As a volunteer at several non-profits, I have, of course, jumped or gotten pulled into those organizations’ payment issues. Accepting donations over the Internet is increasingly important and there are a staggering array of specialized service providers that offer turnkey payment acceptance.
Over the past year though, we at Glenbrook have noticed more and more traditional ecommerce merchants choosing to reduce the scope of their PCI compliance efforts via utilizing “hosted payments pages” and its close cousin, hosted payments fields. And we’re not talking about just mom and pop businesses – we’re hearing about merchants doing hundreds of millions in dollar volume (even in the billion dollar range) seriously investigating this approach.
If you’re not familiar with hosted payment pages (HPP) and order fields, it’s essentially the notion of redirecting a customer to a separate, secure website/page to enter their confidential/sensitive payment data. That page, or pages, have the same look and feel of the merchants’ own website, but are hosted by a trusted third party such that the merchant never touches the payment data.
Hosted order fields are an interesting variant whereby the payments page is still hosted by the merchant, but the actual field where the consumer enters their payment data is served up by a third party. Often that allows more control and flexibility for the merchant.
As one might imagine, both are natural adjunct services to tokenization for card-not-present merchants – since they close the “data in-flight” air gap inherent in many standard tokenization solutions (e.g., the auth request with full PAN and other data originates from the merchant server, and the tokenized value for storage/future use is returned with the auth response).
One of the things we’ve been noticing is that some of the more innovative HPP providers have been taking some of the traditional friction out of the process for merchants – specifically the often complicated/time consuming process of updating the payments pages hosted on someone else’s systems.
A few companies that have hit our radar screen, such as CRE Secure, Commerce Lab from IP Commerce, CyberSource, and Pay.On in Europe and Asia, have focused on minimizing the friction that used to be inherent when the merchant made changes to its payments pages. Said another way, the hosted pages stay up to date as the merchant’s site design may change in the future.
If you are aware of other companies offering similar capabilities, I’d greatly appreciate it if you could bring them to my attention (firstname.lastname@example.org) – we at Glenbrook love to stay up to date on all the great offerings out there! Also, if you have a feel for how widespread the adoption of HPP and hosted order fields is in the US and beyond, please let me know!