Hosted Payment pages vs APIs: What’s the difference?

If you’re looking for ways to accept payments online, you’ve probably heard of hosted payment pages and APIs. While quite different in functionality, both are great solutions for taking payments and should be considered when setting up your online store.

To help you decide which option is best for you, here we define exactly what each solution entails, their key benefits and things to keep in mind when choosing a payment service provider.

 

What is a hosted payment page?

Hosted payment pages are a common way for businesses to accept payments online. Using a third-party platform like Latpay, businesses can redirect customers to a secure payment page from their website, allowing a simple way for customers to pay. 

With the ability to brand the page in line with the rest of the website, customers are often unaware they have been directed away from the original site. 

 

Benefits of hosted payment pages:

Hosted payment pages come with a range of benefits for both customers and merchants, including:

  • Simple set up and integration – no developers needed
  • Increased payment security – payments are processed away from your website  
  • Simple and secure management of payments 
  • Intuitive and convenient checkout processes 
  • PCI DSS Level 1 compliance (if your payment service provider offers this)

 

Choosing the right hosted payment page:

There are thousands of payment service providers (PSP) out there offering hosted payment services, so it’s important to do some research and ensure you’re choosing the right one for your needs.

As a minimum, look for a PSP that complies with Payment Card Industry Data Security Standards (PCI DSS). However, it’s also worthwhile looking into the level of compliance they adhere to. PSPs who maintain Level 1 PCI compliance are better equipped at keeping your data safe and are working to the most stringent guidelines outlined for the industry. 

You’ll also want to engage a PSP that offers great design customisability for your page. In some cases, customers will feel uncomfortable paying if they feel they’ve been directed to an untrustworthy site. So making sure the experience is seamless from your website to payment is crucial. 

 

What is an API (application program interface) integration?

An application program interface integration allows your website to collect customer payment details before passing them through the API and on to the payment gateway to be processed.

 

Benefits of an API integration 

Implementing an API for payment processing involves much more work on the business side than a payment page. However, there is also a range of key advantages that make an API worthwhile in certain circumstances. 

  • Increased customisability – design the page exactly how you’d like
  • Have complete control over the checkout process and how it is managed
  • Offer a streamlined checkout process all within your website

 

Choosing the right API integration

API integrations involve passing sensitive customer data through multiple environments for processing. This means that you, as a business, are required to comply with PCI DSS to ensure the security of payment information. Alternatively, you can partner with a reputable PSP to ensure all requirements are adhered to. 

 

Should I choose a hosted payment page or API integration? 

Ultimately, the best solution for taking payments online will depend on your specific circumstances and goals for your customers. 

As a PCI DSS Level 1 service provider, Latpay can work with you to determine the best solution for your business and implement it with optimal security and usability in mind.

Get in touch with our team to learn more about our hosted payment and API solutions. 

We’re on the list of Visa Global Registry of Service Providers

Our commitment to compliance has once again been showcased after recently being announced as a service provider on the Visa Global Registry. For merchants, this means that Latpay is compliant with both the Visa program requirements and Payment Card Industry Data Security Standards (PCI DSS) to store, process or transmit Visa cardholder information.

The Visa Global Registry of Service Providers:

The Visa Global Registry has been compiled to make it easier for customers to choose the best merchant service provider for their needs. It’s important to note that:

  1. The Registry now distinguishes service providers that support secure technologies, such as EMV, tokenization and point-to-point encryption.
  2. Merchants can now check how long the provider has had a relationship with one of Visa’s clients or partners, which can be useful for a technology partner looking for a start-up versus an established company.
  3. The Registry also features service providers that are early adopters of the most recent version of the PCI DSS 3.2, which was released in April 2016. The key changes included a multi-factor authentication for administrators accessing cardholder data and additional security validation steps for service providers.

To learn more, visit the Visa Global Registry of Service Providers.

