Merchant Accounts.ca
Return to the home page.
Internet Payments
For merchants that wish to process e-commerce payments on their website.
POS Payments
For merchants that need to process credit card and debit payments in a retail setting.
Virtual Terminal
For merchants that wish to use a virtual terminal to key in and process credit card payments using a computer, iPhone or BlackBerry.
E-commerce Lesson
If you don't understand what a merchant account, payment gateway or shopping cart are this article will answer many of your questions and help you get off to a positive start.
FAQ & Technical
Frequently asked questions including application approval criteria, technical integration information and service details such as the funding schedule and supported currencies.
Shopping Carts
There are over one hundred shopping cart programs that are compatible with our processing service.
Partner
Information regarding our partner channel for ISOs, agents and industry partners.
Contact
Contact information and company history.
Apply Now
Submit an application for your business.
Home > FAQ > Internet Payments FAQ

Internet Payments FAQ



How does e-commerce work?

E-commerce is the process of selling sell goods or services over the internet, with payment from the customer being made online. Visit our merchant account lesson for a detailed and thorough explanation of how e-commerce works.




How do I start collecting payment online?

In order to begin accepting credit card payments online, you must connect your website to the payment gateway so that your payments can be processed. You will have several different options to choose from in terms of how you choose to connect your website to the payment gateway.

Shopping Cart Programs:   Most merchants choose to use one of the many compatible shopping carts that work with the payment gateway. This is the fastest and easiest way to get started because there is no programming required. If you need help selecting the right cart for your project contact us.

Custom Integrations:   We are able to provide technical documentation for webmasters who wish to develop a custom integration with the gateway. Technical information can be found here.





What are your recommended e-commerce best practices?

This is not a difficult question, but every business has unique criteria to consider. We provide the benefit of our expertise to every one of our clients, and encourage you to contact us with your questions. With that said, we can offer 3 important points applicable to every company with an aspect of it's business on the internet:

-- Do not store any cardholder data of any kind unless absolutely necessary.
Merchants using the Standard/HTML method of integration will not have access to any cardholder data of any kind when processing online transactions. The customer enters cardholder information while they are directly connected to the payment server. This makes it impossible for merchants to come into contact with any cardholder data when doing online transactions. More advanced methods of integration are available, but unless you need it, why would you want to store credit card data?

-- Provide clear and easy to find contact information.
If customers have questions or concerns they need to be able to speak to someone in your organization. This will make it easier for the customer to purchase, and they can do so with greater confidence knowing that yours is a legitimate operation with good customer service.

-- Maintain a customer friendly refund policy.
When purchasing online the customer must know they will receive a quality product or service. With a clear and reasonable refund policy, your customers will be able to purchase in confidence and this will minimize the likelihood of future disputes with customers.




How do I integrate my website with the payment gateway?

Adding payments to your website is easy. There are several integration methods available to suit our diverse client base. For small businesses we offer one of the easiest methods of integration in the industry. Corporate clients can build an XML integration to retain control over the user session. There are several options available:

1)Merchant Accounts.ca provides EasyCheckout and EasyInvoice for free to all of our customers. With EasyCheckout and EasyInvoice there is absolutely no programming required. Quite literally, you will never find an easier method of adding e-commerce to your website.
2)You can use one of many compatible shopping cart programs. If you need help selecting a shopping cart do not hesitate to contact our support team.
3)Advanced users can build their own custom integration. With this method of integration you can retain complete control over the user session (if desired) and can program in any special functionality you may require.

Further details regarding the different methods of integration have been included below. A free test account can also be issued at your request.




Custom Integration and Technical Documentation

Integration guides and technical support are available to business owners that will be building their own integration software. Merchant Accounts.ca offers several payment gateway choices in order to support the myriad of processing currencies and integration methods that our clients require. The gateway used for an account will depend on the processing currencies required.

Advanced integrations can be accomplished with XML to retain complete control over the user session throughout the purchase process. There is also an HTML method of integration that will forward the user to a fully customizable page hosted on the payment server, which prevents the merchant from coming into contact with cardholder data and makes it easier to achieve PCI compliance PCI compliance is data security standard that Visa and MasterCard have implemented to protect sensitive cardholder data. Every merchant who comes into contact with or stores credit card information must maintain PCI compliance.

