There are two payment handling approaches typically used on the web. Onsite payment processing handles the entire payment process on the merchant’s secure website. In other words, the customer never leaves the e-commerce website they are buying from.
Offsite payments, on the other hand, take the customer offsite to a web page that the payment processing service provider manages for the customer to provide payment details securely. A secure website (using SSL encryption and up-to-date software) is the merchant’s responsibility when using onsite checkout. The payment processing service provider is responsible for the security of the payment process for the offsite checkout process.
All 4 built-in payment gateway integrations provide an offsite checkout experience. This helps most merchants get started quicker and with much less setup requirements. All Onsite checkout systems require the WordPress/Shopp website to have a valid, signed SSL encryption certificate and, depending on the payment gateway, will also require regular PCI-DSS compliance reports.