Why our compliance is good for your business:

  1. Protect yourself

Acquiring a compliant merchant service provider ensures that your business is meeting all legal and compliance requirements. In order to be cleared to take payments both on and offline, there are numerous hoops to jump through to ensure you’re providing a secure service for your customers. Working with Latpay takes the stress out of compliance obligations so you can get back to business.

  1. Protect your customers

As well as meeting all your legal requirements, working with a highly secure and compliant merchant service provider like Latpay ensures that your customers are protected from theft and fraud. Your customers are the lifeblood of your business, so protecting them against unauthorised transactions is critical. More than this, it also safeguards your business against reputational loss that often follows a financial breach.

  1. Allow customers to shop with confidence

When shoppers are confronted with unknown or untrustworthy payment systems, it forces them to think twice about making their purchase. Offering the highest security measures and trusted payment platforms can help your customers feel confident with their purchases and therefore less likely to second guess their decision. The transaction journey should be smooth sailing, allowing the customer to pay for goods or services without a second thought. Latpay can help you offer the peace of mind your customers need to shop with absolute confidence.

If you find that your payment service provider isn’t offering you the highest levels of data security and PCI compliance, it’s time to start shopping around.

Why choose Lateral Payment Solutions:

As a leading Payment and Merchant Service Provider in Australia, UK and Canada, Latpay offer superior fraud management capabilities and data tokenisation services to online businesses around the world.

With industry-leading technology, exceptional Level 1 PCI compliance and fraud management proficiencies, Latpay are proud to provide a truly complete payment solution for companies of all shapes and sizes.

Talk to us on 1800 865 224 to see how we can alleviate the hassles of security and compliance, so you can get back running your business.

Getting Started for Business with Merchant Services

Whether you’re starting up a new venture, taking your business to the next level or expanding your avenues, having the right Merchant Services for your needs is absolutely essential. To help you kick off sales this quarter, let’s run through what Merchant Services are and the various options available to you.

What are Merchant Services / MSP?

Merchant services are the terminals, technology or software employed by a business to take payments by EFTPOS, credit and debit cards. Therefore, the MSP or Merchant Service Provider is the company that manages the operation of these systems. After taking card payment, the chosen system would then settle the payment into the bank account linked with the terminal or software provider.

So which payment system should I choose for my business?

It all depends on your business needs; small businesses, for instance, would have different payment requirements to a large corporation. By the same token, a brick-and-mortar retail store would have different needs to a professional service provider.

There are loads of options available to all kinds of businesses. Let’s take a look at some of these now.

In-store terminals / Point of Sale (POS)

An in-store terminal or POS system is the method employed by a business to take payment for their goods or services at the cash register. This is a combination of software and hardware, including a monitor, barcode scanner, card reader, receipt printer and cash draw. The software component of a POS terminal may be deployed on premise via installed software or through a cloud-based system commonly known as Software-as-a-Service (SaaS). Cash and Eftpos terminals are primarily used in brick-and-mortar stores as they lack mobility or capacity to take online payments.

mPos (mobile POS)

 mPos solutions are a really convenient way of taking payments on the go. You don’t even need a website to get started, as payments are taken directly through an app on your mobile. This type of payment solution is perfect for pop-up businesses, personal trainers, sales reps and anyone who needs to take payments while on the road. mPos software also allows you to accept a range of payment options, including tap-and-go, to ensure you’re offering your customers the method they’re most comfortable with.

eCommerce / Shopping Carts

For eCommerce businesses, having a secure and reliable online payment solution is critical. Essentially, your chosen shopping cart will be integrated into your website, which will then connect with your MSP. Reliable shopping carts can provide seamless checkout processes for your customers and therefore encourage repeat purchases. Most innovative MSPs will be looking to expand their integrations and offer custom integrations, so keep an eye out for this when acquiring their services.

Hosted Payment

A hosted payment page allows you to accept payments through your website by redirecting customers to your MSPs hosted payment page. This method is an economical way of taking payments as there are no development or security fees involved with implementation. A good MSP will also be able to offer a branded page that reflects your website to make users feel like they haven’t moved away from your page.