PCI compliance involves 2 parts:

1) An internal questionnaire of your security related policies, passwords, and hardware.
2) A security scan by a Visa Approved Scanning Vendor (ASV). The ASV will perform a scan your webserver in an attempt to find any potential security vulnerabilities.

Your company must complete the questionnaire and pass the security scan to become PCI compliant. The security scan must be completed at least quarterly, and depending upon your processing volumes you may be required to achieve higher levels of compliance. Our customer service department can assist you with any questions related to PCI compliance. .

Request a test account to receive integration guides and a test account you can use to evaluate the system.




Compatible Shopping Cart Programs

There are many shopping cart programs available that are compatible with the payment gateway. This makes it simple to complete your integration because no programming or customization is required.




Is a shopping cart necessary to accept payment online?

Shopping cart software is what keeps track of the items your customer wants to buy as they surf your website. They can also perform more advanced functions like inventory tracking and advanced tax and shipping calculations. Merchants that process a large number of transactions, or those with a high processing turnover should use a shopping cart.

If a merchant does not have these requirements, then a shopping cart may not be necessary. We offer EasyCheckout and EasyInvoice for free to our customers. Both offer an extremely quick and hassle free integration and are highly effective at capturing online sales. You can easily add either, or both, to your website. Keep in mind that EasyCheckout and EasyInvoice do not offer all the functionality of a full-blown shopping cart, nor are they meant to. EasyCheckout and EasyInvoice are free, and ready-to-use for clients that don't yet have a requirement for a full a shopping cart. Remember that you can always start simple and later move to a more advanced shopping cart as your business grows.




Can I Add 'Buy Now' Buttons To My Website?

Yes you can! We offer EasyCheckout for free to our customers. EasyCheckout makes it simple to add 'Buy Now' buttons to your website. While EasyCheckout does not have the power of a full-fledged shopping cart program, it offers 80% of the functionality at 0% of the cost! It's meant to be used by merchants who sell a small number of products and don't need the more advanced functionality of most shopping carts. Click here to find out more about EasyCheckout.




Do You Have an Online Invoicing Solution?

Yes we do! We offer EasyInvoice for free to our customers. EasyInvoice is an extremely effective online invoicing solution that is simple to add to your website. Click here for more information and a demo.




Is recurring billing supported?

Yes, recurring billing is fully supported and is easy to implement. There are several recurring billing integration options, including methods in which you do not have to store any credit card information which is a great benefit for merchants who looking to minimize contact with sensitive information.




Is a virtual terminal available for telephone, mail and fax orders?

Yes, you can receive a virtual terminal which will enable you to securely key in transaction details on behalf of your customers. This solution can be used for trade shows, telephone orders, or any other customer interaction where payment is not able to be collected through your website.




Is there a demo site where I can test out the payment system and see it in action?

We have developed a fully functional e-commerce website to be used for testing. This is a real-word integration of the payment system, and aside from having payments set into testmode is a real e-commerce transaction. Keep in mind while on the test website that you could implement an identical integration, or could utilize one of the other available methods of integration.

Click here to visit the demo website.  (Demo site will open in a new browser window.)

What Should I Know About Security?

The topic of e-commerce security can be both simple or complex depending on how a merchant chooses to setup their online payment system. Although our payment systems can support any type of integration, we recommend that small business owners take a simple approach to e-commerce security by using a method of integration that makes it impossible to touch, receive or store credit card information.

It is easy to accomplish this type of integration. You will not touch or store any sensitive information because your customers will enter their card details while they are directly connected to payment gateway.


Eliminating Cardholder Data - How It Works

Merchants that wish to use this method of integration will receive website hosting on the payment server. You have the ability to upload your graphics to the payment server and can completely customize the look and feel of the page so your customer will not be able to tell that they have in fact left your site and are directly connected to the payment gateway.

It is on this page that the customer will actually enter their credit card details. When they press the "Submit Payment" button the transaction details are securely encrypted and passed directly from their computer to the payment gateway. At no time was any part of this process handled from the merchants website. All information passes directly from the visitors browser to the banks payment server.

The gateway will check to see if the cardholder has sufficient funds, and if so the user is automatically directed back to your website. When the user is taken back to your website you will receive all of the transaction information -- except for the cardholder data. In place of the credit card number you get a reference ID for the transaction. All cardholder data is stripped away and it is impossible for you to have access to this information.

