Replacing legacy payment systems can be a challenge, but procrastinating can result in significant problems like a failure to comply with security protocols, poor customer service, and lost opportunities.
Choosing a payment system is strategic. Receiving payment for goods and services provided is the lifeblood of a business, and finding an efficient way to perform this business operation is critical. Migrating to a new system must be done safely, quickly, and effectively.
This is a challenge, because these systems integrate with POS and CRM systems and handle lots of data. It is also cross-functional within the business, with Sales, Customer Service, Product, Marketing, and even Development teams pulling data for use in their work. Migrating your legacy payment system without breaking something is vital.
This article lays out what you need to know about how to replace legacy payment systems efficiently.
Table of Contents
- Strategy to replace legacy payment systems
- Integration with other systems
- Integration with a modern payment gateway
- Data migration
- Compliance
Strategy to replace legacy payment systems
Compliance
Compliance with a variety of payment regulations is required. You should prepare your environments to meet all applicable requirements in any jurisdiction where you will be accepting payments. The most common of these is the payment card industry compliance (PCI), which provides the standard that a business must put in place to protect credit card data that cardholders provide while safely using it to process transactions.
In addition, there is the Payment Services Directives 2 (PSD2) to consider. This is legislation that requires anyone providing payment services to create a good customer authentication process and regulate third-party involvement. Strong customer authentication (SCA) puts into place additional security for electronic payments.
Also important is the General Data Protection Regulation (GDPR), which regulates the personal data you collect and keeps any organization that collects or uses data accountable to protecting the privacy and security of the provider.
Integration with a modern payment gateway & processor
Payment gateways and processors must be integrated with your system. An up-to-date payment gateway can result in lost customers and income: The average abandonment rate for digital shopping carts is a whopping 65.23%, which can have a significant effect on your bottom line.
There are a number of reasons why shoppers may abandon their carts, but a number of them directly result from poor integration between the website and the payment gateway: there’s an 11% abandonment due to a complex checkout process, 11% because a website is too slow, and 7% because there aren’t enough payment options.
Integration with other systems
Payment systems need to integrate extremely well with almost everything in business operations. They affect customer relation management, point of sale, other websites, and much more. Because you want payment systems to be readily available and accessible throughout digital and physical storefronts, integration needs to be seamless.
Data migration
Data may move through a lot of different storage formats as it proceeds through your payment system. It’s absolutely essential that data not lose meaning or become unavailable as it is translated through different forms.
Integration with other systems
Customer relation management requires integrated payment services. The more payment options that can be used, the better the company will serve the customer. Payments including debit and credit cards and digital wallet options like PayPal, WebMoney, etc. should be accepted. It’s important to think about where customers will be located as well. Some payment options are accepted in some areas but not others.
Payment gateways are important for accepting payments and communicating with a bank, but they can also be very useful for expanding potential markets to smaller nations where credit cards aren’t as common.
By integrating a payment system into a website, you not only can accept typical payment options like credit cards, but you may be able to take less common forms of payment like automated clearing house transactions and cryptocurrency.
Integration with a modern payment gateway
Payment gateways can transmit payment data for transactions to the payment processor at both online and brick-and-mortar stores.
Hosted payment gateways bring your customers away from the website to do this. They are easy to integrate and often affordable, but they can be a red flag for customers who may not want to use an off-site payment system. They also mean you lose control of the payment process, and they can cause customers to be distracted.
Integrated payment gateways enable customers to stay on your website throughout the process. Since they work on your server, you take on a lot more responsibility for security and compliance. However, you maintain full contro and customers never have to navigate off of your site.
When deciding on an integrated or hosted payment gateway, keep the following parameters in mind to help you make the right decision for your business:
- Pricing
- Transaction limits
- Account options
- Supported payment methods
Data migration
Payments generate a large amount of data that must be accurately collected, effectively shared with many different internal and external entities, and secured against loss and theft.
Here are some of the kinds of data that need to be moved onto your new payment system:
- Merchant settings enable you to accept payments directly from credit, debit, or charge cards and include a lot of information about your company.
- Tokens allow you to store credit card information from customers so they can make recurring payments. Tokens are encrypted files that can move with the client’s information when you move to different payment processors.
- Recurring payment schedules typically include payment data like credit card information as well as subscription information about the customer.
- Transactional activity are records of transactions that customers have made at your business
Migration methods
Migration is generally accomplished through API or by transferring data in the format of your existing gateway to your new gateway. Ideally, you will maintain control over each individual account, as opposed to a mass-migration from one platform to another, in case there is a problem.
API is an application programming interface that allows different applications to communicate with one another and move data from one system to another. SFTP, or secure file transfer protocol, uses shell encryption to offer excellent security to transfer files. You may already have good systems in place to migrate data by viewing your existing gateways to export documentation.
When using tokens, remember that because your current payment processor has these, there may be a lag between when you want the data and when it is available. For the same reason, you may need to convert the data into a new token with a new processor, something that requires additional time and security/compliance considerations. It can also occur that tokens cannot be migrated directly into a new token at all, in which case you will need to create a strategy to accomplish this.
Things to consider
Transactional data needs to be stored in case there are disputes. You’ll need to migrate at least the last 180 days of transaction data into the new system.
Security keys are essential for data protection and enabling access to other applications and devices. When they expire a warning will display on the website, which can hurt customer trust, so it’s important to make sure that you keep track of when security keys will expire when you migrate information onto a new payment system.
Proprietary message protocols are required for communication with external systems and will require permission from current and new suppliers to continue to be used on the new system.
Compliance
PCI Compliance is a global standard for the protection of payment data. Compliance with this standard is essential for you to process payments legally. PSD2 requires strong customer authentication (SCA) to process payments in Europe whenever customers perform payment behaviors like accessing an account online or initiating a payment over a certain amount. EU General Data Protection Regulation (GDPR) must be complied with or you will risk significant fines, so it’s extremely important to be compliant when you move to a new payment system.
Make sure to keep accurate records and make them available to the relevant teams in the case of a PCI audit. Keeping track of new processes and procedures when you create them over the course of the migration process will not only save you a huge hassle in the future, but also allow you to analyze everything for compliance right from the moment your new system goes live.