Everything You Need To Know About Using A Hosted Payment Page For Secure Online Checkouts

One online security feature that is of particular interest to small business owners is a hosted payment page.

This feature, available from almost all of the best merchant services providers on the market, allows customers to check out on a secure payment page hosted by your provider. Implementing a hosted payment page is an easy way to enhance your online business’s security and offer your customers a safe and convenient way to make online payments.

What Is A Hosted Payment Page?

A hosted payment page is simply a checkout page that’s hosted by your merchant services provider instead of being stored on your web hosting provider’s server. Customers can shop on your site just like they usually do. Then, when they need to check out and pay for their order, they’re redirected to the hosted payment form to enter their payment information. After the sale is complete, they can be automatically redirected back to your site.

Hosted payment pages are sometimes referred to by other names, including external payment pages, external checkout pages, or third-party checkout pages. Regardless of the term used, the page is set up through your payment gateway to redirect customers to a more secure checkout page when they complete an order.

You should also understand the difference between hosted payment pages and self-hosted payment pages.

With a self-hosted page, customers never have to leave your website, which might make the checkout process more streamlined and lead to a lower shopping cart abandonment rate. At the same time, you’ll have to implement all the appropriate security features that your provider takes care of with a hosted page by yourself. Handling security yourself can be a costly proposition for a small business owner and might require some in-depth coding knowledge. Self-hosted payment pages will also significantly increase the scope of your PCI compliance requirements, which can be expensive and time-consuming.

6 Reasons To Consider A Hosted Payment Page

If you have an eCommerce business (or at least an online sales channel), you’re going to have to choose between hosting the payment process (and storing your customers’ payment information) on your own server or using a hosted payment page. Here are all the advantages of using a hosted payment page:

• Easy Setup: Most merchant services providers offer a hosted payment page as an optional feature of your existing payment gateway. If you choose to use this feature, it’s very easy to set up and start taking payments. Depending on your provider, there will probably be some customization options that you’ll need to configure yourself before you start using the page.
• Reduced PCI Compliance Requirements: Using a hosted payment page will drastically reduce the scope of your PCI compliance requirements. Because your customers’ sensitive payment data doesn’t pass through your site and isn’t stored there, your merchant services provider will be responsible for meeting those requirements instead of you. While this won’t eliminate your PCI compliance requirements (or absolve you of paying PCI compliance fees), it will make it much easier for you to meet those requirements without having to invest in additional security features.
• Enhanced Security Features: Most providers have additional security features built into their hosted payment pages. These features include tokenization, end-to-end encryption, fraud detection services, and more.
• Recurring Billing Support: With paying for things via a monthly subscription becoming more popular all the time, using recurring billing features to keep those payments coming in on time can really add to your bottom line. Most providers today offer support for a recurring billing feature as part of their hosted payment page.
• Account Auto-Update Support: Your customers’ credit card information changes all the time. With an account auto-updater feature, you’ll be able to keep that information current by automatically detecting when a payment card expires, is reissued, or is replaced by a card with a different number following a fraudulent transaction.
• Additional Payment Methods: Customers don’t pay for online purchases with just credit and debit cards. A hosted payment page can allow you to accept a wide variety of additional payment methods, including echeck, ACH, Apple Pay, Google Pay, PayPal, and Click To Pay, among others.

Are There Any Disadvantages To Hosted Payment Pages?

While there aren’t any major drawbacks to using a hosted payment page, there are a few things you should consider before choosing one for your website. The most notable criticism of hosted pages is that they make the checkout process a little longer and more complicated than if everything happened on the same site. Customers might perceive being redirected to a different site to complete a transaction as somewhat tedious. Buyers might also be suspicious about having to enter their payment data on a different site than the one they’re buying from, even though it’s actually safer and more secure.

Another minor inconvenience with hosted pages is that you won’t have the same ability to customize the checkout page you’d have with a self-hosted process. Hosted payment pages include many basic customization options (such as adding your business logo). Still, you won’t have the same ability to fine-tune the layout of the payment page or be able to collect special additional information from your customers as you would with a self-hosted page.

How Does A Hosted Payment Page Affect PCI Compliance?

The primary function of a hosted payment page (and the main reason why you would want to use one) is that it absolves you of the responsibility of securing your customer’s payment card information. Credit card numbers and other private data are never stored on the server that hosts your business website. In fact, this information doesn’t even pass through your site at all. Because of this, the scope of your hosted payment page’s PCI compliance requirements is much simpler than it would be if you self-hosted the checkout page on your server. Responsibility for securing and protecting this information passes from you to your merchant services provider, and those providers are much better equipped to perform this function.

