Keep Your Stuff Safe: What Every Church Needs to Know about Safe & Secure Commerce (part 2 of 3)Posted at November 30, 2011
Earlier we talked about securing the communication between the browser and server; today we’ll talk about how the user’s payment information travels from the web server to the payment processor.
Who Processes Your Payments?
First, there are many payment processors in the market place. This isn’t a discussion on which one to choose, which one is better than another (although we have our preferences), which one is cheapest, etc. Again this is just a high level discussion of what happens with the data and how your bank receives the money.
Remember last time we were headed to the grocery store and we locked our wallet in the car inside of the glove box? We’ve now finished our shopping and it is time to pay at the register. Once the data is securely transmitted from the browser to the server, the server needs pass that data securely to the payment processor. The method in which the information is passed varies between payment processors, but most use the same SSL technology and process we discussed earlier. You can think of the difference as entering your PIN or signing the slip once you’ve paid. For the sake of this discussion, we’ll assume the payment processor is using SSL encryption.
Now it is time to bag our groceries. I don’t know if you’ve noticed, but each store chain and even each bagger at a specific store has their own way of doing things. Some do the cans first, some do the bread and eggs first. Each payment processor has their own requirements for how they want your website to package up payment information. We call this packaging specification the Application Programming Interface or API.
Unlike the grocery store, in our situation we are going to put the bags in the cart and lock the groceries in the cart before taking it to the car. We do this by encrypting the payment information with the payment processor’s SSL certificate and transmit it to their server. Once that data is processed, a result message is sent back to the website. This information is usually very detailed and includes transaction details such as whether or not the payment was accepted or declined and why.
Some things to think about on your way home from the grocery store. How did the food get to the store in the first place? Where was the food grown or raised? Where was it packaged? How many cans of $0.49 green beans does the store need sell to pay for the truck that brought them to the store in the first place? While contemplating these questions, let me tell you something that won’t shock you too much:
Think in terms of the $100 donation just placed on your church’s website. It is not $100 to you; it is the total value of the transaction. This is not the amount you see deposited in your bank account. The credit card provider (Visa, Master Card, Amex, Discover, etc) get a percentage, the merchant processor gets a percentage (or sometimes a flat rate per transaction or sometimes both), and even some webhosts take a percentage. By the time you see that transaction hit your bank account, it is usually something less than $100. It all depends on the parties involved and what you have negotiated with them.
Something else to consider…the rewards card you have in your wallet or purse, who pays for those miles? I’ll let you in on a little secret, it is NOT the benevolent credit card company; the merchant pays for them. When a rewards card is processed, the merchant (church, charity, mission organization, etc) is charged a higher rate per transaction, so that $100 that is not $100; is something even less.
Many things can happen now, such as sending receipt emails, logging the results of the transaction, storing information about the donation or purchase; this is all dependent on the website collecting payment and the features your website vendor offers. Make sure you take the time to evaluate your vendor for the features they offer and the value those features add to your organization. Just because you have taken a donation on your website, doesn’t mean you are done. I’m sure the finance committee would like to know whether or not your website donations are producing fruit. How are donations on your site contributing to raising up disciples from your church, and vice versa?
If you’d like more information on merchant integration and eCommerce, we’d love to hear from you. Please feel free to leave a comment or contact our care team. Also, our merchant processing partners are great at what they do and more than happy to lend a hand. They are partners because of their commitment to helping customers. It can be a complicated process and you need a good and experienced team behind you.
By Chuck Boyer
Director of Development & Production