Back to top
Credit card processing header image
29 Aug

How to Select a Credit Card Processing Gateway

Created by: 
Carey Hodges

Stripe, Square, Authorize.net  -- as the options for online payment gateways grow, how do you know which one is a good fit for your business? Technology has opened the door for a variety of competitors, but not all are created equally. For online merchants, securing a solution that is both efficient and compliant is essential. Unfortunately, finding the right gateway is easier said than done. BigWheel developer, Philip Kirkham explains, 

“Obviously, the most important thing to online businesses -- large or small -- is being able to accept payments. It’s one of those things that sounds simple, and I think a lot of people assume it’s going to be easier than it is. It’s important to consider items like Payment Card Industry Data Security Standard (PCI DSS) compliance and training when picking your gateway and development team.” 

PCI DSS Compliance

According to PWC, the number of consumers making mobile purchases more than doubled from 2010 to 2017, rising from 7% of consumers to 17%. That’s a substantial jump. However, all of that purchasing power has opened the door for bad actors to take advantage of unprotected data. PCI DSS compliance aims to prevent that data from being accessed by nefarious third-parties. The regulation applies to companies of any size that accept credit card payments. If your company plans on accepting card payments, as well as storing, processing, and transmitting cardholder data, it’s essential to host your data securely with a PCI DSS compliant hosting provider.

“Maintaining compliance takes a lot of effort and the penalties can be stiff if you don’t,” says Kirkham. “At BigWheel, the most important thing our developers do is ensure that our servers never see your credit card information. Not only do we not store it, we never even see it. To be compliant, our recommendation is to always allow the customer to interact directly with the payment gateway, either using Javascript or a hosted page.”

As of January 2018, a high-level PCI DSS compliance checklist includes:

PCI DSS regulations are updated regularly, so it’s important to partner with a credit card payment processing gateway that stays up to speed. 

“Maintaining compliance helps prevent against breaches, ”  explains Kirkham. “Compliance also guarantees that if a breach happens, everything will be documented and you’ll know what information was compromised.”

Picking a Payment Gateway

We already mentioned Stripe, Square, and Authorize.net, but when it comes to picking a processing gateway, that’s just scratching the service. There are countless gateways to choose from and, in some cases, clients may already have a lower credit card rate locked in with an existing solution.

“A preferred credit rate or similar constraint is one of the main reasons a client will want to stick with their existing payment gateway,” says Kirkham. “We can work with that. But regardless of which gateway you go with, the server where data is hosted needs to be secure -- meaning it’s regularly monitored for breaches and more --  to maintain compliance. Reputable gateways will take on the burden of security. Additionally, if a breach does occur, they’ll collect, transmit, and secure all data.”  

As far as selecting your payment gateway, Kirkham and the BigWheel team recommend Stripe for its turnkey features and trust reputation, but that there are several viable providers on the market. Having a conversation with an experienced team of developers is essential when narrowing down your options.

Train, Train, Train

One of the most important steps of selecting and implementing a credit card processing provider is learning how to manage it. For businesses, the worst possible scenario is being set up with a tool they don’t know how to use, paying the bill, and then being ushered out the door.

“We walk clients through using whatever tool  they choose,” says Kirkham. “Setting users up so they can confidently manage orders and receive funds is a really important part of the process. We’re going to take you through training and explain to you how to remain compliant.”

Ready to implement or update a credit card processing provider for your online business? Contact us for a complimentary assessment.