Online Purchasing Systems Safe, Secure if Built Correctly

What happens behind the scenes when you enter your credit card information online? Is it safe? For answers, I turned to the experts at Skipjack Financial Services, a Cincinnati-based company whose Canadian office is in Halifax.  I know them well because my employees at Nicom IT Solutions often use Skipjack when they create web sites that have an online payment option.

The first thing the Skipjack folks pointed out is that online payment processing is not that much different from traditional credit and debit card processing. In fact, a large portion of the transactions that they process are from traditional devices, like point-of-sale terminals.

When a merchant opens an account with Skipjack, their transactions get processed through Skipjack’s secure “transaction engine” that is connected via a “Payment Processor” to all the major banks in North America. Skipjack offers a management tool called “Merchant Services” that takes about a half-hour to learn and this tool gives you the ability to produce reports, set up recurring charges, reverse transactions, and a number of other administrative functions.

When Nicom builds a web site that process online transactions, we take extra special care that everything gets done in a secure manner. We don’t store any credit card information on the server hosting the web site and the transactions are encrypted before being sent to Skipjack’s transaction servers which are extremely well protected, both physically and electronically. That means you don’t have to worry about building this level of security in your own web site or have to worry about where it is being hosted. Many organizations around the province process transactions in the same way. When you use these systems, you can be assured of the highest level of security possible.

When a transaction is received by the transaction server, it is authorized by the Payment Processor and the issuing bank removes the payment amount from the credit card’s available credit. Each night, Skipjack sends a request to the Payment Processor to “settle” the accounts, and the money is transferred into the merchant’s bank account.

The overall process for getting set up can take several weeks (see sidebar), so if you want to accept online payments for the first time, give yourself some time to get this established. After you’ve gotten all the accounts set up, your web site payment form will need to be created and tested.

In addition to sending financial transactions, these forms can also send a confirmation email to the buyer, and often to someone who is administering the form at the merchant site. Back-end databases can get updated as well, to keep track of who has purchased the items or registered for the event, or to feed to other systems to handle inventory, shipping, etc. So how safe is it to do online transactions? Like any kind of credit card usage, it depends on the system. Just because the little padlock appears on your browser, this doesn’t guarantee it is safe. Some computerized systems suffer from bad design where not enough consideration was given to how the credit card information is treated. For example, some applications feel compelled to store credit card information so that they can rebill the customer or use it for audit purposes. Or they save up transactions (including credit card information) for processing at end of day. Skipjack offers ways to achieve these goals without storing the credit card details.

The bottom line: Online purchases are becoming more and more a way of life. If you deal with reputable merchants who take security seriously, online credit card transactions can be safer than traditional ones. And if you are a merchant looking to sell products or services online, make sure your web site is designed properly, with security in mind.

____________________

To get set up for payment processing in Canada, you need to do the following:

  1. Obtain a merchant account issued from one of several merchant account providers.
  2. Create an account with a Payment Gateway company like Skipjack.
  3. Register your merchant account information with a Payment Processor, which will validate funds with the banks.
  4. Get the forms created on the web site by a company like Nicom IT Solutions.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply