eCommerce 101 – From a Payment Perspective

In Blog by rishontLeave a Comment

Image result for ecommerce

What is eCommerce? It means the buying or selling of products or services over the internet. 

Generally, eCommerce businesses sell:

  • Physical goods
  • Digital goods
  • Services

There are a number of reasons that eCommerce appeals to both businesses and consumers, including:

  • 24/7 access
  • Competitive pricing
  • The availability to window and comparison shop with ease
  • The variety and scope of products available
  • Expand the market and gain customers outside of their geographic area

It’s not just retail. The most common eCommerce participants are businesses and consumers and there are 4 primary eCommerce types:

  • Business-to-Consumer (B2C): Businesses sell their goods and services to consumers; this is the form of e-commerce that most commonly comes to mind.
  • Business-to-business (B2B): Both the seller and the purchaser are businesses, for example, a manufacturer that sources components online.
  • Consumer-to-Business (C2B): Consumers, empowered by the internet, fulfill requirements for businesses. One example of this model is bloggers who are paid to market a business’s product/services on their blog.
  • Consumers-to-Consumers (C2C): Consumers sell goods and services directly to other consumers. eBay is an example of an online platform that facilitates C2C e-commerce.  

Okay, eCommerce sounds good, but you might wonder what software a merchant requires to create/develop an eCommerce ecosystem. 

Your website: 

The process of creating an online presence starts with the merchants developing a website. You will either select a traditional eCommerce model or a platform solution. Traditional eCommerce set-ups usually require a software developer or a web-designer versus a platform solution which is more plug-n-play. For us (Global Payments) to be competitive, we need to ensure that we are partnered with the right platforms, shopping carts, and gateways. 

Shopping Cart:

A shopping cart is a piece of software that assists online customers in making their purchases by providing a catalog and ordering process. It usually calculates the total, including shipping & handling, and associated taxes. Shopping carts require programming or a plug-in (pre-programmed code that can be downloaded and configured) to connect a payment page. Merchants with an existing website can build their own or purchase a SAAS module like Magneto, Zen Cart, etc. If you don’t have a website, you might consider using an eCommerce platform that has a store builder and a shopping cart. 

Payment Page:

Is a web-based payment application that allows a cardholder to enter payment card information to complete an online checkout process. The payment page must reside on an SSL/TLS encrypted website and sends sensitive credit card data between a merchant’s shopping cart and their merchant service provider. Merchants are able to pick between a hosted payment page or a direct connection (API integration).

Payment Gateway:

-An eCommerce application service provider that facilitates the transfer of transaction information between a communication portal that connects to an acquirers host to authorize transactions. Payment gateways usually certify their solution to most acquirers, enabling e-commerce platforms to easily develop their solution to accept payments using this connection. They offer two ways for merchants to integrate payments: 

-Providing a hosted payment portal/page for authorization (or)

-Providing a secure communication link for a merchant to authorize transactions captured from a hosted payment portal/page. 

Merchant services provider (acquirer):

Acquirers, like Global Payments, facilitate secure authorization, processing, and settlement of online transactions. Global Payments has two hosts (North and East) with the majority of solutions certified to the East Host. Eigen Mirapay is the only solution currently certified to the North Host. 

Required solutions to build an eCommerce ecosystem:

A merchant can choose between a traditional eCommerce model or an all-in-one platform. 

The traditional e-commerce model puts the developer in the driver seat to recommend, program and/or source each component to build a custom site that suits the merchant’s needs. The requirements include:

  • Designing the look and feel of your website
  • Deciding what your website should include (copywriting – a description of what you’re selling, product/service catalog, etc.). 
  • Registering the domain name
  • Selecting a web hosting provider
  • Obtaining an SSL/TLS certification
  • Considering mobile and desktop versions
  • Deciding what components need to be developed and which can be bought (SAAS)

All in One e-commerce platforms (aka web-in-a-box) provide merchants with everything you need to run your online business. Available for a monthly fee, they typically include:

  • Domain registration
  • Web hosting
  • shopping cart software
  • Store builder tools with plug and play design themes
  • Product catalog importing
  • Payment page
  • Search Engine Optimization (SEO)
  • Customer analytics
  • Real-time shipping rate calculation, and more.

