Payment security: How to offer secure payment methods to customers on your online shop
Payment security has a major impact on important KPIs for eCommerce retailers: from your conversion rate and bounce rate, to customer retention and beyond. The key is to offer your customers a secure payment process for their online orders; for example, by adhering to PCI DSS standards. At the same time, you want to minimise your own risk by ensuring that your payment system is as failsafe as possible. Below, we’ll show you all you need to know about payment security as an online retailer.
What does payment security mean for eCommerce retailers?
In eCommerce, payment security means that online shops must offer secure payment methods to their customers. That includes adhering to certain payment security guidelines; for example, PCI DSS standards. First and foremost, these standards are designed to protect the privacy and data security of your customers. After all, when a customer places an order on your site, they are entrusting you with highly sensitive payment details. And that information must be handled with care.
When it comes to payment security, it is also important that you keep the ordering and payment process as transparent and clear as possible. In order for a customer to trust your online shop, they must be able to recognise that your payment process is completely secure. Otherwise, they may abandon the ordering process altogether. One way that you can help gain your customers’ trust as an online retailer is to obtain certifications for secure online payment methods.
Why are certifications for secure payment methods important for eCommerce retailers?
The number-one reason for offering your customers certified payment security is: trust. As an online retailer, you can boost sales on your site by taking the right measures to gain your customers’ trust. When you ensure that your customers can make payments securely on your online shop, it has a positive impact on important KPIs, including:
a stronger checkout conversion rate.
higher purchase amounts per customer
increased likelihood of choosing retailer-friendly payment options, such as payment in advance
How to build trust effectively
Many online shoppers today are reluctant to pay in advance for their orders using payment methods such as a credit card. They may be worried that the order will not be delivered or that they will not receive a refund if they choose to send back the order during the return period. To ensure greater payment security, consumers increasingly prefer to ‘buy now and pay later’. Understandably, many retailers are concerned about the higher default risk that comes with this payment method. Yet, performing a credit check in advance to mitigate the risk is generally expensive.
Displaying online quality seals and certifications is a proven way of building a strong level of trust and influencing your customers’ shopping and payment preferences. According to a 2008 study by e-Commerce Center Handel, this simple practice can lead to an increase in conversion of up to 40%. eCommerce agency Elaboratum confirms these findings in their more recent study on the use of quality seals among online retailers (2017-18). According to that study, 45% of online shoppers look specifically for an online shop’s quality seals. These studies show that if you want your customers to use secure payment methods, then you should put some time into learning how to gain their trust.
Which quality seals exist for secure online payment methods?
There are various payment security providers who audit online shops on their payment security. These providers can evaluate whether your eCommerce business is following the standards that apply to each of the various payment methods on the internet. After that, they issue a quality seal, which you can embed into your shop. This sends a clear signal to your customers that you offer secure payment.
The table below lists a few common certifications used among online retailers.
|Payment security certificate provider||Certificate name|
|EHI Retail Institute||Online shop trust mark|
|datenschutz cert||Internet Privacy Standards|
|TÜV SÜD Management Service||S@fer Shopping|
Guidelines for secure payment methods that every online retailer should know
There are various payment security standards that eCommerce retailers should adopt to ensure that they are offering a secure payment process. Payment security certification providers can audit your compliance with these standards if you would like to obtain a quality seal to show how secure your payment process is.
PCI DSS standard for credit card payments
PCI DSS stands for Payment Card Industry Data Security Standards. These are the payment security guidelines that you should adhere to when processing payments made by credit card. Various credit card companies worked together to develop the PCI DSS framework, with the goal of creating a global standard to boost data security. To name just one example: online retailers are only allowed to save their customers’ credit card information if they are PCI DSS-certified.
It is the retailer’s obligation to regularly prove that they are complying with the security guidelines. To become PCI DSS-certified, you must furnish the following proofs of security:
Annual self-assessment: This covers general information about your company, your relationships with other companies and technical details on how you process credit card information.
Quarterly vulnerability scans: These help to detect any weak points in your systems or websites which might enable hackers to gain access to your customers’ credit card details. They include an evaluation of your network components, the operating systems and applications you use, and other parts of your infrastructure.
Annual onsite audits The onsite security audit is primarily aimed at large companies that handle millions of transactions per year. It involves an inspection of server sites, employee interviews, auditing of process documentation and hardening standards, as well as a system configuration audit.
The Payment Services Directive 2 (PSD2) is a payment security standard that applies primarily to payments made in EU/EEA currencies. Its purpose is to increase payment security in digital transactions and ensure greater consumer protection. To comply with PSD2, credit card companies Visa and Mastercard have worked together with credit card industry association EMVCo to develop the 3-D Secure protocol. The latest version of the protocol, 3-D Secure 2, is PSD2-compliant and applies to all EU countries and Switzerland.
