Hosted payment pages: What businesses need to know



  1. 导言
  2. What is a hosted payment page?
  3. How does a hosted payment page work?
  4. What is PCI DSS compliance?
  5. Hosted-payment-page benefits
  6. Alternatives to hosted payment pages

When planning your online checkout experience, convenience is key, both for you and for your customers. Hosted payment pages are worth considering for your business—whether you primarily deal with one-time payments or subscriptions—due to their efficiency, security, and ability to create simple transaction experiences for your customers.

Creating a comprehensive plan to accept payments from customers is a big undertaking. But a strategic approach to payments and payment processing is as important as your product-development, marketing, and customer-service strategies. Evaluating options like hosted payment pages is necessary for a well-planned payments ecosystem.

If you’re considering hosted payment pages for your business, here’s what you need to know.

What’s in this article?

  • What is a hosted payment page?
  • How does a hosted payment page work?
  • What is PCI DSS compliance?
  • Hosted-payment-page benefits
  • Alternatives to hosted payment pages

What is a hosted payment page?

A hosted payment page is a web page, hosted by a third party, that provides secure checkout capabilities for business websites. It allows businesses that accept online payments to avoid building—and then managing—their own payment gateways on their websites.

Hosted payment pages can accept a variety of payment methods, including:

  • Credit cards
  • Debit cards
  • Digital wallets (Apple Pay, Google Pay, Amazon Pay, etc.)
  • Bank accounts via ACH payments

Most hosted payment pages can be customized to accept store-issued gift cards, discount codes, and rewards points.

Hosted payment pages are also known as “external checkouts,” “third-party checkouts,” “hosted payment gateways,” “external payment pages,” and “checkout pages.”

How does a hosted payment page work?

Hosted payment pages take care of electronic transactions from beginning to end, including:

  • Accepting payment information from the cardholder
  • Gathering details for card authorization, like the card number, expiration date, CVV code, and the cardholder’s ZIP code
  • Sending payment information to the business’s payment processor, who will then send it to the card issuer for authorization
  • Confirming shipping details, like shipping address and shipping priority level (standard ground delivery, two-day delivery, overnight delivery, etc.)
  • Returning card authorization or refusal
  • Providing customers with confirmation codes or order numbers
  • Initiating an email receipt for the customer, if applicable

Here’s how the customer checkout experience looks when using a hosted payment page:

  1. On the business’s website, the customer adds items to their virtual cart and clicks the checkout button.
  2. The customer is redirected to the checkout page, which is hosted by an external service.
  3. The customer inputs payment information, shipping details, and any other necessary information.
  4. After the customer’s card is authorized, the customer is notified that the transaction has been completed and they are routed back to the business’s website.

Increasingly, online businesses have access to different options for hosted payment pages—like Stripe Checkout—that allow them to control how the pages look and match the visual branding of the rest of their site. You can customize colors, fonts, shapes, and other visual-branding settings—and you can use your own domain. The end goal is for the payment page to fit seamlessly into your website.

What is PCI DSS compliance?

“PCI DSS compliance” is a term that frequently appears in the payments industry. While PCI DSS compliance is complex, it’s important to understand—especially in the context of accepting payments and building payment pages. “PCI DSS” stands for “Payment Card Industry Data Security Standard.” PCI is an organization that runs the PCI Security Standards Council, which was formed in 2006 by Visa, American Express, Discover, JCB International, and Mastercard to create a shared set of standards for keeping card payments secure.

For a business to remain in compliance with PCI DSS, it must meet certain requirements. These requirements are grouped into levels, depending on the volume of transactions the business handles each year:

  • Level 1: Businesses that process more than 6 million card transactions per year
  • Level 2: Businesses that process more than 1 million transactions, up to 6 million transactions per year
  • Level 3: Businesses that process 20,000 to 1 million transactions per year
  • Level 4: Businesses that process fewer than 20,000 transactions per year

The full list of PCI requirements is long and regularly updated. It mandates that payment hosts do everything possible to safeguard cardholder data, including:

  • Maintaining a firewall to protect cardholder data
  • Encrypting the transmission of card data
  • Limiting who has access to stored data
  • Protecting all systems against malware and keeping antivirus software up-to-date

Here’s a link to the most recent PCI DSS.

These rigorous standards are a big reason why so many online businesses prefer to use hosted payment pages. Maintaining PCI DSS compliance is a heavy lift, but it’s very important. For most businesses, it’s simpler to choose a hosted payment page and avoid worrying about keeping a homegrown payments system compliant.

Hosted-payment-page benefits

If you do choose to use a hosted payment page, it will come with substantial benefits, including:

  • Expertly engineered and designed pages
    One of the main reasons businesses use hosted payment pages is a better checkout experience. For most small businesses, it isn’t financially possible to hire a team with the size, scope, and caliber of Stripe’s engineering and design teams. When you use a hosted payment page like Stripe Checkout, you acquire a world-class team with one important job: making sure everything on your payments page looks amazing and works great.

  • Security
    Security is a major concern for businesses and customers that use online transactions. Hosted payment pages with Stripe Checkout use machine learning to weed out potential fraudulent actors, while upholding customer-data-protection standards. Checkout also gives you options to customize the level of security on your payment pages, such as adding authentication measures on high-risk payments.

  • Minimal friction for a better customer experience
    Stripe Checkout offers your customers an easy checkout process that allows them to reuse their information if they’ve made a purchase with you in the past—while flagging errors and omissions in real time. Features that facilitate a smooth experience include:

    • Address autocomplete
    • One-click payment using Link
    • Real-time card validation
    • Descriptive error messages
    • Third-party autofill
    • Card-brand identification
    • Payment method reuse
    • Adjustable quantities
  • Increased conversion and more sales
    What does a simple customer checkout experience mean? Better conversion rates. According to Baymard Institute, 68% of people who visit an ecommerce website abandon their carts, and 17% of those abandoned carts are the result of an overly long or complicated checkout process. If you run a business online, you already know that having an easy, enjoyable on-site experience—especially at the important moment when someone is making a purchase—is make-or-break for sales.

  • Global scalability
    Stripe’s hosted payment pages are available in over 30 languages and 130 currencies. No matter what stage your business is in or where you currently operate, hosted payment pages equip you with what you need to expand into new markets without changing up your online payment process.

  • Universal device compatibility
    Hosted payment pages are designed to work with every device your customers use to shop. Stripe Checkout has an intuitive, responsive checkout page for smartphones, tablets, and desktop computers. In addition to working fluidly across devices, Stripe’s hosted payment pages easily accept leading digital wallets like Apple Pay and Google Pay.

Alternatives to hosted payment pages

If your business accepts online payments, you need a payment gateway. The alternative to using hosted payment pages is building a payment gateway directly into your website. In this scenario, your customers will enter their payment information and complete transactions right on your website, without being redirected to an external payment page.

When you use your own payment gateway, you’re responsible for not only building the checkout page but also maintaining it. If you choose this route, you’ll need to find the right developer, engineer, and design resources to create the page, update it, and keep it functioning.

Like with any other website component, you might experience problems with your payment page from time to time. But unlike problems with less important parts of your website, issues with your payment page could stop your sales altogether. The stakes are high.

The beauty of hosted payment pages is how they neutralize this pressure. With a hosted payment solution like Stripe Checkout, the entire checkout process is created and maintained in a secure environment, saving businesses the significant cost and time of building and managing their own payment gateways. The high degree of customization available with a Stripe Checkout–hosted payment page makes it the best of both worlds.