Gala Technology Limited
+44 (0) 1709 911 661   Email Us 

How to start taking payments on your website

Converting online traffic into sales and cash-flow

Are you looking for information about how you can start taking payment on your website?

Are you a market trader, retailer or gym looking to expand accept secure digital payments online?

Has COVID had an impact on your business with reduced footfall and even enforced closure?

If so, you are in the right place.

In this short blog, we are going to look at what is required to get your website ready to take online payments and the options that are available to you.

How are you building your website?

The first question to ask is how you intend to build your website. Will you be using a website building platform, packed with useful templates such as Shopify, Wix or Square or engaging with a developer for a custom-built website? If you intend to use one of the website building platforms, you should investigate their payments options, pricing, and flexibility, prior to committing as you can get limited options as to which payment gateways and partners you can use, often resulting in much higher processing fees. For example, on a purchase made with a debit card, Wix will charge you around 2.75% of the transaction value + 20p, which is much more expensive than you would pay with a traditional merchant account and gateway via Gala Technology and our partners.

Take time to consider whether the transaction rates are fair and whether this would affect your margins if your business were to grow quickly. A custom-build website might cost more in the first instance, but will give you control of your destiny and the ability to change providers in the future, in order to maximise profit.

Things to consider when selecting the right payment solution.

One of the most critical factors to consider when setting up electronic payments or e-commerce store is how you’ll accept payments.

Customers expect online payments to be quick, secure, and convenient. To make the process run as smoothly as possible, you need to set up the right merchant account, check out journey and payment gateway for your business.

A few terms to be familiar with to help you make the right decision are:

If you’re completely new to accepting credit or debit card payments, you’ll need to apply for a merchant account before you can start taking card payments.

A merchant account is a specific bank account that acts as a holding pen for money before it is moved into your actual business bank account.

Merchant Accounts are normally sourced from a Merchant Acquirer, an Independent Sales Organization (ISO), or ‘All in One’ providers such as Stripe or Paypal, whom will provide you with a Merchant ID (MID), which is unique identification number assigned to the business.

Gala Technology work with over 20 providers of merchant accounts, enabling us to source the best deal for you and your business, whilst offering free independent advice.

Simply put the Acquirer will ‘Acquire’ the money from the customers bank account and ‘settle’ it into the business account associated with the merchant ID (MID), in conjunction with the card issuer. The Acquirer will charge a percentage on the transaction value for providing this service (Merchant Service Charge). These rates can vary between card types (Visa, Mastercard, AMEX etc) and whetherthey are debit, credit or commercial/business cards. ‘All in One’ providers such as Paypal, Stripe tend to offer no monthly charge for their services, but much higher processing rates. For example, Stripe charge between 1.4% -2.9% of the transaction value + 20p, and Paypal can be as high as 2.9% + 30p for domestic payments, with additional fees for international payments.

Gala Technology can offer free, independent advice on your options and the best route to take, depending on your businesses requirements and access to our established relationships to 20+ acquirers helping you obtain the best rates, service, and settlement times of funds to aid cashflow.

We are all familiar with using card terminals in physical locations, such as a local cafe, so the best way to think about a payment gateway is as a digital card machine for your website. These are sometimes referred to as an e-commerce gateway. or PSP (Payment Service Processer).

When a customer decides to buy something from you, they'll be asked to checkout online. Your payment gateway provides a secure area where the customer can enter their card information. If successful, the gateway, along with the acquirer and card issuer will process the transaction and deposit the money into your business account.

Essentially, the business needs to decide whether they want to work with an ‘all in one’ provider, such as Stripe, Paypal or Square who act as BOTH the acquirer and the payment gateway. Typically, these providers do not charge a monthly fee – which at first glance can look great, however the high processing rates can mean that long-term, they can end up costing you more to process online payments.

The other option is to select an acquiring partner (to move the funds from A-B) and a payment gateway partner with the functionality you require. Although you may pay a monthly fee for the service, it can often work our far cheaper in the long run.