What to look for when choosing an MSP?

For obvious reasons, merchants are eager to partner with a reliable and reputable MSP to manage their business transactions. However, this market is becoming increasingly saturated and it can be difficult for new businesses to distinguish which company will work best for them. If you’re looking to acquire your first MSP (or are unhappy with your current service), here are a few of our top tips to choosing the best MSP for your business:

  1. Before approaching an MSP, do some research into the options you are interested in acquiring for the specific needs of your business. If an MSP doesn’t offer the services or systems you’re interested in, move on to the next one.
  2. Look into the costs and recurrent fees of each MSP, making sure that your chosen one is good value for money compared with their competitors.
  3. Read the terms and conditions in the product disclosure statement or financial services guide to make sure you fully understand the level of service they are offering and whether it aligns with your needs.
  4. Look for online reviews and customer stories about their customer support; if many of their customers seem unhappy with the service, then maybe this particular MSP isn’t the best choice.

Why Latpay?

Latpay have more than 17 years’ experience delivering merchant facilities and bespoke payment systems to businesses of all shapes and sizes. We deploy robust, secure and innovative technology to allow your business to thrive – all with Level 1 PCI compliance. We also offer 24-hour dedicated technical support to ensure we’re here when you need help. To find out more about Latpay’s Merchant Facilities, follow the link or give us a call on 07 5515 0402

 

Latpay Image For PCI Compliance

How Does your payment service provider tackle PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) encompasses any business that takes payment via credit card, regardless of their size or industry, so it’s vital that you understand what protection your payment provider is offering and what they’re expecting you to tackle on your own.

While some providers may charge security and compliance as an additional service, most of us would expect that these come as part of your monthly fees, right? After all, they are the ones selling you the service, so should security and compliance not therefore be part and parcel of that service? Unfortunately, this isn’t always the case and it’s becoming more and more evident that some payment companies are profiting from this rather than helping you achieve the goal you set out to achieve when acquiring their services – growing your business.

Determining your PCI Compliance requirements

Regardless of whether you are a service provider, online retailer or brick and mortar store, the level of compliance for your business needs to be considered before you can truly understand what your requirements are and whether the additional costs are justified. If you’re handling, processing or storing cardholder data you will be required to meet compliance guidelines depending on how you process the payments.

The PCI Security Standards Council created 4 simple Self-Assessment Questionnaires (A, B, C & D) to help businesses validate the level of compliance they require, relating to whether your business does or does not handle, process or store credit card data. For instance, if your business takes credit cards via a hosted payment page like that offered via Latpay, you would only be required to complete SAQ A.

If, however, you take credit card payment and then store their information for quick future purchases, you’ll be required to complete SAQ D – the longest of the 4 containing around 250 PCI DSS requirements to adhere to.

To help you determine whether your provider is offering the services required by your business, let’s take a look at the top 5 things to look out for when acquiring a payment service provider:

Level 1 PCI Compliance
PCI compliance requirements change dependent on the size of your organisation and how many card transactions your process annually. Regardless of your business specifics, you should hope that your service provider is PCI DSS Level 1 certified, the highest possible level of compliance that can be achieved. This means that the responsibility of dealing with PCI can be shared with your provider, rather than worrying about it yourself in-house. It also gives you peace of mind that their systems consistently adhere to stringent guidelines associated with accepting, processing, storing and transmitting card information.

Secure Cloud Hosting
It’s fairly common knowledge that you shouldn’t be storing any credit card information to your website. For this reason, secure cloud hosting is one of the most infallible ways to securely house information away from your site, so make sure to check with your payment provider what methods they’re using for hosting. While you may have doubts about the security of storing sensitive data in the cloud, in reality it’s far more secure than physical system storage due to cloud providers’ dedication to the latest and greatest in security technology. Using global data centres with the highest standards for security and data privacy on the market, secure cloud hosting is reliable and resilient against a range of risks and threats and should definitely be included in your payment service provider SLA.

