Payments

Table of Contents

• Overview
• Available Payment Gateways
• Checkout Tags
• Developing Gateways
• Securing Your Checkout Page

Overview

The most critical part of your store involves taking money from the customer. This is generally called "checkout". There are several parts to the checkout process for you and your customer.

1. Merchant Account

   The merchant account is a storing house for money captured from customers. This is not the same as your bank. It's a temporary holding area where money from customers is stored and later transferred to a bank account. Sometimes the merchant account is a stand-alone account, and sometimes the merchant account also includes access to a payment gateway. It is possible to get a merchant account and a separate payment gateway at a later time, but sometimes it's simpler to get them both from the same company. Obtaining a merchant account is like getting a credit card or a car loan. Generally you will have to subject you and your business to scrutiny of underwriters. If you have poor credit, it may be difficult or impossible to get a merchant account, or you may need to get a merchant account with a higher tolerance for risk (usually the fees for these are higher.) Some businesses have inherent risks, like those that sell only digital goods, coupon selling services, or service-only businesses, and some merchant account companies will not do business with you no matter how good your credit is.

   It may take from a week to over a month to get your merchant account, so plan to get one ahead of time.

   Once you get a merchant account, you will have nearly nothing to do with them in the future. You will get a monthly bill, and they will transfer money into your account usually a short period after capturing it.

2. Payment Gateway

   (see Available Payment Gateways) The payment gateway is a company that facilitates the transfer of customer information from your site to the merchant account. Most often if you have to deal with a return, a fraudulent transaction, or require another service related to your sales, the gateway provider is the company that you will interact with. Generally they provide a website where you can review sales and make adjustments to customer payments (like refunds and voids.)

   CartThrob supports a variety of payment gateways, and integrates with them directly. Our payment gateway plugins make it possible for you to use one checkout form template to support multiple payment gateways, and to change gateways quickly if you find the need to (in case your account is closed, suspended, or is having problems.) Generally once you set up a gateway, you won't need to further interact with the settings for it. From time to time you may want to offer the customer a choice between several gateways like Stripe and SagePay.

   Once you sign up for a payment gateway, you will need to configure the settings for this gateway in CartThrob's payments settings.

   If CartThrob doesn't currently support your payment gateway of choice, you can also have one developed using our payment gateway api. (see Developing Gateways). Our standard fee to develop gateways is $600 USD. Please contact us for more details.

3. Adding CartThrob template tags to facilitate customer checkout

   (see Checkout Tags) Once you have a gateway provider and merchant account, you will need to have some way of capturing customer information and displaying any errors to them. Use the checkout form tags to capture information, and the submitted_order_info tag to output the results of any attempted transaction.

4. Securing your checkout page

   (see Securing Your Checkout Page) If you are taking credit card numbers and other customer information directly through your checkout page, you will need to secure the page using an SSL (secure certificate) and a secure connection (https://) to encrypt the submission of customer information and protect that information from anyone on the same network that might be attempting to view outbound traffic.

   SSLs start at about $15 / yearly up to the low thousands per year depending on provider. The main difference in cost is in liability insurance. The cheapest certificates do the same job as the expensive ones, but they do not include any insurance in case of a data breach. Search google for "SSL" and the first few results will turn up very common providers of secure certificates. Your host may also provide certificates, or offer their own suggestions about where you should purchase them.

   In addition to the SSL, you will also need a web server set up to handle secure traffic. Check with your hosting provider, and they can give you more information on setting up a secure (https) connection on their website. The process is usually a bit confusing, so it's best to be mentally prepared to deal with your hosts support people before you start.