is an easy way to take credit card payments online and it's quick and easy to set up. Your customers will need to have a PayPal account as well, and link the credit or debit card they want to use to the account.
You'll be able to create 'pay now' or 'subscribe' buttons for your website, request money, send invoices, pay money to another paypal account, and forward money directly to your business bank account. PayPal will charge you a small fee for each transaction but it's free for your customers.
You can also get a PayPal debit card to spend the money directly from your PayPal account without having to transfer it anywhere.
Google Checkout is another way you can take credit card payments. Your customers will need a Google account as well, and link their credit or debit card to the account. You'll then be able to add 'buy now' and Google Checkout shopping cart buttons to your website and email invoices. Google will make a small charge per transaction but your customers won't pay anything extra.
If you have a Google account already just select the Google Checkout feature from the products area. If you don't already have one you'll need to create a Google account
Google checkout is moving to 'Google Wallet' in 2012 so you may see both terms being used.
Merchant bank account
For small business PayPal and/or Google checkout are often all you need. However if you want to accept direct payment by credit or debit card online, over the phone or face to face you’ll need a merchant payment bank account. You'll be charged a set-up fee, a fixed monthly fee, plus a fee for each transaction.
If you’re taking payments from customers face to face you’ll need to rent or buy a terminal from your service provider.
If you take payments directly by credit card you need to be aware of the Payment Card Data Security Standard (or PCI DSS) which has been developed by the card issuers such as MasterCard and Visa to protect sensitive personal and financial information.
How to comply with the Payment Card Industry Data Security Standard
The six principles of PCI DSS compliance are:
Build and maintain a secure network- eg install and maintain a firewall to protect your data and don't use vendor defaults for system passwords
Protect cardholder data - eg encrypt transmission of cardholder data when using open public networks
Keep a vulnerability management plan- eg update your anti-virus software
and maintain secure systems and applications
Implement strong access control practices- eg limit access to cardholder data to a 'need to know' basis, give every person with computer access a unique ID and limit physical access to cardholder data
Monitor and test your networks on a regular basis - eg track and monitor access to network resources and cardholder data, run regular tests on security systems and procedures
Keep an information security policy- eg have a written policy that documents your information security policy
More info can be found in this Guide to PCI DSS compliance published by the PCI Security Standards Council in October 2010.