Indicative pricing – based on a debit card transaction of £500

Stripe - £500 @1.4% + 20p = £7.19

Paypal - £500 @2.9% + 30p = £14.79

Merchant Account and Payment Gateway via Gala Technology - £500 @0.4% + 10p = £2.10

Gala Technology would suggest that you carefully consider the options above as working with an ‘all in one’ provider or building your website on a particular platform, can significantly reduce your options and lock you in to your payment’s provider, thus unable to compare the market for a better commercial deal. Gala Technology’s award-winning SOTpay+ payment gateway is somewhat acquirer agnostic, with connectivity to over 50 acquirers in the UK, Europe, Asia and North America.

Gala Technology’s payment gateway has connectivity to some of the biggest names in payments, including but not limited to.

Gala Technology’s Open Payment Network offers an independent payment gateway with a vast array of acquiring banks UK-wide. We also connect to many leading global payment financial institutions allowing us to offer a wide range of payment solutions.

Our PCI DSS level 1 compliant SOTpay+ gateway* provides a secure platform to accept credit and debit card transactions allowing our merchants to offer a range of payment methods including American Express, Visa and Mastercard, Apple Pay, and Google Pay. Omni-channel payments are also supported to allow you payment processing across all platforms – from card reader to ecommerce channels.

All UK based acquirers are integrated into the Open Payment Network as well as further acquirer connections in Europe, North America and Asia.

Customer support, a wide range of shopping cart options, and documentation allow for easy integration with for all our merchants.

Normally there are a few different ways that you or your development team can use in order to integrate a payment gateway into your website.

Direct Integration:

Direct integration means that the payment gateway is within your environment and the customers checkout process and where they fill in their sensitive details is directly on your website.

With a direct integration, merchants have complete control of the look, feel and journey to enhance customer experience. Whilst that level of control can be attractive, deploying a payment gateway via direct integration means you’re responsible for ensuring transaction security and data protection throughout the entire checkout process and can significantly increase the scope of PCI DSS and heighten the risk of hackers targeting your website to try to intercept and steal data.

Hosted Integration:

A hosted payment gateway integration is a checkout system that redirects the user to the payment gateway provider’s page. This means that the user will ‘leave’ your website to enter their card details into a secure environment, often referred to a hosted payment page, complete payment and then be sent back to your website upon completion. This option is incredibly popular with web developers and business owners, as the PCI DSS requirements are managed by your third-party-provider to ensure that the data is processed in a secure environment. With that said, it is the responsibility of the merchant to ensure that their chosen partner is PCI DSS compliant.

Gala Technology’s SOTpay+ payment gateway offers both Direct and Hosted integration options to meet the needs of your business. The standard Hosted Payment Page is designed to be shown in a lightbox over your website and styled with logos and colours to match. Alternatively, you can arrange for fully customised Hosted Payment Pages to be produced that can match your website’s style and layout. These fully customised pages are usually provided using a browser redirect, displaying full-page in the browser, or can be displayed embedded in an iframe on your website. Whichever integration option you choose, you’ll also need to select an e-commerce shopping cart.

An e-commerce shopping cart is a piece of software that enables customers to view items in their online ‘shopping basket’. The eCommerce shopping cart allows consumers to select products, review what they selected, make modifications or add extra items if needed, enter in discount codes and purchase the products.

Every online store must have the shopping cart functionality to be able to sell products to customers. Essentially, there are two types of shopping carts – hosted and self-hosted/licensed shopping carts.

The ‘hosted’ shopping cart model is a type of software as a service (SaaS) and tend to be off-the-shelf solutions managed by the company who created them. In this scenario, the merchant typically pays a recurring monthly fee for access to the software.

The merchant cannot choose the web server’s configuration or location, and usually the merchant may in no way modify or customize the shopping cart software. On the plus side, using their pre-designed website templates means you can set up a completely new store and add in their shopping cart or simply add purchase and ‘buy now’ buttons to your existing website and start selling immediately.

In the ‘self-hosted/licensed’ shopping cart model, a merchant usually pays a license fee or one off fee to ‘purchase’ the software. Within reason, the merchant may place the software on any web server and, in most cases, may modify or customize the shopping cart software. Simply put, the ‘self-hosted/licensed’ model means that you download the software and run and host it yourself.

Popular shopping carts include WooCommerce, Shopify, Magento and Wix.

