Secure online payments: How to safely take payments through your website

Learn what to look for in a provider so you can start to take secure online payments for your business

Secure online payments can help your business make more money, improve the customer experience and adapt to changing customer preferences.

In the last 12 months, cash in store has all but vanished from UK businesses, with customers turning in record numbers to contactless card payments. But a significant number have also turned to online shopping.

About a third of all retail shopping in December 2020 was through online shopping, according to the Office for National Statistics.

And it wasn’t just a bump in online sales over Christmas, in February 2020 internet sales accounted for 19% of all retail sales and this increased steadily through the year, reaching 33% in May.

Whether it’s doing their weekly shop online, or shopping for clothes, customers have started to become more accustomed to eCommerce.

Even small corner shops, which had barely started taking card payments last year, are now accepting online payments and customer deliveries.

But if you’re going to start taking online payments in your business, you have to make sure you’re using a secure online payment process, and working with a partner who can keep you and your customers safe.

So, here are the main things to consider when it comes to taking secure online payment.


3D Secure


3-domain secure, also known as a payer authentication, is a security protocol that helps to prevent fraud in online credit and debit card transactions by adding an additional verification step with the card issuer when a customer uses their card online.

This additional security was initiated and created by Visa and MasterCard and it’s branded as ‘Verified by Visa’ and ‘MasterCard SecureCode’ respectively.

The payer authentication is a three-part process, so there are three parties involved in the process: the issuer (such as Visa or MasterCard), the acquirer, and the interoperability domain (such as payment system).

When a customer tries to make a payment online, they’ll be sent an authentication/ confirmation code to a designated device (usually a smartphone) which they’ll then enter online as a final authentication.

This process is already widely used by many card issuers and online retailers so most customers will be used to using it.

Card with a secured locked padlock to show security

Locked padlock to show security

Using SSL to secure online payments


An SSL certificate is something you can get when you first set up your website.

Using SSL will encrypt card details (or any details) sent through your website and make sure it’s protected from criminals.

You can tell if your website has an SSL certificate, because the URL will display a locked padlock symbol next to it. A website without an SSL certificate will instead display a warning.

Not only does an SSL certificate secure your customers’ payment details, it also gives them reassurance that your website is safe, making them more likely to buy from you.

Would you put your card details into a website you weren’t 100% sure was secure?

Remaining PCI and GDPR compliant


The Payment Card Industry Data Security Standards are the guidelines for merchants on what they should do to protect sensitive data when taking payments online.

If you choose the right payment provider, they can handle PCI compliance for you.

Just be sure to check if they’re trying to charge you a compliance or non-compliance fee.

These can be very expensive, with some providers charging over £30 per month!

General Data Protection Regulations (GDPR) are also a security consideration if you’re taking any details from customers, as the fines for failing on GDPR compliance can be hefty.

Green shield with a green tick to show compliance

Laptop and phone being used for online shopping

Choosing a secure payment gateway


To take payments online, you need a payment gateway.

You need to consider some key things when it comes to choosing a secure payment gateway and provider.

First, is it PCI level 1 compliant as a minimum?

Does it have data encryption? How does it keep your sensitive data protected and how can it help you prevent fraud?

A payment gateway can help keep electronic transactions secure by:

  • Adding encryption between the customer’s browser and your server so information passed between you will be safe
  • Requests authorisation and approval from the customers card company or bank
  • Fulfilling the payment

All of this happens in a few seconds to create a speedy, secure online payment platform.

How can Handepay help you start taking secure online payments?


Get a secure online payment gateway and online payment system from a reliable provider that lets you take online payments in a safe way for you and your customers.


Financial disclaimer:

Terminal hire contracts are provided by Merchant Rentals Limited, who is authorised and regulated in the UK by the Financial Conduct Authority (FCA) for Consumer Hire under FRN 720500. Terminal hire can be for consumer hire and non-regulated hire contracts. Please check your contract carefully for details. Regulation of all consumer hire fall under the control of the FCA.

Handepay Ltd is authorised and regulated by the FCA for Consumer Credit under FRN 673564. Handepay is a credit broker for consumer hire not a lender.

Handepay acts as an introducer of card acquiring services on behalf of EVO Payments UK, the card acquiring service provider. EVO Payments UK is the trading name of EVO Payments UK Ltd, a payment institution that is authorised and regulated by the Financial Conduct Authority (FRN number 959332).

Existing Cards Businesses- The one-month rolling terminal hire contract from Merchant Rentals is only available to businesses that are switching from their current acquirer to EVO Payments UK arranged through Handepay.

New to Cards Businesses- The 12-month terminal hire contract from Merchant Rentals is only available to businesses that are new to card payments and wish to receive acquiring services from EVO Payments UK, arranged through Handepay.

The Next Day Banking Settlement service provided by EVO Payments UK incurs an additional fee of £4 a month on top of your acquiring service charges and fees. Provided your card machine performs a reconciliation before 12am (midnight), you’ll receive settlement of funds the next banking day.

Editorial disclaimer:

The information we provide does not constitute financial advice and might not apply to your business. Always carry out research into your business’ needs when choosing a new merchant services provider.

Sometimes, we link to other third-party websites to provide you with additional information. At the time of publication, we consider the information accurate, however, we do not have control over their content and are not responsible if any information on these websites change.

The products we display on our website are for illustrative purposes only - if your business requires additional facilities, you may receive a different model than advertised.

All of the information contained on this website, including fees, services and functionality, are correct at time of publishing. E&OE.