An Introduction to Payment Security for SaaS companies

| Last Updated: May 25, 2017 |

Reading time: 3 minutes

Accessing Website Security

When looking to accept payments online, you have to think about how secure your transactions are. With rampant incidences of identity theft and online fraud, customers are wary giving out their personal data and credit card information online. How can you make customers feel confident to shop at your website or pay to use your application?

If you want to start or expand your business operations online, there are a number of things you need to consider. At this time, we are assuming you have already identified your market, researched the viability of your product and want to start selling it online. Here are some payment security basics you should address before you launch your site:

1. Privacy Policy

You need to have a privacy policy that will make customers comfortable shopping at your site. Customers want to know that their information will be kept secure and confidential and will not be used for malicious purposes. They need to know what you plan to do with the data you collect. If customers don’t trust you, good luck with making sales. AllBusiness has a good guide on what your privacy policy should contain.

Here is an infographic on customer concerns with online payments:



2. Secure Transactions

Ensure that your online transactions will be secure. Use SSL (Secure Socket Layer) encryption to ensure your customers’ personal and credit card data is not compromised or exposed to third parties during transactions.

SSL is an encryption technology that creates a connection between your website server and your user’s web server, and encrypts the information being transferred between the servers. This ensures there is no message forgery, data tampering or eavesdropping from third party users or applications.

To enable SSL on your website, you need an SSL Certificate. Your web hosting company is likely to be offering SSL Certificates. You can also purchase the certificates from other hosting companies. When installed, you can be sure your customers’ data will be secured.

When your site is secured by SSL, you will be able to access it from the standard “http://” to https://. When browsing a secured website, the URL will always start with “https:// “. You can see a “padlock” icon on your browser and sometimes the address bar will be green.

3. Accepting Payments

Having secured your website, you need a way to accept payments from your customers. You can use an in-house billing system or integrate your site with a third party payment processor.

Setting up your own checkout system can be expensive and not worth it in the long run. You will have to invest in infrastructure, support, security and manpower to get your system running. This can cost you from $10,000 to over $250,000 in development. For cloud startups and small and medium sized business, building your own billing system may not be a good option.

To process payments on your own, your company must comply with PCI Data Security Standard (PCI DSS). You can use the PCI DSS Self-Assessment Questionnaire (SAQ) to self-evaluate your company for PCI compliance. You may need to share these details with your acquiring bank.

Another option is to use a hosted billing system to process your payments. Customers can check out at the payment processor’s page. By using a third party payment processor, you will not handle your customers’ credit card data as they do everything for you. Your only work is to get a merchant account and a payment gateway.

What other payment security issues can you think of? Please share it using the comments box below.

Author of the post

John Solomon

Marketing Leader / Sales Enabler. Head of India Operations for @Infrascale / @sosonlinebackup.

Hear from a team of curious beings
A team that’s bent on delivering the best stories, lessons, and observations on SaaS, straight into your inbox. Every week.
SaaS Dispatch Team

Subscription Billing Made Easy

Try for free

Recent Blog Posts

Scaling SaaS Billing
Scaling SaaS Billing: How To Plan For The Insanity

Scaling your SaaS billing system can be complex. Here's the guide to making sure your subscriptions don't suffer for it. Read More >

Purpose Driven Friction
Friction Isn't Always the Bad Guy in User Experience

How friction improves UX in SaaS, how it helped Chargebee's onboarding and activation flows, and the right way to handle positive, purpose-driven friction. Read More >

SaaS - Customer Lifecycle
Aristotle’s SaaS: A Compendium of Advice for Understanding The Customer Lifecycle

How does a SaaS journey begin, what makes it last, and what leads it towards an untimely death. Read More >

Subscription billing software that lets startups deliver recurring happiness to customers.
How Chargebee Works