I’m Baz, and my company EchoDek designs software to help small business save time and money.
If you don’t offer online payments of some sort nowadays, you look like a bit of a dinosaur. I mean cash is getting rare and no-one wants to send a cheque any more.
But taking those payments is quite daunting.
If you are a retailer and deal with the public, you’ve got the low-cost, easy options like iZettle that let you add card payment options to your phone or iPad. Of you can get a proper terminal through a company like WorldPay (and if you want that, speak to me as I can put you in touch with someone who can help you out).
But online’s a bit more complicated. Because of a load of letters – PCI-DSS. The short of it is PCI-DSS is a set of standards that you need to adhere to to keep any payment data safe and if you don’t you could be fined millions.
Now that sounds scary.
Luckily, there are ways around it.
PCI-DSS only applies if the payment information actually reaches your server. If the customer enters their card details on your site or app and it gets sent to your server – and then gets forwarded to the payment processor – then you are liable.
But not all payment processors work that way.
The best example is Paypal. We’ve all opted to pay by Paypal – then it takes us to Paypal’s site, we may need to log in there, then we confirm the payment and it takes us back to the retailer.
Because the payment information stays with Paypal, not with us, it’s Paypal that are liable.
Stripe takes this a stage further. They make it look like the payment information is being entered on our site, but actually it’s a sleight of hand and the data is only actually touching Stripe’s servers. All the advantages of Paypal but with a much smoother experience for the purchaser.
Of course, there are loads of options out there for doing this – all at varying levels of slickness and cost. But it’s all possible, and without the spectre of PCI-DSS.