Last Updated: 03-11-2026      

Merchant Services Requirements for E-Commerce Sites

For E-Commerce or an Online Store-Front you need two separate components:

Merchant Account - A special bank account that holds card payments before they settle into your business bank account.

Payment Gateway - The secure technology that transmits card data from your website to the processor.

Here's is an explanation of everything an ecommerce store needs to accept payments using a traditional merchant account plus payment gateway.

1. Merchant Account

A merchant account is a specialized bank account that temporarily holds funds from credit and debit card transactions. It is required when not using a PSP. The merchant account provider deposits funds into your business bank account after settlement.

Key requirements:

  • Business verification (EIN, business license, etc.)
  • Bank account for payouts
  • Underwriting approval
  • Fee structure (interchange, assessments, markup)
2. Payment Gateway

The payment gateway securely transmits cardholder data from your website to the processor. It handles encryption, tokenization, and communication with the merchant account.

Examples: Authorize.net, NMI, CyberSource, eProcessing Network.

Gateway features:

  • API for custom checkout
  • Hosted payment fields
  • Tokenization for secure storage
  • Recurring billing support
3. Processor (If Not Included with Merchant Account)

The processor communicates with card networks (Visa, Mastercard, etc.) to authorize and settle transactions. Some merchant accounts include processing; others require a separate processor.

4. SSL Certificate

An SSL certificate encrypts all data transmitted between the customer and your website. It is mandatory for secure checkout and PCI compliance.

5. PCI Compliance

PCI DSS (Payment Card Industry Data Security Standard) ensures secure handling of card data. When using a gateway, your store must meet PCI requirements appropriate to your integration type.

Common compliance tasks:

  • Annual SAQ (Self-Assessment Questionnaire)
  • Quarterly vulnerability scans
  • Secure server configuration
  • Restricted access to card data
6. Checkout Integration

Your ecommerce site must integrate with the payment gateway. Options include:

  • Hosted Payment Page customer is redirected to gateway checkout
  • Hosted Payment Fields gateway handles card fields inside your page
  • Direct API Integration full control, highest PCI burden

The integration determines your PCI scope and user experience.

7. Fraud Prevention Tools

Fraud tools reduce chargebacks and unauthorized transactions. Gateways typically offer:

  • AVS (Address Verification System)
  • CVV verification
  • 3D Secure (Visa Secure, Mastercard Identity Check)
  • Velocity filters
  • IP risk scoring
8. Order Management System

This system tracks orders, payment status, fulfillment, refunds, and customer communication. It may be built into your ecommerce platform or added through plugins or custom development.

9. Legal and Compliance Policies

Your store must display clear policies to meet merchant account and card network requirements:

  • Privacy Policy
  • Terms of Service
  • Refund and Return Policy
  • Shipping Policy (if applicable)
  • Contact information
10. Business Bank Account

Your merchant account provider deposits settled funds into your business bank account. You must provide routing and account numbers during setup.

11. Optional Enhancements
  • Recurring billing or subscription management
  • Digital wallet support (Apple Pay, Google Pay via gateway)
  • Multi-currency support
  • Advanced fraud modules
  • Customer vault/tokenized card storage