Breadcrumb

How to Guarantee Payment Protection

Written by

The GoCardless content team comprises a group of subject-matter experts in multiple fields from across GoCardless. The authors and reviewers work in the sales, marketing, legal, and finance departments. All have in-depth knowledge and experience in various aspects of payment scheme technology and the operating rules applicable to each. The team holds expertise in the well-established payment schemes such as UK Direct Debit, the European SEPA scheme, and the US ACH scheme, as well as in schemes operating in Scandinavia, Australia, and New Zealand. See full bio

Last editedJan 20232 min read

How secure is your payment system? Accepting online payments is convenient for both merchant and customer, but it comes with some risks attached. Payment protection strategies reduce risk while ensuring compliance with all federal regulations. Here’s why – and how – you should create a more protective payment system for your customers.

Why is payment protection important?

Accepting online payments is standard in many industries, but it doesn’t come without risk. It’s important as a business owner to understand this risk and mitigate it with a payment protection plan in place. This not only includes choosing the most secure forms of payment, but also using technology to its best advantage.

Without a secure website, your customers will lose trust in your brand. If a customer feels like they can’t trust you with their payment information online, this results in abandoned shopping carts and ultimately in lost revenue. You can help prevent this by choosing a secure payment gateway and ensuring your systems are all up to code. A lack of payment protection also opens the doors to fraudulent activity, chargebacks, and other costly issues.

Secure your website with SSL

A protective payment strategy starts with a strong website. This not only means choosing a secure payment gateway, but also using standard tools like a Secure Sockets Layer or SSL. This encrypts your customer data as it passes from server to website. New customers will look for an SSL certificate displayed on your website before entering payment details.

Another layer of payment protection to look for is TLS, or Transport Layer Security. This is a more up-to-date form of SSL including cryptographic technology to encrypt data. Be sure that your website clearly displays either an SSL or TLS certificate to gain your buyer’s trust.

Data breaches can be costly for businesses and consumers alike. You can reduce your chances of this type of security issue by offering guest checkout. Without storing customer details, there’s less chance of information being leaked or stolen.

Choose a PCI compliant payment processor

While encryption should be a standard for online payment processing, if you accept card payments, you’ll need to guarantee payment protection according to PCI DSS (Payment Card Industry Data Security Standards).

PCI compliance is required for all merchants accepting card payments, both online and offline. This set of standards includes 12 requirements related to storing, transmitting, and processing cardholder data. These are in addition to the specific rules set out by each card network. For example, Discover payment protection rules might be slightly different to Visa and Mastercard. These various data security standards can be difficult for small businesses to tackle alone. It’s helpful to choose a payment processor that handles PCI compliance on your behalf.

ACH rules for direct debit payments

There are separate consumer protections associated with ACH payments. If you accept bank payments from customers using the ACH network, you should be aware of the ACH rules for customer protection and Federal Regulation E requirements. These basically set out the circumstances in which customers can request a return for unauthorized payments. For example, customers can request returns if they never authorized the payment or if it was taken earlier than authorized.

Customers can request returns by contacting their bank directly, provided the request is received within 60 days from the transaction date. This helps make ACH payments one of the most secure for customers. Very few direct debits are returned, hovering around 0.2% of transactions.

GoCardless helps you minimize the risk of returns while adhering to all payment protection standards. You’ll be notified directly if any customers request an ACH return, giving you a chance to review the payment and settle it quickly and efficiently. It’s free to set up a GoCardless account and automatically connect your accounting software. Set up ACH debit payments in accordance with all Nacha rules, either through secure payment links or embedded payment pages. Keep your customer payment details safe while improving cash flow with on-time payments using GoCardless.

We can help

GoCardless is a global payments solution that helps you automate payment collection, cutting down on the amount of financial admin your team needs to deal with. Find out how GoCardless can help you with one-off or recurring payments.