Payment security: How to offer secure payment methods to customers on your online shop

All you need to know about online payment security | MollieAll you need to know about online payment security | Mollie
Nick Knuppe
Product Marketing Manager
Customer-centric marketer and Go-To-Market perfectionist.

Payment security has a major impact on important KPIs for eCommerce retailers: from your conversion rate and bounce rate, to customer retention and beyond. The key is to offer your customers a secure payment process for their online orders; for example, by adhering to PCI DSS standards. At the same time, you want to minimise your own risk by ensuring that your payment system is as failsafe as possible. Below, we’ll show you all you need to know about payment security as an online retailer.

What does payment security mean for eCommerce retailers?

In eCommerce, payment security means that online shops must offer secure payment methods to their customers. That includes adhering to certain payment security guidelines; for example, PCI DSS standards. First and foremost, these standards are designed to protect the privacy and data security of your customers. After all, when a customer places an order on your site, they are entrusting you with highly sensitive payment details. And that information must be handled with care.

What does payment security mean for eCommerce retailers?

When it comes to payment security, it is also important that you keep the ordering and payment process as transparent and clear as possible. In order for a customer to trust your online shop, they must be able to recognise that your payment process is completely secure. Otherwise, they may abandon the ordering process altogether. One way that you can help gain your customers’ trust as an online retailer is to obtain certifications for secure online payment methods.

Why are certifications for secure payment methods important for eCommerce retailers?

The number-one reason for offering your customers certified payment security is: trust. As an online retailer, you can boost sales on your site by taking the right measures to gain your customers’ trust. When you ensure that your customers can make payments securely on your online shop, it has a positive impact on important KPIs, including:

  • more traffic

  • higher purchase amounts per customer

  • increased likelihood of choosing retailer-friendly payment options, such as payment in advance

How to build trust effectively

Many online shoppers today are reluctant to pay in advance for their orders using payment methods such as a credit card. They may be worried that the order will not be delivered or that they will not receive a refund if they choose to send back the order during the return period. To ensure greater payment security, consumers increasingly prefer to ‘buy now and pay later’. Understandably, many retailers are concerned about the higher default risk that comes with this payment method. Yet, performing a credit check in advance to mitigate the risk is generally expensive.

Displaying online quality seals and certifications is a proven way of building a strong level of trust and influencing your customers’ shopping and payment preferences. According to a 2008 study by e-Commerce Center Handel, this simple practice can lead to an increase in conversion of up to 40%. eCommerce agency Elaboratum confirms these findings in their more recent study on the use of quality seals among online retailers (2017-18). According to that study, 45% of online shoppers look specifically for an online shop’s quality seals. These studies show that if you want your customers to use secure payment methods, then you should put some time into learning how to gain their trust.

Which quality seals exist for secure online payment methods?

There are various payment security providers who audit online shops on their payment security. These providers can evaluate whether your eCommerce business is following the standards that apply to each of the various payment methods on the internet. After that, they issue a quality seal, which you can embed into your shop. This sends a clear signal to your customers that you offer secure payment.

The table below lists a few common certifications used among online retailers.

Payment security certificate provider Certificate name
eKomi Ltd. eKomi
EHI Retail Institute Online shop trust mark
datenschutz cert Internet Privacy Standards
TÜV SÜD Management Service S@fer Shopping
Shopauskunft.de
Trusted Shops

Guidelines for secure payment methods that every online retailer should know

There are various payment security standards that eCommerce retailers should adopt to ensure that they are offering a secure payment process. Payment security certification providers can audit your compliance with these standards if you would like to obtain a quality seal to show how secure your payment process is.

PCI DSS standard for credit card payments

PCI DSS stands for Payment Card Industry Data Security Standards. These are the payment security guidelines that you should adhere to when processing payments made by credit card. Various credit card companies worked together to develop the PCI DSS framework, with the goal of creating a global standard to boost data security. To name just one example: online retailers are only allowed to save their customers’ credit card information if they are PCI DSS-certified.

PCI DSS standard for credit card payments

It is the retailer’s obligation to regularly prove that they are complying with the security guidelines. To become PCI DSS-certified, you must furnish the following proofs of security:

  • Annual self-assessment: This covers general information about your company, your relationships with other companies and technical details on how you process credit card information.

  • Quarterly vulnerability scans: These help to detect any weak points in your systems or websites which might enable hackers to gain access to your customers’ credit card details. They include an evaluation of your network components, the operating systems and applications you use, and other parts of your infrastructure.

  • Annual onsite audits The onsite security audit is primarily aimed at large companies that handle millions of transactions per year. It involves an inspection of server sites, employee interviews, auditing of process documentation and hardening standards, as well as a system configuration audit.

PSD 2

The Payment Services Directive 2 (PSD2) is a payment security standard that applies primarily to payments made in EU/EEA currencies. Its purpose is to increase payment security in digital transactions and ensure greater consumer protection. To comply with PSD2, credit card companies Visa and Mastercard have worked together with credit card industry association EMVCo to develop the 3-D Secure protocol. The latest version of the protocol, 3-D Secure 2, is PSD2-compliant and applies to all EU countries and Switzerland.