You can also choose between developing a custom shopping cart and buying a shopping cart product:

Image result for shopping cart ecommerce

Custom shopping cart: Merchants may choose to develop a custom shopping cart, especially if they have basic needs or have a web design team to meet their unique requirements and branding.

Shopping cart product: These solutions will often provide a plug-in to quickly and easily integrate with a merchants website and don’t require a web designer. Some of the available models are:

  • Hosted: Monthly fee
  • Software: one-time fee (possible upgrades)
  • Open Source.

Payment Page: 

A payment page provides a merchant with a secure portal to retrieve credit card information to process payments cards. There are many payment page options to suit a merchant’s requirements (e.g. re-direct, iFrame, lightbox, etc)

There are two main ways to host transactions:

Hosted (redirect): Gateways that provide a hosted payment page redirect customers away from the merchant’s website, to the payment processor platform/acquirer for authorization

Pros: Gateway is responsible for PCI compliance and data security

Cons: Merchant does not control the end-to-end experience. The redirect experience can be jarring as some pages are generic in look and disrupt the experience. 

Direct (API Integration): An integrated payment gateway connects to a merchant’s e-commerce website via the gateway’s provided API – application programming interface. The merchant is responsible to develop a secure payment page to authorize transactions. 

Pros: Customer experience: Shoppers never leave the merchant’s website, giving them more confidence when completing a purchase.

Cons: The merchant holds the responsibility for PCI compliance requirements.

Payment Gateway:

  • There are two types of Payment gateways:
  • 3rd Party Gateways – there are many 3rd party payment gateways in the industry (e.g., CyberSource, Realex, Eigen, Bambora, etc). 
  • Acquirer gateways – Acquirers will usually have their own in-house payment gateway (i.e. Global Transport).

Gateways usually provide merchants with the following options:

  • Hosted payment page – Gateway provides and hosts the payment page and is responsible to comply with PCI DSS.
  • Value Adds – Usually include real-time reporting, accounting plugins virtual terminal for ad-hoc transactions/returns and fraud prevention as well as numerous pre-integrated 3rd party solutions.

Merchant service provider:

Acquirers facilitate secure authorization, processing, and settlement of online transactions. Global Payments, Inc. provides online merchants with:

  • A list of certified 3rd party eCommerce payment gateways and platforms that connect to our North and East hosts.
  • An internet/eCommerce merchant account (MID) to approved merchants.
  • User credentials that they will enter into their gateway to move the account out of demo mode and into production.
  • Value-added solutions for merchants to incorporate into their website:

When processing transactions in a card-not-present environment, merchants should layer several fraud prevention tools to ensure they have the weapons to reduce fraud. 

Fraud prevention & Data security tools:

The risk of fraud greatly increases when the consumer or card is not present during the transaction process.

All cardholders or issuer disputes/chargebacks resulting from a card-not-present sale are the responsibility of the merchant and may be debited from their account.

Fraud prevention tools help provide additional layers, to help merchants know/choose who they are doing business with. 

Layering multiple tools helps reduce the risk of fraudulent transactions, but only 3D secure has chargeback protection.

SSL/TLS encryption:

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols (techniques for secure communication) designed to provide communication security over a computer network.

Basically, they ensure all data transmitting in and out of the URL is encrypted and secure. 

Image result for ssl

Card verification value (CVV) 

Card verification value (CVV or 3-digit-code) refers to the three numbers on the back of Visa, Visa Debit and MasterCard cards near the signature panel. The 3-Digit code assists in validating purchases and helping to prevent potential fraudulent activity. American Express uses a 4-digit code printed on the front of the card. The CVV number is not recorded electronically in the transaction data, so the assumption is that if a consumer is able to provide the code, the credit card data has not been stolen electronically. 

Address Verification Service (AVS)

AVS helps ensure that the person making the purchase with their Visa/MasterCard is the same person who receives the card’s monthly statement. By matching the billing address the card issuer has on file against the billing address a cardholder provides during check-out, merchants and issuers work together to help ensure that lost or stolen cards are not being used in card-not-present environments to purchase goods or services.

For cardholders, AVS means that unless the correct billing address is provided to the online, mail or telephone merchant during check-out, the transaction will not be completed which may stop a fraudulent purchase from being made. 

