Whilst most businesses recoginise that selling their products or services onlne represents one of the biggest opportuntities for future growth, they may be reticent in doing so for fear of the security implications.
The major concern for businesses that wish to sell products on line is that of a data breach resulting in the loss of customers credit card information, with the associated damage to the businesses creditability with their clients.
For this reason it is never advisable to process credit card transactions within your website.
The more sensible and secure method is to process sales via a payment gateway.
Using this method no sensitive data is stored or entered at all on your website beyond the basic username and email address.
This reduces the merchant's Payment Card Industry Data Security Standard (PCI DSS) compliance obligations without redirecting the customer away from the website.
The transaction occurs on a third party site eg. Lloyds, Barclays, Paypal etc. and they take full responsibility for the security of client data.
In the event that Barclays, Lloyds Paypal etc themselves incur a data breach on their secure sites then the clients affected will run into the hundreds of thousands but never is there a link back to your business as these companies process payments for innumerable sites.
As no additional data is ever entered onto your site there is no risk exposure above that which you currently have, and yet now you are able to make additional sales.
How it works in practice:
The store component can be configured to use a multitude of payment methods:
PayPal – (also enables credit card processing)
Collect on delivery
The products to be purchased are added to a cart and when the 'checkout' button is clicked the various payment methods are presented.
On the selection of a payment method the payment gateway takes over and the purchaser is switched seamlessly to the secure payment site selected. The transaction takes place on the third party site, and on successful completion of the transaction they are returned to your site.
Notification emails of the order and completion of payment for the order are sent to nominated recipients. NO SENSITIVE INFORMATION IS EVER PRESENT ON YOUR SITE, thus removing any security risk.