It is important to note that with the likes of Shopify and Wix you are restricted to who you can select as your payment gateway partner, so you should take time to consider the right options for your business.

Gala Technology’s SOTpay+ offers connectivity to a host of acquiring partners and a number of leading e-commerce shopping carts, complete with easy integration guides to follow.

Accept All Major Card Types:

In a global marketplace with increasing cross-border spend from tourism and online transactions, it is important to offer end merchants the ability to accept all major card types. By providing global cardholders with the flexibility to pay with their preferred card, end merchants will have more opportunities to increase payment conversions. Gala Technology’s SOTpay+ payment gateway accepts and processes all major card types.

Alternative Payment Methods (APM’s):

APM’s such as Paypal can increase checkout conversion rates. A study from comScore, a recognized global leader in cross-platform measurement of audiences, advertising, and consumer behaviour, revealed that PayPal often outperforms other online payment methods when it comes to checkout conversion rates. Whilst checkout conversion is obviously important, the merchant should also consider the cost implications of using APM’s as their processing rates are often much higher than traditional card payments.

Gala Technology’s Open Payment Network offering over 150 Alternative Payment Methods (APMs), new markets with locally preferred alternative payment methods, such as bank transfers, digital wallets and vouchers, can be entered via a single API.

Security and Fraud Prevention:

You should ensure that your payment gateway offers the latest security and fraud prevention tools, including PSD2, 3D-Secure (3DS) and SCA (strong customer authentication). Other popular checks are the ‘Card Security Code, (also known as CV2, CVV, CSC, or the 3 digits of the back) checks, as well as Address Verification System checks (AVS) to reduce the risk of fraud and related chargebacks. Gala Technology’s SOTpay+ payment gateway offers all of these security options, complete with the ability to manage your security preferences from the merchant management system, including control of which countries you would like to accept payments from and which card schemes you wish to accept.

DDoS Mitigation:

A DDoS (Distributed Denial of Service) attack is an attempt to make an online service unavailable by flooding the bandwidth of a web server with huge amounts of traffic. DDoS attacks are becoming more prevalent in the news, with many high-profile websites disrupted by these attacks. Gala Technology has partnered with a leading cloud-based DDoS mitigation solution provider that provides with an enterprise level global solution, offering 365, 24/7 protection against the largest DDoS attacks.

This provides you with absolute peace of mind that, no matter the security issue, your payment flow is unaffected.

Recurring Payments & Tokenisation:

To tokenise something means to change it into something else, so in the case of a payment, tokenising a customer’s information means that the data, such as card number, expiry date, name and address, is effectively transformed from valuable content into largely useless strings of numbers and letters. Tokenising data means that it can be moved between networks without ever exposing the information in its true form. This helps store sensitive card information in a PCI DSS compliant manner.

It also enables merchants to set up ‘one-click payments’ for subsequent transactions, or set up recurring payments, which should be thought of a direct-debit, but using cardholder data rather than bank account data to make the payment.

With every transaction that passes successfully through the Gala Technology SOTpay+ Payment Gateway, the system raises a Cross Reference (sometimes known as a Token). These Cross References can be used in lieu of card details for the purpose of repeat or recurring payments, as well as refunds based upon an existing payment.

The Cross Reference will allow transactions to be processed for the same or more or less than the original amount, giving you full flexibility to run subscription, membership, or any kind of recurring payments business.


Sending your customers an automated receipt via email gives them comfort in knowing that their order has been processed successfully and the merchant had their order. Gala Technology offers the merchants and their cardholders the ability to collect a receipt for any transactions they process. The receipts contain details of the sale, such as the address information of the cardholder; the cross-reference number; and the acquiring and issuing bank.

Reporting Capabilities:

Reporting functionality is key for any business looking to reconcile accounts and finances in a timely manner. The Gala Technology SOTpay+ payment gateway, comes complete with a full merchant management system (MMS) which includes comprehensive transaction results and reporting tools.

Absolutely! Compliance to the Payment Cards Industry Data Security Standards (PCI DSS) is a contractual obligation between the merchant and their acquiring partner. It is the responsibility of the business to ensure that cardholder data is safe and secure, even it you are outsourcing or using a third-party-service-provider. It is essential that you look for a supplier that has the relevant ‘certification’ regarding the safe collection of data and the prevention of fraud. You should ask any potential partner to provide their ‘attestation of compliance’ (AOC).

