Home » Payment Processing » How to Accept Payments

How to Accept Credit Card Payments Online

To accept credit card payments online, you need a payment processor (like Stripe, PayPal, or Square), an SSL-secured website, and a checkout page that collects card information. On a modern ecommerce platform like Shopify or WooCommerce, the entire setup takes less than an hour. On a custom website, you can use Stripe Checkout or Payment Links to start accepting payments without writing any code.

Step 1: Choose Your Ecommerce Platform or Website Setup

Before selecting a payment processor, you need to know how your online store is built, because the platform determines which processors integrate cleanly and which require extra work. There are three common scenarios.

Hosted ecommerce platform (Shopify, BigCommerce, Squarespace): These platforms handle hosting, security, and checkout for you. Payment processor setup is a matter of entering account credentials in the platform settings. This is the easiest path. Shopify has its own processor (Shopify Payments), BigCommerce partners with PayPal and Stripe, and Squarespace uses Stripe exclusively.

Self-hosted ecommerce (WooCommerce, Magento, PrestaShop): You install the ecommerce software on your own web hosting and add payment gateway plugins. Setup takes more steps, but you have full control over the checkout experience and can use any payment processor that offers a compatible plugin. WooCommerce has official plugins for Stripe, PayPal, Square, and dozens of other gateways.

Custom website or landing page: If you sell a single product, a service, or a small number of items on a custom website, you can use Stripe Payment Links (shareable URLs that open a hosted checkout page), Stripe Checkout (an embeddable checkout session), or PayPal buttons. These tools let you accept payments without building a full ecommerce store.

Step 2: Select a Payment Processor

Your choice of processor depends on three factors: your platform, your monthly sales volume, and whether you also sell in person.

If you use Shopify: Use Shopify Payments. It eliminates the 0.6% to 2% surcharge Shopify charges on external gateways. Add PayPal as a secondary option for customers who prefer it.

If you use WooCommerce: Use WooCommerce Payments (Stripe-powered, managed within your WordPress dashboard) or the standalone Stripe plugin for WooCommerce. Both charge 2.9% + 30 cents per transaction with no monthly fees.

If you sell online and in person: Use Square. The 2.9% + 30 cents online rate matches Stripe, and the in-person rate of 2.6% + 10 cents with affordable hardware ($49 contactless reader) gives you a unified system for both channels.

If you have a custom website: Use Stripe. The API documentation, pre-built checkout components, and Payment Links make it the most flexible option for non-platform setups.

If you process over $25,000/month: Evaluate interchange-plus pricing from Helcim, Payment Depot, or a traditional merchant account. The savings of 0.3% to 0.7% per transaction on high volumes translate to hundreds or thousands of dollars per month.

Step 3: Create Your Account and Verify Your Identity

Modern payment processors use automated onboarding that takes five to fifteen minutes. You will need your legal business name (or your full name if you are a sole proprietor), your business address, your Employer Identification Number (EIN) or Social Security Number, your date of birth, a government-issued photo ID, and your business bank account routing and account numbers.

Stripe and Square approve most standard-risk businesses instantly or within a few hours. PayPal approval is usually immediate. If your business is in a category that the processor considers higher risk (supplements, firearms accessories, adult content, travel), the review process may take longer or require additional documentation.

During signup, you will also set your business statement descriptor, the name that appears on your customers' credit card statements. Choose something recognizable: your store name or brand name. A confusing descriptor (like a parent company name the customer has never seen) is one of the most common causes of "friendly fraud" chargebacks, where the customer does not recognize the charge and disputes it.

Step 4: Connect the Processor to Your Website

On Shopify: Go to Settings, then Payments. Click "Activate Shopify Payments" and complete the business verification. If you want to add PayPal, scroll to "Additional payment methods" and connect your PayPal Business account. That is it.

On WooCommerce: Install the WooCommerce Payments plugin or the Stripe for WooCommerce plugin from the WordPress plugin directory. Go to WooCommerce, then Settings, then Payments. Click "Set up" next to your chosen gateway and follow the prompts to connect your Stripe or processor account. Enable test mode and process a test transaction to confirm the integration works.

On BigCommerce: Go to Store Setup, then Payments. Select your preferred gateway from the list, enter your account credentials (API keys for Stripe, email for PayPal), and save. BigCommerce supports over 65 payment gateways out of the box.

On a custom website with Stripe: The simplest approach is Stripe Checkout. You create a Checkout Session through the Stripe API (or dashboard), and Stripe hosts the entire payment page for you. The customer clicks your "Buy" button, gets redirected to a Stripe-hosted checkout page, completes payment, and returns to your site. No card data ever touches your server, and PCI compliance is minimal (SAQ A).