Secure Hosted Payment Page
If your business offers a hosted payment page for your customers, ensuring that page is secure is absolutely critical. This is due to the fact that all data sent over the internet is passed through any computer sitting between you and the end server, including credit card information. To mitigate the risk of a data breach, your payment provider should protect the page by encrypting this data with a Secure Socket Layer (SSL) certificate, allowing for a secure connection between device and server. Going the extra mile, your payment provider should be able to offer data tokenisation so that a customer need not re-enter their details each time they purchase online.

Data tokenisation
Data tokenisation is one of the most critical ways to safeguard your sensitive customer data and should be a must-have for your payment service provider.

Similar to the more commonly known process of encryption, tokenisation transforms important data like credit card details into a random set of characters that will be essentially useless in the hands of a cybercriminal.

This is due to the fact that, while the token signifies the original data, it uses a completely random method to be generated and therefore cannot be deciphered. Unlike encryption which uses a mathematical algorithm, a token can only be decrypted through what is known as a ‘token vault’ which houses the association between the data and the token. Further increasing information protection for your customers, the data housed in the token vault is then secured by way of encryption. With guaranteed security of any card data stored on servers, a token vault removes the hassle of data storage and enables descoping of customer data within the merchant landscape.

Fraud Management Services
What fraud management services is your current or prospective provider offering in your SLA? One of the very first things a good payment provider will do is conduct a tailored risk assessment based on your level of acceptable risk to determine how stringent your processes ought to be. As a standard, you should expect that every transaction is verified by a secure fraud management engine. You should also expect that there be some form of real-time fraud mitigation processes in place, complimented by a dedicated fraud management team to share information with you on fraudulent data and potential risks, as well as offline human analysis for increased comprehensive data security.

What should you do if your service provider isn’t making the cut?

If you find that your payment service provider isn’t offering you the highest levels of data security and PCI compliance, or is doing so at an additional cost, it’s time to start shopping around because you’re paying over the odds..

As a leading Payment and Merchant Service Provider in Australia, UK and Canada since 2001, Latpay offer superior fraud management capabilities and data tokenisation services to online businesses around the world.

With industry-leading technology, exceptional Level 1 PCI compliance and fraud management proficiencies, Latpay are proud to provide a truly complete payment solution to conventional and bespoke e-Commerce ventures for companies of all shapes and sizes.

Talk to us on +61 7 5502 6686 to see how we can alleviate the hassles of security and compliance, so you can get back to what you do best.

Latin America, Where Cash is King

Latin America has long been classified as an emerging market and with a total population of around 600M, the new business potential is obvious. Unquestionably the payments space continues to gather momentum within the Latin American markets but in doing so also presents challenges to international merchants actively targeting this region. As the areas covers around 25 countries, each local payment ecosystem will differ accordingly. It is therefore essential that merchants have a clear understanding on local purchasing habits which, if acted upon, will assist in transforming previously poor acceptance rates that, in the past, have been the bane of many a payments manager.

Local Payment Acceptance.

Put simply, indigenous payment methods are king, especially when it comes to fighting fraud. Local providers in comparison to the larger global payment operators will be able to offer enhanced customer validation by having access to local databases. Consequently, there are a multitude of local card and cash based e-commerce payment systems available across the continent that remain the automatic consumer preference at the point of checkout. Even though (for the moment at least) most credit cards issued by local banks aren’t enabled for cross border purchases, this is changing – Visa/Mastercard usage continues on an upward trajectory, albeit at a slow pace. As much as this trend is encouraging we must still remember that as many as 70% of the Latin American population still don’t have a bank account, therefore offering players viable alternative payment options remains key for any merchant or gaming operator that has designs on cracking these lucrative markets.

Lateral Payment Solutions can keep merchants ahead of the game via our single payment gateway integration.