Web hosting: A job for the experts
Sally Whittle examines the potential advantages of hiring a specialist service provider for online transaction processing
Whether your ecommerce operation involves selling an entire catalogue of items across multiple time zones or simply shipping one product to a local market, your business survival ultimately depends on your ability to part customers from their cash.
It might sound straightforward, but creating a system that can record and store credit card numbers, customer account records and order details securely is no mean feat. And even if an organisation has this capability, it will need to link into the bank clearing system to actually process those payment details.
With 88 per cent of consumers saying they have often abandoned an online shopping cart during the payment process, getting transaction processing right is a vital part of successfully doing business online, says Charlene Li, an analyst with Forrester Research.
‘Shoppers are increasingly concerned about what retailers or nefarious hackers could do with their credit card information – and some sections of the market are reducing the amount of online shopping they do as a result,’ she says.
To persuade consumers that your ecommerce site is safe, you will need a site that links into trusted clearing systems, such as Visa and MasterCard.
However, the clearing companies are extremely picky about what sites they will link into – and their requirements will probably be well beyond your means, says Paul Court, director of operations with hosting company Globix.
‘This is something that companies such as Tesco or British Airways could do, but it is way too expensive and complicated for most companies,’ he says.
‘For every company that cannot afford to buy a bank or develop their own transaction engine, there will be some kind of third-party transaction p rocess.’
The key advantage of using a third party to manage your transactions is financial: there is no capital expenditure, and most service providers will simply take a percentage of the order value – usually between five and 15 per cent.
Second, a hosted transaction provider will often be able to offer higher levels of security because they have the expertise, equipment and housing infrastructure to keep data secure.
When the British Heart Foundation took the decision to outsource transaction processing and web hosting to Globix, cost and security were both major drivers, says Randy Perkins, the charity’s web development manager.
As well as being cheaper than developing an internal solution, Perkins says hosting avoids costly security breaches.
‘We are especially conscious of how we spend money because we are a charity,’ he says. ‘Getting the wrong provider could cost us dearly, not just in capital investment, but in terms of lost revenue and brand damage.’
Perhaps more importantly, a specialist service provider will handle the tricky business of integrating into banking and clearing systems, says Wendy Dobson, sales director at transaction hosting company Comms XL.
‘The outsourcer should be fully compliant with standards, such as the payment card industry data security standard (PCI DDS), so the huge expense and effort of compliance is on the host, not the customer,’ she says.
Finally, many outsourced transaction providers offer additional services, including reporting tools that can help companies gain a better insight into their sales and ordering data.
‘Outsourcing provides a centralised management system, so you can get a high-level overview or detailed breakdown of transactions whenever you require them,’ says Dobson.
Choosing the right outsourced service depends largely on how many transactions your business handles, what the value of those transactions is, and how risk-averse the company is.
Your involvement in the processing operation will vary according to how much of the responsibility you want to outsource. It can be as simple as employing a ‘buy button’ system hosted by a third-party provider, where all you have to do is include a piece of HTML code on your site and the processing company will send you a check.
But keep in mind that the more responsibility you take on yourself, the smaller percentage of your profits you will have to hand over to service providers.
Court says that if you are only handling a few transactions each day, and they are for £5 each, then the chances are that something very simple such as secure payment site PayPal would be enough to meet your needs.
‘But customers associate PayPal with amateur traders, so it is not suitable for business use,’ he says.
One step up from peer-to-peer services such as PayPal are payment gateways. These technologies redirect customers to a secure web page, hosted by a company such as WorldPay, where they enter their credit card details.
The advantage of such an approach is that the payment gateway handles all sensitive customer information such as credit card data and order details, reducing the risk of storing or handling such information internally.
The hosting company provides a certified secure environment that connects directly with the banking network and clearing systems. Companies can choose to use a fully managed transaction hosting service, which means effectively outsourcing the payment area of the web site.
When a customer clicks on the buy button, they will be redirected invisibly to your hosting company’s servers, where the transaction will take place. Merchants can outsource the checkout page of their web site, allowing the hosting company to manage the acceptance and processing of the transaction.
When customers hit the buy button, the hosting company collects the actual payment data, processes the transaction and securely stores the data for subsequent payment action. Some hosting companies offer a facility for customising the checkout page so that it mirrors the selling company’s own web site.
The first step in choosing a transaction service provider is understanding what is technically possible in your infrastructure. Most commercial ecommerce packages will link only into certain transaction processing gateways.
Although some services will allow you to engineer links into other gateways using XML, it is important that you calculate the likely costs and benefits of development upfront, to ensure that you do not end up paying over the odds.
If your ecommerce package allows for some choice of service provider, the most important questions to ask are related to security; trust is the biggest issue in ecommerce, says Forrester’s Li.
‘If customers aren’t happy that their credit card details are being handled responsibly, or feel they are being exploited for marketing information, they will leave very quickly,’ she says.
All third-party payment services should offer several core security features.
The payment processor should have security protocols such as secure socket layer, which provides data encryption, server authentication, message integrity and client authentication for TCP/IP connections, allowing client/server applications to communicate while preventing eavesdropping, tampering or message forgery.
More sophisticated hosting companies will also comply with the banking industry’s latest security standards, particularly PCI DDS, an initiative launched by Visa and MasterCard that requires firms involved in processing transactions to comply with a 12-point security standard.
The service should also either process the payment details for you, or provide you with an internet merchant account, which allows you to accept credit card payments online.
However, this is separate to processing those payments, which will probably still be carried out by a third party.
Finally, a payment service should have service-level guarantees suitable for the needs of your business. Court says one of the challenges of relying on a lower-end system is if problems start to occur.
‘A delay is OK if it costs you only a few pounds, but if it is running into thousands you have a problem,’ he says.