The Shopp e-commerce plugins offers two kinds of payment processing — on-site and off-site. In this article we’ll take a look at the similarities and differences between these two options.

Onsite or Offsite Payment Processing?

Onsite or Offsite Payment Processing?

The Shopp core plugin comes with six payment options.

They are:

  1. 2Checkout
  2. Google Checkout (recently renamed Google Wallet)
  3. Offline Payment
  4. PayPal Express
  5. PayPal Standard
  6. Test Mode

Off-site Payment Processing

2Checkout, Google Checkout, PayPal Express, and PayPal Standard are all examples of off-site payment gateways. They are referred to as “off-site” as part of the checkout process takes place on another site.

To illustrate, lets take a look at a workflow of a payment with PayPal Standard:

Customer arrives on your site → Adds items to their shopping cart → Proceeds to checkout page, enters their customer information and submits order → Goes to to complete payment → Arrives back on your site to receive a order confirmation

Looking at the example above, we can see that between the third and fourth steps, a customer is transferred off-site to to complete a payment.

Google Checkout and 2Checkout also have a similar workflow.

How does this compare to on-site payment processing?

On-site Payment Processing

With on-site payments, a customer remains on your site for the entire shopping experience. Here is an example of the workflow for the Offline Payment gateway:

Customer arrives on your site → Adds items to their shopping cart → Proceeds to checkout page, enters their customer information, and submits order → Receives an order confirmation

Note: The Offline Payments addon does not capture funds, but creates incomplete orders with an “authorized” payment status. Store managers will need to have other payment arrangements available (phone or bank transfer) so the customer can make the payment.

Another example of an on-site payment gateway is Authorize.Net. It is a premium add-on for Shopp and allows you to accept credit and debit cards directly on your site.

Here is an example of the checkout process for Authorize.Net:

Customer arrives on your site → Adds items to their shopping cart → Proceeds to checkout page, enters their customer & billing information, and submits order → Receives an order confirmation

Additional Requirements for On-site Payment gateways

On-site payment gateways require an SSL certificate. This is because you are accepting sensitive financial information on your site. At minimum, your site will need a dedicated SSL certificate with a unique IP address.

Shared & Proxy SSL options are not compatible. Learn more about SSL setup and certificates

It’s also important to be aware that taking onsite payments exposes your business to more PCI requirements.

PCI-DSS is a set of standards that were created by the Payment Card Industry Security Standards Council to ensure safe handling of financial data on a site. There are 12 requirements and here is an overview or summary of those requirements:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

The payment processor will usually follow up with the owner of the store in regards to PCI compliance. A SAQ or Self Assessment Questionnaire is then completed by the store owner which ensures that they understand and are complying with the PCI requirements. Note that Shopp is not certified as a PA-DSS shopping cart. However, your website can still certify as PCI compliant. Learn more about PCI compliance

Best Practices and Recommendations

Generally, offering a mix of off-site and on-site payment gateways will offer the most flexibility for your customers. Flexibility for your customers is important because it can improve conversions (sales) in your online store.

Remember, on-site payments offer an easier checkout process since the customer does not need to leave your site to send a payment. However, at the same time a customer may not want to use a bank card or may prefer an option such as PayPal or Google Checkout.

The Test Mode payment gateway was not highlighted earlier as it does not allow you to accept payments. It is helpful for testing the checkout process for your store but should be disabled after testing is complete.

Additional on-site and off-site payment gateways are available in the Shopp store.

Image credit: PT money


Lorenzo Orlando Caum is the founder of Enzo12 LLC, a consultancy in Tampa, FL.

Lorenzo provides consulting services such as a Shopp upgrade service through Shopp 101. He also recommends using managed WordPress hosting with Shopp because a faster site means more sales.

You can learn more about Lorenzo, you can follow @lorenzocaum on Twitter or check out his blog.

You must be logged in to post a comment.

© Ingenesis Limited. Shopp™ is a registered trademark of Ingenesis Limited.