Step 5: Configure Your Checkout Page

A well-configured checkout page directly affects your conversion rate. Every unnecessary field, confusing label, or missing trust signal costs you sales. Focus on these elements:

Accepted payment methods: At minimum, accept Visa, Mastercard, American Express, and Discover. Enable Apple Pay and Google Pay, which Stripe, Square, and Shopify Payments all support. These digital wallets let mobile shoppers pay with a fingerprint or face scan, bypassing form filling entirely. Stores that enable Apple Pay and Google Pay typically see a 3% to 8% increase in mobile checkout conversion.

Address collection: Collect the billing address for AVS verification (it reduces fraud and can qualify transactions for lower interchange rates). Only collect the shipping address if you are shipping a physical product. Do not collect a separate billing and shipping address by default, make it an option for customers whose billing address differs.

Guest checkout: Allow customers to buy without creating an account. Forced account creation is the second most common reason for cart abandonment (after unexpected costs). You can offer account creation as an optional step after checkout is complete.

Trust signals: Display recognized security badges (SSL lock icon, card network logos), your return policy, and customer service contact information on the checkout page. These signals matter most for stores without established brand recognition.

Step 6: Enable Fraud Protection

Fraud costs online merchants an average of 1.4% of revenue, and chargebacks cost approximately $2.40 for every $1 of actual fraud (because of fees, lost merchandise, and operational costs). Set up these protections before you start processing real transactions:

AVS (Address Verification Service): Checks the billing address the customer enters against the address on file with their card issuer. Most processors enable this by default. Configure your gateway to decline transactions where the street address and ZIP code both fail to match.

CVV verification: Requires the three or four digit security code on the back (or front, for Amex) of the card. This proves the customer has the physical card and is not using a stolen card number alone. Always require CVV for online transactions.

Stripe Radar / built-in fraud tools: Stripe Radar is included free and uses machine learning to score every transaction for fraud risk. It blocks obvious fraud automatically and flags borderline transactions for review. Square and PayPal have similar built-in fraud detection. Turn these tools on (they are usually enabled by default) and review the blocked transaction reports weekly to ensure they are not flagging legitimate customers.

3D Secure: An additional authentication step where the customer verifies their identity through their bank (via a one-time code, biometric, or app confirmation). 3D Secure shifts fraud liability from you to the card-issuing bank, meaning if a 3D Secure-authenticated transaction turns out to be fraudulent, the bank absorbs the loss, not you. Stripe and other processors let you enable 3D Secure for all transactions or only for transactions their risk models flag as high risk.

Step 7: Set Up Payouts

After you process payments, your processor holds the funds and deposits them into your bank account on a schedule. Stripe deposits on a rolling two-business-day schedule by default (Monday's sales arrive Wednesday, Tuesday's arrive Thursday). Square deposits on a similar schedule. PayPal holds funds in your PayPal balance until you transfer them.

Link your business bank account (not a personal account) to your processor. A business checking account separates your personal and business finances, simplifies tax preparation, and is required by some processors. If you do not have a business bank account yet, open one before setting up payment processing. Most banks offer free or low-cost business checking accounts for small businesses.

If cash flow is critical, both Stripe and Square offer instant deposits for an additional fee (1% for Stripe, 1.75% for Square). These deposit funds to a linked debit card within minutes. This feature is valuable for businesses that need to access revenue immediately to purchase inventory or cover expenses.

Step 8: Process a Live Test Transaction

Before announcing your store to the world, place a real order yourself. Use your own credit card, go through the complete checkout process, and verify the following:

The payment appears in your processor dashboard as a completed transaction. The order confirmation email sends correctly to the customer (you, in this case). The order appears in your ecommerce platform's order management system. The funds settle to your bank account within the expected timeframe (check after two to three business days). Then issue a full refund for the test transaction and confirm the refund appears in both your processor dashboard and your bank statement.

This live test catches issues that sandbox testing misses: email delivery, actual settlement timing, and the real customer experience on your checkout page. It costs you nothing except the temporary hold on your card and a few cents in non-refundable processing fees.

Common Setup Mistakes to Avoid

Using a personal bank account for deposits: This complicates your taxes, makes bookkeeping difficult, and some processors will flag or close accounts that deposit to personal accounts. Use a business checking account.

Not setting a recognizable statement descriptor: If your legal business name is "JPC Holdings LLC" but your store is called "Sunshine Candles," use "Sunshine Candles" as your descriptor. Unrecognizable descriptors cause chargebacks from confused customers.

Skipping SSL: Your entire website must use HTTPS, not just the checkout page. Browsers display "Not Secure" warnings on HTTP pages, which destroys customer trust. Most hosting providers include free SSL certificates through Let's Encrypt.

Not enabling test mode first: Always process test transactions in your processor's test/sandbox mode before going live. Test mode uses fake card numbers that simulate successful and failed transactions without moving real money.