Can I put ecommerce web transactions through a chip and pin machine?

If you have an ecommerce website which takes customer orders, you need to be able to take credit card payments for those customer orders. Can these payment be processed through you existing chip and pin machine?

Most chip and pin machines have either a keyed transaction or customer not present facility. This allows the operator to either swipe the magnetic strip of the card into the chip and pin terminal and complete the transaction with a signature, or perform a customer not present where the card details are keyed into the chip and pin terminal and the money taken without the customer being around.

In years gone by, this sort of thing was quite common for Internet and mail-order transactions. Web sites typically took the customers details, and then stored them. When the goods were dispatched, the operator took the details out of the database and keyed them into the credit card machine. This all worked quite well.

However, the banks did not like this. The Internet was supposed to be a big bad place, and every Ecommerce transaction was more than likely to be fraudulent according to the banks. A couple of things have been introduced that makes retaining and rekeying card transaction for ecommerce transactions almost impossible.

The first thing is payer authentication. This is more commonly known as 3d secure, or verified by Visa. Payer authentication is a bit like chip and pin for the web. Customers are asked for a password and personal details to confirm any credit card transactions. This reduces fraud. Transactions which do not have payer authentication (i.e. putting the ecommerce transaction through the chip and pin machine as customer not present) attract high transaction rates, and, worse, incurs the wrath of the Banks.

In recent years a set of rules have come into being regarding all areas of card security. Most notably regarding the storage of card details. PCI/DSS basically means the small retailer is unable to store card details in the way they used to. Unless you jump through a great many hoops, you cannot store card details. It is also interesting to note that nobody can now store CVC numbers of the back of the credit card.

If you do customer present and customer not present ecommerce transaction, it is more than likely that your bank will insist on two merchant accounts.

Because you have to have your credit card transaction for ecommerce performed with payer authentication, and you are no longer easily allow to store credit card details, it is now very poor practice to try and process ecommerce web transactions through your in-store chip and pin machine. You have to use a proper third party payment provider page on your website, and incur the additional charges.