Protecting Your Customers & Vendors
Data Security & Validation Practices
All of that to say, these are important considerations when you're looking at the different payment providers because some of them have capabilities built-in and some of them do not. You will want to address that early on as they typically are looking for security validation, PCIDSS compliance (payment card industry data security standard), and for the payment provider to not pass secure information over the wire that isn't SSL and Chrome 58. Nowadays, you're wanting to make sure that the information is tokenized and validated while not being stored within your application.
When it comes to the many nightmare scenarios of credit card information insecurity, we’ve come across a number of more troubling cases. In example, we were brought into a project where this information had been stored in different folder applications which were plain text files. So, if you can imagine the database were compromised somehow or the application was breached, then that database with plain text credit card information could be used to utilize those credit cards.
These are things that you want to consider when you're evaluating a marketplace platform:
- How to the store that data?
- How do they prevent it from getting into the wrong hands?
- Are there multiple levels of security instead of just a single layer?
The list goes on when it comes to data security, but these are the first few questions you will be needing to answer when making a final decision on a solution.
Now when it comes to multiple payment providers, as you can imagine, you have to be able to deal with all of these considerations that we just mentioned, but now for multiple different payment providers. Will the platform you select be able to handle that? Make sure that they have a valid configuration for their different requirements that your platform is architected so it can handle the needs of your sellers.
A lot of marketplace implementations that we've done in the past have incorporated the need for a different payment provider by location per seller. Some sellers will have different locations to each require a different payment provider and those might be the same provider themselves but with different pretenses.