PCI compliance means a merchant site must comply with 12 core requirements, listed below. For more in depth information on PCI DSS you can visit our helpful guide here.

  1. Install and maintain a firewall to protect cardholder data
  2. Protect stored cardholder information
  3. Do not use vendor-supplied defaults for system passwords and other security parameters
  4. Use and regularly update anti-virus software
  5. Encrypt the transmission of cardholder data across public, open networks
  6. Develop secure systems and applications, and maintain them
  7. Restrict all access to cardholder data by third-parties
  8. Assign a unique ID to each person with computer access
  9. Restrict physical access to cardholder data
  10. Track and monitor all access to network resources and cardholder data
  11. Regularly testing your security systems and processes
  12. Maintain a policy that addresses information security for all parties

In today’s digital world, consumers expect to be able to pay how they want, when they want. Think about physical retail environments, how many people are now using their smart phones to make purchases via card through Apple Pay and other digital wallets.

You should therefore consider additional payment options for your e-commerce website to avoid the dreaded ‘shopping card abandonment’. As a merchant, you should keep an eye on the increase of the shopping cart abandonment rate in your business, conduct analysis and research the average rate in the industry and the region you are in, for the abandoned carts not to become a problem that would have a high impact on your margins.

One way to reduce friction in the payment process is to eliminate the need to create an account. Forcing someone to sign up to an account on your website for a one-time purchase can quickly kill the sale. Whist this might not seem like much of an ask from the merchants side, for a time-poor customer looking to make a quick purchase, this can be a real deal-killer, which recent reports stating that a massive 34% of people abandon their cart because they’ve been forced to create an account.

Alternative payment methods or APM’s are typically any payment method that does not involve cash or a major payment card when purchasing goods and services. APM’s include the likes of Paypal, iDeal, SEPA and Alipay.

While credit and debit cards remain popular, the ways in which people pay are changing rapidly around the world. Gala Technology’s Open Payment Network offering over 150 Alternative Payment Methods (APMs), new markets with locally preferred alternative payment methods, such as bank transfers, digital wallets and vouchers, can be entered via a single API.

Open Banking is one of the fastest growing ways to accept a payment. Open Banking should be thought of as the next generation of account2account or bank transfer payments. You can read more about Open Banking here.

Companies and organizations need to add SSL certificates to their websites to secure online transactions and keep customer information private and secure. An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.

When a website is secured by an SSL certificate, the acronym HTTPS (which stands for HyperText Transfer Protocol Secure) appears in the URL. Without an SSL certificate, only the letters HTTP – i.e., without the ‘S’ for Secure – will appear. A padlock icon will also display in the URL address bar. This signals trust and provides reassurance to those visiting the website.

SSL works by ensuring that any data transferred between users and websites, or between two systems, remains impossible to read. It uses encryption algorithms to scramble data in transit, which prevents hackers from reading it as it is sent over the connection. This data includes potentially sensitive information such as names, addresses, credit card numbers, or other financial details.

  • A browser or server attempts to connect to a website (i.e., a web server) secured with SSL.
  • The browser or server requests that the web server identifies itself.
  • The web server sends the browser or server a copy of its SSL certificate in response.
  • The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver.
  • The web server then returns a digitally signed acknowledgment to start an SSL encrypted session.
  • Encrypted data is shared between the browser or server and the webserver.

Let's Talk
Our team of experts have many years of experience in payment solutions of all kinds, including PCI-DSS compliant card payments, direct debit and Open Banking. To book a free consultation to find out more about how we can help your business to accept smooth and easy payments, simply give us a call on 01709 911661, drop us an email here, or let us know which day is most convenient via the calendar below and we’ll be in touch when it suits you.

Armor Secure Hosting    DMARC - Email Protection    Data Protection People    PCI Compliant

Gala Technology Limited, Unit 10 Farfield Park, Manvers, Rotherham, South Yorkshire, S63 5DB
what3words location ///balance.buyers.shrug


Copyright © 2015 - 2021 Gala Technology Limited. All Rights Reserved.