Accepting online payments

Find a bank to process your online payments

Guide

Online payments are processed by acquiring banks where businesses can open an internet merchant account (IMA). These banks include:

  • Barclaycard Business
  • HSBC
  • Lloyds Banking Group
  • NatWest/Royal Bank of Scotland
  • Ulster Bank

The following charge-card companies also act as acquiring banks:

  • American Express
  • Diners Club

American Express and Diners Club will only accept payments from their own cards.

The acquiring banks have strict requirements and it's possible that even the bank you use for your business current account may refuse you - see checklist: applying for an internet merchant account. Alternatively, there are other IMA providers that you can find online.

Once the IMA has been set up, secure socket layer (SSL) technology is used to encrypt transaction data and to send the necessary customer and card details to the acquiring bank in order to authorise the purchase. You should, therefore, ensure that any web-hosting solution you are considering can support the HTTPS SSL protocol.

General Data Protection Regulation (GDPR)

Under GDPR, the Information Commissioner's Office can issue fines for data security breaches. The size of the fine will depend on the size and scope of the breach, if the breach was deliberate or accidental, the affected organisation's finances and how much trouble the breach caused.

See GDPR penalties and fines.

In order to help reduce security breaches, organisations need to comply with the Payment Card Industry Data Security Standard - see Payment Card Industry Data Security Standard compliance.