Having received an order, payment has to be organised. A number of approaches are available.
The simplest solution is to have the payment made in the traditional way, either by cheque or (if you already have merchant status and a payment processor) by credit card.
If you plan to establish a business trading in e-commerce and want to acquire merchant status from a payment processor without being able to show your previous track record, you will need to be prepared for a pretty thorough working through of your business plan with the payment processor.
Taking credit card payments online is a bit tricky. It involves many participants - the card issuer, the cardholder, the cardholders bank, the Internet Service Provider, the merchant and the merchants bank. All have to be satisfied that the order is genuine, and that payment is possible and will be made. In addition, no-one else should be able to see the transaction take place.
If you have no trading history with what are termed 'Customer Not Present' transactions such as those on the internet, you may find you are unable to acquire Merchant Status from a payment processor. In this case, your only real option is to use a respected sub-processor such as 'Netbanx' or "Worldpay" who will effectively use their merchant status to complete your transaction. With such services, the cost per transaction is usually a bit higher. You are, however, sure of their security, and sometimes it is the only way to acquire merchant status enabling credit cards to be accepted..
Ordinary communication on the web is not "secure". This means that anyone who is sufficiently determined and has the right equipment can intercept and copy, say an email message, as it moves along the information superhighway. Hardly anybody does, and apart form Governments interested in National Security, it is difficult to see why anyone would want to. It is analogous to someone using a radio scanner to listen in to mobile phone or short wave radio communications. However, most people think this is too risky a process to provide details about their credit card numbers. (Never mind the fact that they cheerfully use them over a mobile phone to book tickets!)
The web browsers that most people use have a built in level of protection available. Without getting too much into the technicalities, they use a code to encrypt the messages you send, so the intercepted message is gobbledygook to anyone else. The most basic of these uses something called 40 bit encryption. This is a medium level of encryption. It has to be sent via a web server (provided by your ISP) that has the same 40 bit level of encryption available (called SSL - Secure Sockets Layer). It also relies on the person at the other end being the one with the key to decode the message. However, a very determined hacker, with access to a lot of high powered computer time could, in time, crack the encryption and decode the message.
The next level up is something called 128 bit encryption. This is acknowledged as almost impossible to crack. So much so, that some governments have banned its use within or across their National boundaries. Where it can be used, it is very secure. However it requires your ISP to host your site on a SSL server with compatibility to the 128 bit system (otherwise it defaults to the 40 bit level). These are available but, as you might have guessed, the cost is mounting.
The next generation of security is likely to be provided by the so-called smart cards. The issue of EMV (Europay-MasterCard-Visa) is likely to be the key to implementing payments by cards in the future.
In addition, payments for small amounts (say 50p to £5) are another matter altogether. The big payment processors are not really interested in small sums like these via a credit card, and there is a race on at the moment to devise a system of payments (called collectively "micropayments") that will become the universal arrangement. Market leaders at present are alliances of groups looking to use charging of micropayments to your phone bill. Another group are looking at using the pre-paid mobile phone cards as an internet currency. Yet another company plans to issue a similar style of card, but only for use on the internet. Finally, another group are looking to use tokens. The leading one here at the moment is "Beenz". This currently works on the "Green Shield Stamps" principle, but when a critical mass has been achieved, the plan is to convert it into an international e-currency that you buy locally in your "own" currency.
So, payments in real-time are possible, and new solutions are being developed on a daily basis, but you might agree that it is still just a bit early to get into the water.
If you want to try however, we would be pleased to help.