No matter how large or small your online business is, if it relies on credit card transactions, you must have a payment form on your website, whether it is on a shop platform that you use or you have decided to implement it on your own. Moreover, if you accept credit cards as form of payment, you have agreed somewhere in your contract to comply with PCI regulations.
What we at QaiWare http://www.qaiware.com/ often see is that merchants are not always aware of how the payments take place, what a secure payment process looks like and where and to what extent is the PCI compliance involved. That is why we decided to shed some light on these questions.
Let’s take a closer look at the process of a secure credit card payment on the website of a merchant who is only PCI Level 4 Compliant. The diagram below, created by our team at QaiWare, illustrates the process of a secure credit card transaction that a merchant with an integrated PSP solution offers to his customers:
- The PSP creates a payment token and returns it to the merchant’s front-end (e.g. payment form);
- The merchant’s payment form sends the payment token to the merchant’s web shop application;
- The merchant’s web shop application handles the token and initiates payment on the PSP’s public API;
- The PSP’s public API processes the payment and returns a response to the merchant’s web shop application;
- The merchant’s application notifies the payment form and completes the operation.
Questions? If you have any, simply click here and let us know how we can help!