Two-factor authentication: Stronger payment security for your customers
Under PSD2, all online retailers accepting payments in EU/EEA currencies must secure their transactions using Strong Customer Authentication (SCA), as of 1 January 2021. This involves the use of two-factor authentication, based on at least two of these three factors:
Knowledge: Something that only the customer knows, such as their password
Possession: Something that is in the customer’s physical possession, such as their smartphone, on which they receive a transaction authentication number (TAN)
Inherence: A unique personal characteristic, such as a fingerprint.
Example: If a customer wants to pay by bank transfer, they first have to enter their password to access their online banking platform. After that, they have to confirm their identity using facial recognition on their smartphone before the payment process can be completed.
Additional payment security for retailers
Two-factor authentication ensures increased payment security, not only for consumers, but also for retailers. It is a quick, easy and cost-effective way of verifying user identity and reducing the risk of fraud. PSD2 also makes transactions more secure for instant payment services like giropay. For retailers, these payment methods are especially secure, because:
The order is paid immediately and the payment process is directly authenticated. This enables you to process and ship the order more quickly.
Customers cannot immediately reverse an authenticated payment. This reduces the risk of retracted payments for online retailers.
Another important aspect of increased payment security under PSD2 is that online retailers must keep their payment processes as short and clearly structured as possible. If a customer has to click through too many steps, it imposes an unnecessary hurdle for completing the checkout process.
Reasonable payment options
In many countries, like Germany, online shops are required to offer at least one common payment option which is free of charge. This requirement is also relevant for payment security. The District Court of Frankfurt has ruled that the bank transfer method Sofort cannot be classified as ‘reasonable’. That is because it requires users to enter their bank account login details, including a PIN and TAN, in an environment that is outside their usual online banking platform. This poses an increased risk of data privacy violation. If you want to integrate secure payment methods into your shop system, it is important to also keep track of which customer data will have to be transferred to third parties.
With that in mind, here is a list of payment methods that are considered common and reasonable:
Buy now, pay later (payment by invoice)
Pay in advance (e.g. bank transfer)
Major credit cards
Payment security tips: Secure payment methods for retailers and customers
To increase your conversion rate, it’s a good idea to offer your customers a wide selection of payment options. This makes it important to know your target groups and understand which payment options they prefer. ‘Buy now, pay later’ is an increasingly popular payment option online. In some countries, like Germany and Austria, it is the most common payment method used in eCommerce. When using this payment option, the customer first receives their order and then has 14 days to pay the open amount. From a retailer’s perspective, the most secure payment options are those in which the customer pays for their order upfront.
To increase payment security while also catering to your customers’ preferences, it's a good idea to perform a risk assessment before choosing the payment methods you want to offer. Important factors for you to consider are the payment default risk of each payment method and the amount of time it might take to collect unpaid debts.
If your target group absolutely prefers to buy now and pay later, then try following these tips to ensure the right level of payment security for your online shop:
Tip 1: List ‘buy now, pay later’ as the final option
Do not place ‘buy now, pay later’ at the top of your list of payment options. This increases the chances that your customers will choose another secure payment method (such as an instant payment service) which also ensures greater payment security for you.
Tip 2: Perform credit checks
If you offer the option to buy now and pay later, you may decide to require a credit check to reduce the risk that the customer will fail to pay their bill.
Tip 3: Use a payment service provider
Find a payment service provider that you can trust. This reduces your risk and makes things much easier. A payment service provider makes sure that your customers pay their bills on time or else they cover your payment default risk and take the necessary steps to recover uncollected debts. With Mollie, you can be sure that every transaction will be completed successfully, all for a low fee.
eCommerce payment security: Summary
Payment security guidelines provide greater payment security—for consumers as well as for retailers. It’s important for online retailers to comply with PCI DSS standards as well as the 3-D Secure 2 protocol. If you want to offer secure payment methods online, consider applying for a payment security certification. This will help you to gain your shoppers’ trust and boost your conversion rate.
In addition to offering the right mix of payment options, payment security certifications are an excellent way to build trust. Use the handy checklist below to keep track of everything you need to consider when it comes to payment security on your online shop:
|Legal requirements for a trustworthy online shop||Include your site’s publication details and contact info|
|Comply with the consumer’s statutory right to revoke or return an order|
|Comply with guidelines on price accuracy and clarity|
|Always display your general terms and conditions|
|Adhere to all data privacy protection requirements|
|Basic requirements||Use high-quality web design|
|Provide an easy-to-navigate structure|
|Offer strong usability and technical performance (e.g. fast load times)|
|Provide extensive information about your company, products, etc.|
|Provide your company’s full contact details|
|Methods for building trust||Display quality seals and certifications|
|Show customer reviews|
|Offer a secure payment process in compliance with PCI DSS standards and the 3-D Secure 2 protocol.|