Ecommerce

Ecommerce payments for Ecommerce businesses.

Ecommerce businesses need reliable payment processing to maximise sales and minimise friction. Cardflo provides a payment orchestration platform designed to improve approval rates, reduce costs, and offer a seamless customer experience.

We help you navigate the complexities of online payments.

Industry
Ecommerce businesses
Category
Ecommerce
Cardflo support
Yes
Apply now

The overview

Ecommerce payment processing functions as the critical link between a digital storefront and the financial institutions that facilitate capital movement.

Operating at the application layer of the payments stack, ecommerce gateways and orchestration platforms manage the flow of transaction data from the customer's browser to the acquirer.

This process involves complex interactions including Strong Customer Authentication (SCA) to comply with PSD2, real-time risk assessment, and currency conversion for cross-border transactions. Merchants must balance the necessity of rigorous fraud prevention with the requirement for low-friction checkouts to prevent cart abandonment.

Effective management involves coordinating with multiple service providers, including gateways, acquirers, and alternative payment method (APM) providers.

By centralising these connections, businesses can implement smart routing logic to direct transactions based on the Merchant Category Code (MCC), geographical location of the issuer, or specific scheme fees, ultimately aiming to optimise authorisation rates and reduce the overall cost of acceptance.

How it works

  1. Initial Transaction Authorisation

    When a customer submits payment details at checkout, the data is encrypted and transmitted via a secure gateway. The transaction undergoes initial checks for validity, including AVS and CVV verification, before being routed to the acquirer.

    The acquirer then communicates with the card scheme and the issuer to request funds.

  2. SCA and 3DS Verification

    For transactions within the European Economic Area or UK, the merchant must trigger 3-D Secure protocols to satisfy SCA requirements.

    This step involves a challenge or a frictionless flow managed by the Directory Server, which determines if the cardholder requires further authentication to confirm their identity and intent.

  3. Intelligent Routing Decisions

    Payment orchestration logic analyses the transaction profile in real-time. It selects the optimal acquiring partner based on historical performance, cost, and the geographic relationship between the merchant and the issuer.

    This redundancy ensures that if one acquirer experiences a service interruption, the payment is rerouted automatically.

  4. Capture and Settlement Process

    Once the issuer provides an authorisation code, the transaction enters a pending state. The merchant later submits a capture request, usually upon dispatch of goods.

    The acquirer manages the settlement process, where funds are moved from the issuer to the merchant account, minus interchange and scheme fees.

Why it matters

Conversion Rate Optimisation

Technical declines and high-friction authentication processes are primary contributors to revenue leakage in ecommerce. Implementing robust retry logic and using network tokens can significantly reduce soft declines.

By providing a stable environment with multiple failovers, businesses ensure that legitimate transactions are not blocked by secondary factors such as temporary gateway timeouts or rigid fraud filters.

Cost Management and Transparency

Processing costs represent a significant portion of ecommerce overheads. By using an Interchange Plus Plus (IC++) pricing model rather than blended rates, merchants can see the specific breakdown of interchange, scheme fees, and acquirer margins.

This transparency allows for better negotiation with partners and more accurate financial forecasting as the business scales across different jurisdictions.

Regulatory notes

PSD2 and SCA Compliance

The Revised Payment Services Directive (PSD2) necessitates Strong Customer Authentication for most remote electronic payments in the EEA and UK. Ecommerce merchants must ensure their payment stack supports 3-D Secure version 2.

2 or higher to request exemptions and manage the authentication flow properly. Failure to comply can result in soft declines by issuers who are legally mandated to refuse non-compliant transactions.

Use cases

Subscription and Recurring Billing

Merchants offering subscription models require secure storage of payment credentials. Using vaulting and account updater services ensures that recurring MIT (Merchant Initiated Transactions) continue without interruption when card details expire or are replaced.

International Market Expansion

Businesses moving into new regions must support local APMs such as iDEAL, Giropay, or digital wallets. A centralised orchestration layer allows for the rapid integration of these methods without extensive re-engineering of the checkout.

High-Volume Flash Sales

During peak traffic periods, payment systems must handle high concurrency. Distribution of load across multiple MIDs (Merchant IDs) prevents bottlenecks at a single acquirer, maintaining site performance and successful throughput.

