When you’re setting up an e-commerce site using WooCommerce, one of the important choices you’ll need to make is about how you’re going to take payments. We’re going to run through some of the key items you should consider when choosing a payment gateway for your UK e-commerce store.
With dozens of different payment gateways available, the choice can be quite confusing. Here are some of the more important things you’ll want to consider and some of the options that I’d recommend you look at.
As covered before on this blog, if you’re taking payments by credit or debit card you need to make sure you’re taking appropriate precautions to make sure you’re protecting your customers’ card details. The credit card companies publish details of what they expect businesses to do to be considered ‘PCI compliant’ (PCI stands for Payment Card Industry). This is serious stuff, because if card details are stolen and it’s your fault, you could be liable for fines and penalties or even be banned from taking card payments.
The PCI guidelines categorise businesses depending on how exactly they take payments. The more potentially risky the way you take payments, the more security measures you’ll be asked to put in place. This had traditionally been a confusing area with differing views about which category any particular business fell into. With new rules that will apply from 1st January 2015, however, the payment card industry has gone a long way to clarify things.
Broadly speaking, from 1st January 2015, if you’re running a WooCommerce store you’ll fall into one of three categories according to the PCI rules:
1) If customers checkout on your site either by being redirected to a payment page hosted by your payment processor or via a payment form on your site delivered by your payment processor through something called an iFrame, then you can get away with the minimum level of security measures and just need to complete a self-assessment questionnaire called ‘SAQ A’ to confirm you’ve done that.
2) If your payment form is on your site but you’re using some clever technology that means the card details never go through your server, then you’ll need to comply with some much tougher security requirements and complete a different self-assessment questionnaire called ‘SAQ A-EP’.
3) In any other case you’ll need to comply with the strictest security requirements and complete ‘SAQ D’.
SAQ A is quite easy to comply with, whereas SAQ A-EP and SAQ D are very involved and, in my view, to be avoided unless you’re turning over many millions of pounds a year. Some popular payment gateways such as Stripe that I’d otherwise be keen to recommend unfortunately now seem to come under SAQ A-EP.
Given what you now know about PCI compliance, let’s look at some WooCommerce-compatible payment gateways you can use that will either host the checkout page for you, or allow you to integrate a checkout form in an iFrame.
The WorldPay WooCommerce plugin lets you take card payments by redirecting your customers to a secure payment page hosted by WorldPay. After customers submit their details they get returned to your site. WorldPay lets you customise the payment page with your brand’s colours, logo, and so forth.
The SagePay WooCommerce plugin also redirects your customers to a secure payment page. As with WorldPay, SagePay allow you to customise the payment page to match your site’s branding.
We no longer recommend using Stripe. Clients of ours have received 5 day notices to shut down their account because Stripe deemed their account to much of a risk. The sites in question had only 2 or 3 fraudulent orders. This is pretty minimal for an eCommerce business. I’m unsure why they have this policy and why they do not have more stringent anti-fraud measures. You can read more about this specific problem over at Ultimate Members site.
The Stripe Plugin has it’s own hosted payment page and integrates onto your site. They also store customer card details on their servers, which is fantastic for conversion rate. Stripe holds your payments for seven days before transferring to your bank of choice, so make sure this doesn’t impact your cash flow.
The third of this type of plugin, the PayPoint WooCommerce plugin redirects your customers to a payment page that you can customise to blend in with your site.
Unlike the other payment processing options mentioned here, support for PayPal Standard is built into WooCommerce so you won’t need a plugin for it. The checkout flow is the same as with the previous payment methods, though – your customers will be taken to PayPal’s site to enter their payment details. Once there, they can either enter credit or debit card details or pay with their PayPal account. On the plus side, lots of people prefer using their PayPal account because it saves them entering card details. On the downside, however, PayPal’s payment page does encourage people to sign up for a PayPal account – not something you really want them to be distracted with when they’re just about to buy something from you.
PayPal do allow you to customise the payment page a little, but not nearly as much as the payment gateways we’ve discussed above (it will still be obvious that the page is a PayPal one.)
PayPal Website Payments Pro
If you’d rather have customers enter their payment details into a form on your website, you’ll want to look at a solution using an iFrame. With an iFrame, the checkout form appears on a page on your site, but it is inside a special area that is served up securely by your payment provider. There aren’t many WooCommerce payments plugins that work this way, so your options are quite limited. PayPal Website Payments Pro is one payment gateway that you can use. There’s currently no official WooCommerce plugin for it, but you can use this one on CodeCanyon for just $20.
Another way to get a payment page that looks just like other pages on your site is to use a service called Mijireh. As mentioned before on this blog, Mijireh takes your payment page and creates an identical-looking copy of it on their secure servers. Their service works with various different payment gateways, so in theory this is an easy way to get a secure payment page matching the branding of your website. Mijireh costs $49 per year.
What Will This Cost in Total?
First, you’ll need to connect your payment gateway up to your WooCommerce site. In the case of PayPal, WooCommerce supports it as standard, so you just need to set it up within your WooCommerce installation. With the other payment gateways you’ll need to buy a plugin. These cost $79 from the official WooCommerce site.
Next you’ll need the payment gateway service itself. Payment gateways typically charge a £20 monthly minimum fee with your first 350 or so payments included. It’s usually another 10p or so for each extra transaction after that.
Lastly, in most cases you’ll also need something called a merchant account. This is the account that the payment gateway sends the money into and is separate from your business bank account. The cost for a merchant account is based on per-transaction fees of around 1% – 3% on credit card payments and 10p – 30p for each debit card payment. There’s usually a minimum monthly fee of about £20.
PayPal is a little different from the other payment gateways in that they don’t charge a monthly fee for their standard service (PayPal Website Payments Pro is £20 per month) and you don’t need a separate merchant account (your money goes into a PayPal account instead, and you can transfer it to your business bank account from there). They do charge more for each payment, though. PayPal’s fees start at 3.4% + 20p per transaction with cheaper rates if you’re processing larger volumes.
As a rough guideline, if your sales are under £2500 per month, PayPal will probably work out cheapest. Above £2500, it’s probably cheaper going with WorldPay, SagePay, Stripe or PayPoint.