Instead of getting the transaction information you simply receive a "Y" if the transaction was approved, or a "C" if it was cancelled. Your shopping cart software will know everything it needs to know to complete the order, and you have managed to do so without ever touching, seeing or storing any cardholder data. The reference ID you receive can be used in your control panel if you later need to perform a refund or look up a transaction amount, but at no time, not even in your control panel, can you find or touch any credit card information of any kind.

If you eliminate the ability to come into contact with credit card information, you go a very long way towards making sure you have implemented a secure e-commerce solution.




Supported Security & Anti-Fraud Features

We offer extremely secure, bank endorsed, real-time credit card processing that utilizes a range of industry leading security technology, including AVS and CVV2.

AVS - AVS stands for "Address Verification". This is a unique anti-fraud mechanism, that verifies the shipping address the user enters matches the actual cardholder's address on record at the issuing bank.

CVV2 - CVV2 stands for "Card Verification Value". This is a 3 digit number found on the back of the customers credit card. This number provides an additional layer of validation as the customer must have the credit card physically present, in order to determine the CVV2 number.

3DSecure - 3DSecure is one of the newest methods of combating fraud and is an important tool in any online merchant's arsenal. More information on 3DSecure can be found here.


The processing centre is securely linked to Royal Bank of Scotland and other processing banks worldwide, who handle the credit card authorizations online and process the transactions in real time.

Most importantly, we have carefully developed our processing solution in a way that ensures the merchant will never come into contact with any credit card numbers whatsoever.

Merchants using the HTML method of integration cannot come into contact with sensitive information because credit card numbers are entered while the user is directly on a page hosted by the payment gateway. Because the credit card numbers are never seen by the merchant, and are not stored or recorded in any way, this removes the possibility of credit card numbers being lost or stolen. This greatly reduces the risk of liability for the merchant and increases security for the customer.

Note that advanced customers can choose to accomplish an XML integration which will enable them to retain full control over the user session throughout the payment process.




Is Verified by Visa / MasterCard SecureCode supported?

The payment system fully supports 3DSecure - Verified by Visa and MasterCard SecureCode.

Verified by Visa is an additional layer of password protection on top of the standard anti-fraud protections built into the gateway. Verified by Visa is an interesting and favorable security feature for online merchants because if a transaction has been validated using Verified by Visa cardholders cannot claim that the transaction was unauthorized. This shifts some of the risk from the merchant onto the cardholder, making it a very desirable security feature for online merchants.

The Verified by Visa and MasterCard SecureCode service is included at no additional charge.




What Is SSL (Secure Socket Layer)?

SSL stands for Secure Socket Layer. SSL is a method of encryption that is used to protect sensitive data as it is passed across the internet. Modern SSL encryption is so strong that it has been calculated that a 128 bit symmetric key would, on average, take more time to crack by brute force than the solar system has left before the sun goes nova and swallows the earth.




Do I need SSL on my webserver?

SSL is required depending on the type of integration you choose to implement. With the HTML integration credit card numbers are entered while the user is on a page hosted directly by the secure payment gateway, thus SSL is not required. However, merchants utilizing the more advanced XML integration will require a SSL certificate and will need to demonstrate PCI compliance.

The type of integration you choose to use is up to you. If you are not certain which type of integration will prove a better choice for your business do not hesitate to contact a customer service representative for assistance.




How stable and reliable is your payment system?

Our payment systems are powered by the Royal Bank of Scotland which is one of the largest banks in Europe and a world leader in acquiring.

The payment servers are nothing short or state of the art, capable of tremendous transaction volumes of over 200 simultaneous transactions per second, per customer. In total over 12 million transactions are processed every day by a wide range of merchants, ranging from small home based businesses to massive global organizations such as Sony.

Stability and reliability are something to be taken seriously. By partnering with RBS we are able to deliver world class, enterprise level processing that meets and exceeds the needs of even the largest global brands processing online today.
Merchant Accounts Canada
Toll Free:  888.414.7111
Frequently Asked Questions

Rates & Pricing

Request Test Account

Submit an Application

Contact Us

Return To Home
Audio Menu
Merchant Accounts.ca Footer Logo
Copyright 2010
All Rights Reserved
Apply For Your Merchant Account Now
About Us | Contact | Partners | Merchant Account Lesson | News & Blog | FAQ & Technical | Privacy | Sitemap