Two-factor authentication: Stronger payment security for your customers

Under PSD2, all online retailers accepting payments in EU/EEA currencies must secure their transactions using Strong Customer Authentication (SCA), as of 1 January 2021. This involves the use of two-factor authentication, based on at least two of these three factors:

  • Knowledge: Something that only the customer knows, such as their password

  • Possession: Something that is in the customer’s physical possession, such as their smartphone, on which they receive a transaction authentication number (TAN)

  • Inherence: A unique personal characteristic, such as a fingerprint.

Example: If a customer wants to pay by bank transfer, they first have to enter their password to access their online banking platform. After that, they have to confirm their identity using facial recognition on their smartphone before the payment process can be completed.

Additional payment security for retailers

Two-factor authentication ensures increased payment security, not only for consumers, but also for retailers. It is a quick, easy and cost-effective way of verifying user identity and reducing the risk of fraud. PSD2 also makes transactions more secure for instant payment services like giropay. For retailers, these payment methods are especially secure, because:

  • The order is paid immediately and the payment process is directly authenticated. This enables you to process and ship the order more quickly.

  • Customers cannot immediately reverse an authenticated payment. This reduces the risk of retracted payments for online retailers.

Another important aspect of increased payment security under PSD2 is that online retailers must keep their payment processes as short and clearly structured as possible. If a customer has to click through too many steps, it imposes an unnecessary hurdle for completing the checkout process.

Reasonable payment options

In many countries, like Germany, online shops are required to offer at least one common payment option which is free of charge. This requirement is also relevant for payment security. The District Court of Frankfurt has ruled that the bank transfer method Sofort cannot be classified as ‘reasonable’. That is because it requires users to enter their bank account login details, including a PIN and TAN, in an environment that is outside their usual online banking platform. This poses an increased risk of data privacy violation. If you want to integrate secure payment methods into your shop system, it is important to also keep track of which customer data will have to be transferred to third parties.

With that in mind, here is a list of payment methods that are considered common and reasonable:

Payment security tips: Secure payment methods for retailers and customers

To increase your conversion rate, it’s a good idea to offer your customers a wide selection of payment options. This makes it important to know your target groups and understand which payment options they prefer. ‘Buy now, pay later’ is an increasingly popular payment option online. In some countries, like Germany and Austria, it is the most common payment method used in eCommerce. When using this payment option, the customer first receives their order and then has 14 days to pay the open amount. From a retailer’s perspective, the most secure payment options are those in which the customer pays for their order upfront.

To increase payment security while also catering to your customers’ preferences, it's a good idea to perform a risk assessment before choosing the payment methods you want to offer. Important factors for you to consider are the payment default risk of each payment method and the amount of time it might take to collect unpaid debts.

Payment security tips: Secure payment methods for retailers and customers

If your target group absolutely prefers to buy now and pay later, then try following these tips to ensure the right level of payment security for your online shop:

Tip 1: List ‘buy now, pay later’ as the final option

Do not place ‘buy now, pay later’ at the top of your list of payment options. This increases the chances that your customers will choose another secure payment method (such as an instant payment service) which also ensures greater payment security for you.

Tip 2: Perform credit checks

If you offer the option to buy now and pay later, you may decide to require a credit check to reduce the risk that the customer will fail to pay their bill.

Tip 3: Use a payment service provider

Find a payment service provider that you can trust. This reduces your risk and makes things much easier. A payment service provider makes sure that your customers pay their bills on time or else they cover your payment default risk and take the necessary steps to recover uncollected debts. With Mollie, you can be sure that every transaction will be completed successfully, all for a low fee.

eCommerce payment security: Summary

Payment security guidelines provide greater payment security—for consumers as well as for retailers. It’s important for online retailers to comply with PCI DSS standards as well as the 3-D Secure 2 protocol. If you want to offer secure payment methods online, consider applying for a payment security certification. This will help you to gain your shoppers’ trust and boost your conversion rate.

In addition to offering the right mix of payment options, payment security certifications are an excellent way to build trust. Use the handy checklist below to keep track of everything you need to consider when it comes to payment security on your online shop:

Legal requirements for a trustworthy online shop Include your site’s publication details and contact info
Comply with the consumer’s statutory right to revoke or return an order
Comply with guidelines on price accuracy and clarity
Always display your general terms and conditions
Adhere to all data privacy protection requirements
Basic requirements Use high-quality web design
Provide an easy-to-navigate structure
Offer strong usability and technical performance (e.g. fast load times)
Provide extensive information about your company, products, etc.
Provide your company’s full contact details
Methods for building trust Display quality seals and certifications
Show customer reviews
Offer a secure payment process in compliance with PCI DSS standards and the 3-D Secure 2 protocol.

Offer secure payment methods in your webshop
Try Mollie for free