3D Secure

Developed by Visa and licensed by MasterCard. 3D secure stands for “Three Domain Secure” – the domains being:

  • The acquiring bank
  • The issuing bank
  • The infrastructure that supports the 3D Secure protocol

Customers are asked to enter an additional password after checkout completion to “verify” they are truly the cardholder. 

3D Secure offers an extra layer of protection for cardholders and merchants. Visa and MasterCard have their own products:

  • Verified by Visa (VbV)
  • MasterCard SecureCode
  • American Express SafeKey – coming soon

It provides enhanced chargeback protection for certain reason codes. 


Liability Shift

Helps chargeback protection

Reduces fear of online shopping


Cardholders don’t understand it


Increased shopping cart abandonment

 Advanced fraud prevention tools:

Many gateways offer additional fraud prevention tools help merchants reduce losses due to fraudulent transactions and maximize legitimate transactions, rather than refusing business due to a fear of potential fraud: 

  • IP Geo-Location: Restrict transaction activity from specific internet protocol addresses using powerful IP tools.
  • Velocity Filter – Allows the merchant to specify a threshold for the number of transactions allowed per day or hour, a useful tactic to identify high-volume fraud attacks.
  • IP Address Blocking – Block transactions from IP addresses known to be used for fraudulent activity. 
  • Suspicious transaction filter – Reviews highly suspicious transactions using proprietary criteria identified by Authorize.Net’s dedicated Fraud Management Team.
  • IP Shipping address mismatch filter – compare the shipping address provided with an order to the IP address of where the order originated from.
  • Regional IP address filter – Flags orders coming from specific regions or countries.


Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent (token) that has no extrinsic or exploitable meaning or value.

The token is a reference (identifier) that maps back to the sensitive data through a tokenization system. 

Tokenization is used for repeated business, usually in a card-not-present environment for virtual terminals, batch, and recurring transactions. Most gateways provide eCommerce merchants with a virtual terminal to process ad-hoc transactions and returns. 

Value-added solutions to customize your site:

Search marketing:

A search engine is a piece of software that crawls the internet and indexes its pages in order to provide the best website recommendations using algorithms based on a user’s search query. There are 3 types of search marketing techniques that a merchant can implement on their own; though oftentimes due to the complexity, utilize eCommerce platform tools. 

SEM – Search engine marketing is the practice of utilizing both paid and unpaid methods to improve search results. Unpaid SEM is typically done by SEO. Paid SEM uses tools like Google Adwords or Bing Ads, where the merchant pays to promote their website, usually called pay per click advertising.

SEO – Search engine optimization is the process of affecting the visibility of a website or a web page to improve customer visits organically (free). Platforms like Bigcommerce have SEO features built in to help merchants optimize their site easily (like optimized URLs, automated canonical tags, etc.). Merchants will still need to earn a spot in the search engine rankings by utilizing programs like Google Adwords, which pick up the SEO components and have merchants compete to have top billing of their advertising copy and will pay-per-click (PPC) for all consumers that click on it to visit their site. 

SMM – Social media marketing is the process of gaining website traffic or attention through social media sites. Social media marketing programs usually center on efforts to create content that attracts attention and encourages readers to share it across their social networks. Uses items like RSS feeds, social news and bookmarking sites, as well as social networking sites, such as Twitter, video and blogging sites. SMM is similar to search engine optimization in that the goal is to generate traffic and awareness for a website. 

Content and Design: 

Merchants need to ensure their website demonstrates their brand and company professionally. Design and content include layout, usability, mobile optimization, product and inventory management. 

Store Design: Ensures that a website is professional looking and easy to navigate influences the percentage of visitors that are converted into paying customers. A web-designer will make design and content recommendations and program the code to build a beautiful website. Or they may use an all-in-one platform to keep development costs down for the merchant. All-in-one e-commerce platforms will provide easy to use design templates, themes, and images with drag and drop technology. 

Shopping cart saver: Shopping cart abandonment is any situation where an online buyer has placed items in a website shopping cart but leaves before completing. People abandon shopping carts for a multitude of reasons such as slow load times, excessive shipping charges and simply not being ready to buy, though as many as 75% intend to return and finish the purchase. Many eCommerce platforms offer solutions like abandoned cart emails and offer conversion optimization techniques where online stores send an automated email reminder to browsing customers who exit a website with outstanding items in their shopping cart.

Leave a Comment