Hosted payment pages: What businesses need to know

Payments
Payments

Accept payments online, in person, and around the world with a payments solution built for any business – from scaling startups to global enterprises.

Learn more 
  1. Introduction
  2. What is a hosted payment page?
  3. How does a hosted payment page work?
  4. What is PCI DSS compliance?
  5. Hosted-payment-page benefits
  6. Alternatives to hosted payment pages

When planning your online checkout experience, convenience is key, both for you and for your customers. Hosted payment pages are worth considering for your business – whether you primarily deal with one-off payments or subscriptions – due to their efficiency, security and ability to create simple transaction experiences for your customers.

Creating a comprehensive plan to accept payments from customers is a big undertaking. But a strategic approach to payments and payment processing is as important as your product development, marketing and customer service strategies. Evaluating options such as hosted payment pages is necessary for a well-planned payments ecosystem.

If you're considering hosted payment pages for your business, here's what you need to know.

What's in this article?

  • What is a hosted payment page?
  • How does a hosted payment page work?
  • What is PCI DSS compliance?
  • Hosted-payment-page benefits
  • Alternatives to hosted payment pages

What is a hosted payment page?

A hosted payment page is a web page, hosted by a third party, that provides secure checkout capabilities for business websites. It allows businesses that accept online payments to avoid building, and then managing their own payment gateways on their websites.

Hosted payment pages can accept a variety of payment methods, including:

  • Credit cards
  • Debit cards
  • Digital wallets (Apple Pay, Google Pay, Amazon Pay etc)
  • Bank accounts via ACH payments

Most hosted payment pages can be customised to accept store-issued gift cards, discount codes and rewards points.

Hosted payment pages are also known as "external checkouts", "third-party checkouts", "hosted payment gateways", "external payment pages" and "checkout pages".

How does a hosted payment page work?

Hosted payment pages take care of electronic transactions from beginning to end, including:

  • Accepting payment information from the cardholder
  • Gathering details for card authorisation, such as the card number, expiry date, CVV code and the cardholders postcode
  • Sending payment information to the business's payment processor, who will then send it to the card issuer for authorisation
  • Confirming shipping details, such as shipping address and shipping priority level (standard ground delivery, two-day delivery, overnight delivery etc)
  • Returning card authorisation or refusal
  • Providing customers with confirmation codes or order numbers
  • Initiating an email receipt for the customer, if applicable

Here's how the customer checkout experience looks when using a hosted payment page:

  1. On the business's website, the customer adds items to their virtual basket and clicks the checkout button.
  2. The customer is redirected to the checkout page, which is hosted by an external service.
  3. The customer inputs payment information, shipping details and any other necessary information.
  4. Once the customer's card has been authorised, the customer is notified that the transaction has been completed and they are routed back to the business's website.

Increasingly, online businesses have access to different options for hosted payment pages – such as Stripe Checkout – that allow them to control how the pages look and match the visual branding of the rest of their site. You can customise colours, fonts, shapes and other visual branding settings, and you can use your own domain. The end goal is for the payment page to fit seamlessly into your website.

What is PCI DSS compliance?

"PCI DSS compliance" is a term that frequently appears in the payments industry. While PCI DSS compliance is complex, it's important to understand, especially in the context of accepting payments and building payment pages. "PCI DSS" stands for "Payment Card Industry Data Security Standard". PCI is an organisation that runs the PCI Security Standards Council, which was formed in 2006 by Visa, American Express, Discover, JCB International and Mastercard to create a shared set of standards for keeping card payments secure.

For a business to remain in compliance with PCI DSS, it must meet certain requirements. These requirements are grouped into levels, depending on the volume of transactions the business handles each year:

  • Level 1: Businesses that process more than 6 million card transactions per year
  • Level 2: Businesses that process more than 1 million transactions, and up to 6 million transactions per year
  • Level 3: Businesses that process 20,000 to 1 million transactions per year
  • Level 4: Businesses that process fewer than 20,000 transactions per year

The full list of PCI requirements is long and regularly updated. It mandates that payment hosts do everything possible to safeguard cardholder data, including:

  • Maintaining a firewall to protect cardholder data
  • Encrypting the transmission of card data
  • Limiting who has access to stored data
  • Protecting all systems against malware and keeping antivirus software up to date

Here's a link to the most recent PCI DSS.

These rigorous standards are a big reason why so many online businesses prefer to use hosted payment pages. Maintaining PCI DSS compliance is a heavy lift, but it's very important. For most businesses, it's simpler to choose a hosted payment page and avoid worrying about keeping a homegrown payments system compliant.

Hosted-payment-page benefits

If you do choose to use a hosted payment page, it will come with substantial benefits, including:

  • Expertly engineered and designed pages
    One of the main reasons businesses use hosted payment pages is a better checkout experience. For most small businesses, it isn't financially possible to hire a team with the size, scope and calibre of Stripe's engineering and design teams. When you use a hosted payment page such as Stripe Checkout, you acquire a world-class team with one important job: making sure everything on your payments page looks amazing and works great.

  • Security
    Security is a major concern for businesses and customers that use online transactions. Hosted payment pages with Stripe Checkout use machine learning to weed out potential fraudulent actors, while upholding customer-data-protection standards. Checkout also gives you options to customise the level of security on your payment pages, such as adding authentication measures on high-risk payments.

  • Minimal friction for a better customer experience
    Stripe Checkout offers your customers an easy checkout process that allows them to reuse their information if they've made a purchase with you in the past, while flagging errors and omissions in real time. Features that facilitate a smooth experience include:

    • Address autocomplete
    • One-click payment using Link
    • Real-time card validation
    • Descriptive error messages
    • Third-party autofill
    • Card-brand identification
    • Payment method reuse
    • Adjustable quantities
  • Increased conversion and more sales
    What does a simple customer checkout experience mean? Better conversion rates. According to Baymard Institute, 68% of people who visit an e-commerce website abandon their baskets, and 17% of those abandoned baskets are the result of an overly long or complicated checkout process. If you run a business online, you already know that having an easy, enjoyable on-site experience – especially at the important moment when someone is making a purchase – is make or break for sales.

  • Global scalability
    Stripe's hosted payment pages are available in over 30 languages and 130 currencies. No matter what stage your business is in or where you currently operate, hosted payment pages equip you with what you need to expand into new markets without changing up your online payment process.

  • Universal device compatibility
    Hosted payment pages are designed to work with every device your customers use to shop. Stripe Checkout has an intuitive, responsive checkout page for smartphones, tablets and desktop computers. In addition to working fluidly across devices, Stripe's hosted payment pages easily accept leading digital wallets such as Apple Pay and Google Pay.

Alternatives to hosted payment pages

If your business accepts online payments, you need a payment gateway. The alternative to using hosted payment pages is building a payment gateway directly into your website. In this scenario, your customers will enter their payment information and complete transactions right on your website, without being redirected to an external payment page.

When you use your own payment gateway, you're responsible for not only building the checkout page but also maintaining it. If you choose this route, you'll need to find the right developer, engineer and design resources to create the page, update it and keep it functioning.

Like with any other website component, you might experience problems with your payment page from time to time. But unlike problems with less important parts of your website, issues with your payment page could stop your sales altogether. The stakes are high.

The beauty of hosted payment pages is how they neutralise this pressure. With a hosted payment solution such as Stripe Checkout, the entire checkout process is created and maintained in a secure environment, saving businesses the significant cost and time of building and managing their own payment gateways. The high degree of customisation available with a Stripe Checkout–hosted payment page makes it the best of both worlds.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accurateness, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent attorney or accountant licensed to practice in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.