By the numbers

85–92%
Average Authorisation Rate

This represents the typical industry range for healthy ecommerce businesses, though rates vary significantly by MCC, geography, and use of 3DS.

10–20%
Cost Savings via Routing

Merchants often observe this magnitude of reduction in processing fees when moving from blended pricing to an optimised multi-acquirer routing model.

15–25%
Cart Abandonment related to Friction

Industry research suggests a significant portion of customers abandon checkouts due to complex authentication or lack of preferred local payment methods.

Payments built for Ecommerce businesses.

Book a scoping call to see how Cardflo would set you up.

Apply now

What's included.

  • Manage multiple acquirer relationships through a single unified technical integration point.
  • Utilise intelligent routing to direct transactions based on cost and historical approval performance.
  • Implement automated retry logic to recover revenue from temporary soft decline responses.
  • Support a wide range of global alternative payment methods to reduce checkout friction.
  • Reduce PCI-DSS compliance scope by using secure hosted fields or full payment redirection.
  • Access granular transaction data across all regions for comprehensive financial reporting and analysis.
  • Automate the management of recurring billing cycles and merchant-initiated transaction sequences.
  • Utilise network tokenisation to maintain card-on-file accuracy and improve authorised transaction volumes.
  • Configure custom logic for 3-D Secure triggers based on risk profile and regulatory mandates.
  • Simplify the reconciliation process by centralising disparate settlement reports from various provider sources.
Route Ecommerce businesses traffic with confidence.

Talk to an acquiring specialist about your MID setup.

Apply now

Common questions.

What causes the majority of ecommerce transaction declines and how are they categorised?

Declines are generally split into hard and soft categories. Hard declines occur due to permanent issues like insufficient funds, a closed account, or a reported lost card.

Soft declines are often temporary, resulting from technical timeouts, suspected fraud by the issuer's risk engine, or SCA failures.

Performance can be improved by analysing decline codes and implementing automated retries for soft declines, or by updating stored credentials through an account updater service to correct expired details before the next billing cycle occurs.

How does 3-D Secure 2.0 impact checkout conversion in ecommerce environments?

3-D Secure 2. 0 was designed to support the SCA requirements of PSD2 while improving the customer experience compared to the original version.

It allows for a 'frictionless flow' where the issuer can authenticate the user using passive data points, such as device IDs or transaction history, without a manual password entry.

While it introduces a step in the checkout, it often leads to higher authorisation rates as it shifts the liability for fraud-related chargebacks from the merchant to the issuer.

Why should an ecommerce business prefer Interchange Plus Plus pricing over blended rates?

Blended pricing offers a flat fee regardless of the card type or region, which simplifies accounting but often obscures the true cost of processing. IC++ separates the interchange fee set by the schemes, the scheme fee itself, and the acquirer's margin.

This is advantageous for ecommerce businesses because it allows them to benefit from lower interchange rates on domestic debit cards or regulated transactions, rather than paying a premium margin hidden within a high flat rate.

What are the benefits of using a payment orchestration layer for online retail?

A payment orchestration layer sits above the individual gateways and acquirers, providing a single API to manage multiple endpoints. This facilitates smart routing, where transactions are sent to the acquirer most likely to approve them at the lowest cost.

It also provides redundancy; if one provider experiences an outage, traffic can be diverted immediately to another. This setup also simplifies entry into new markets by allowing merchants to toggle on local payment methods without complex new integrations.

How can merchants manage the risk of friendly fraud in digital transactions?

Friendly fraud occurs when a customer disputes a legitimate purchase with their issuer. Merchants can mitigate this by providing clear soft descriptors on card statements, sending immediate digital receipts, and using delivery tracking tools.

In the event of a dispute, having comprehensive transaction logs and proof of delivery enables the merchant to engage in the representment process. Using 3-D Secure also provides a liability shift for many transactions, protecting the merchant if a cardholder denies making the purchase.

How do network tokens differ from standard gateway tokens for ecommerce?

Standard gateway tokens are proprietary to a specific provider and are primarily used for PCI-DSS scope reduction. Network tokens are issued by the card schemes (Visa, Mastercard) and remain valid even if the underlying card is reissued or the merchant changes gateways.

Network tokens often carry a higher level of trust with issuers, leading to improved authorisation rates, and they are automatically updated by the schemes when card details change, reducing the need for manual customer updates.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now
Apply now