[thelist] Payment offsite or on site?

Brian White bwhite at webhostingsolutions.com
Wed Jan 14 09:58:10 CST 2009

>I'm working with a client that's adding online purchases.  The 
>customers are most likely to pay with a credit card (instead of with 
>an existing Paypal account, for example).
>They are requesting Paypal as the payment gateway using Paypal's 
>Payments Standard where the user is redirected to Paypal to complete 
>the transaction.  I'm not clear if the reason for this is to avoid 
>PCI compliance or if to have the extra payment options other than 
>credit card.
>The PCI compliance is not that huge of issue, IMO.
>In the past I've considered using the standard Paypal approach where 
>the user is redirected off-site to Paypal to complete the 
>transaction a bit less professional than handling all on-site.  But, 
>perhaps over time now people are comfortable with that approach.
>What are your opinions about the off-site approach these days? 
>Think users care?
>Bill Moseley
>moseley at hank.org

Regarding PCI compliance, be careful, if they simply link to PayPal 
from their site and don't do transactions on their own server, that 
alone may not be enough to pass PCI compliance or "avoid" it.

I recently had a hosting client where that was all he did (pass 
people from his site directly to PayPal, where the actual transaction 
took place), and his merchant account provider did NOT consider that 
a reason for not enforcing any and all other PCI compliance rules.

And the multitude of companies that now provide PCI scanning services 
(this is becoming a huge headache to smaller merchants and Web hosts) 
often give contradictory or just plain wrong results, and it is up to 
the merchant and Web host to have to work through any/all issues that 
come up, or pay extra fees to the merchant account provider. Of 
course, if you're absolutely sure the Web server is PCI compliant 
right off the bat, you're ahead of the game, but eventually the 
compliance requirements will change and the game will begin again.

Regarding people's comfort level in general with using PayPal, it's a 
lot better than it used to be, but if PayPal is the only option the 
Web site offers, they'll lose some sales, you just won't know how 


Brian White
President - WebHostingSolutions.com
"Because Every Click Is A Customer"
Web Hosting \ Web Design \ E-Commerce

More information about the thelist mailing list