integrate into your ecommerce solution and whether it offers additional services such as anti-fraud.


The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide standard created to help prevent credit card fraud and has become a requirement for anyone that holds, processes, or exchanges cardholder information. If you are taking online payments, or holding card data somewhere you have to be compliant. Breaching this standard carries heavy fines that, if enforced, would put the majority of small companies out of business.

However PCI DSS needn’t be a huge hurdle. If you are using a PSP, it has to be compliant, not you. Then a customer shopping at your site is transferred seamlessly over to the PSP to input card data and take payment. The PSP has all the headaches of compliance and your ecommerce system holds no sensitive data.


Taking payments online doesn't need to be complex, the process itself is rather simple but it’s important you get it right. Depending on the size of your operation there is a solution that will fit. Isn’t it time your electronic till started ringing?