It’s important to understand that using a hosted payment page does not eliminate your PCI compliance requirements. You’ll still have to keep your account compliant — it’s just that the number of steps required to maintain compliance will be fewer and easier to accomplish. You’ll still have to fill out the Self-Assessment Questionnaire (SAQ), for example. You might also need to run quarterly security scans of your site. If your provider charges a PCI compliance fee, you’ll also still have to pay it. However, you’ll end up investing much less time and resources on PCI compliance than you would with a self-hosted configuration.

Note that we still recommend that you implement SSL encryption across your site, even if you use a hosted payment page. The reason for this is that you want to avoid the big ‘Not Secure’ flag that Google Chrome and other browsers display for sites that aren’t protected by SSL encryption. Even if the transaction occurs on a separate, secure site, seeing this flag will deter many of your customers from making a purchase.

How To Create Secure Checkout Pages With Hosted Payment Pages

Fortunately, adding a hosted page to your site is usually pretty easy. In many cases, it’s simply a matter of pasting a few lines of code into the right place on your site, although the exact sequence of steps to complete will be different for each provider. Unless you’re using a particularly sophisticated hosted checkout page, you should be able to do it without needing specialized coding knowledge or a developer.

In selecting the right hosted payment page for your site, you should look for the following features:

• Easy Integration: Most small business owners will want a hosted page they can add to their site without having to hire a developer.
• Customization Options: Although hosted pages generally aren’t as customizable as a self-hosted page, you should be able to make some changes to your page’s design and layout. At a minimum, look for the ability to add your business logo to the page.
• Support For Multiple Payment Methods: The more payment methods your hosted page can support, the more sales you’ll rack up. Besides credit and debit cards, check to see that it supports echeck/ACH payments, PayPal, and even digital wallets, such as Apple Pay and Google Pay.
• Global Payment Options: If you accept international payments, you’ll want the ability to display your hosted page in multiple languages. It’s also important that your customers can make payments in their home currencies.

While there are as many varieties of hosted payment pages as there are merchant services providers, here’s a brief overview of the hosted payment solutions offered by several of the most popular providers for small businesses:

• Square: Popular payment service provider (PSP) Square calls its hosted payment page solution Square Checkout. It’s free to add to your site and easy to install. However, be aware that it doesn’t currently support HTML-only pages. Your business website will need to support dynamic pages with server-side scripting (e.g., PHP, Ruby, ASP, or Java pages).
• PayPal: With a vast customer base of existing users, PayPal is a popular option for many small online businesses. The company offers a hosted payment page as part of its Payflow payment gateway. The hosted option, called Payflow Link, is available for free and doesn’t come with a monthly fee. However, you’ll pay an additional $0.10 per transaction in processing fees. Also, optional features, such as recurring billing, advanced fraud protection, and buyer authentication, cost an extra $10 per month each.
• Stripe Payments: The high-tech darling of the eCommerce world, Stripe Payments is known for offering a huge variety of developer tools that require a developer’s talents to implement. However, the company also provides a prebuilt hosted payments page solution called Stripe Checkout that anyone can use. While its customization features aren’t as robust as Stripe’s other services, it includes many useful features, including address auto-complete, real-time card validation, card brand identification, and others. It’s also a great choice for international merchants, with support for over 25 languages and more than 135 currencies around the world.
• Authorize.Net: One of the oldest and most popular payment gateway providers on the market, Authorize.Net offers a hosted payment page solution called Simple Checkout. This easy-to-use feature adds a BUY NOW or DONATE button to your website that links to the company’s hosted payments page. There’s no additional charge to use Simple Checkout, but you will pay $25 per month in gateway fees as well as the standard transaction processing fees.

Final Thoughts

If you’re a small business owner trying to run an online business and take credit cards — and particularly if you don’t already have specialized coding knowledge — a hosted payment page is an excellent option that allows your customers to complete their purchases securely and conveniently.

Hosted pages are easy to add to your website. They allow you to bypass the much more extensive PCI compliance requirements that come with including payment functionality directly on your site. Hosted pages give your customers the confidence they need that they can buy from you without having to worry about their credit card information being stolen or compromised.

Although they often lack the wide variety of customization options available with a self-hosted page, payment pages hosted by your merchant services provider are much easier to set up. Having a hosted payment page will save you from the need to hire a developer or invest in expensive encryption packages. For a small business that doesn’t have a large budget, they’re a great way to get up and running quickly and with little or no additional expense.

In choosing which hosted payments solution is right for your business, we strongly recommend that you base your decision on which provider is best, not on which hosted solution offers the best features.