Accepting Card Payments in Your App: Bottlenecks of Mobile Commerce and How to Avoid Them

Accepting Card Payments in Your App: Bottlenecks of Mobile Commerce and How to Avoid Them

Umbrella IT

The year 2021 will witness 2.14 billion persons making digital purchases as reported by Statista.

The mobile sales within Shopify, the popular e-commerce platform, on Black Friday Cyber Monday 2017 made up 64% of the total sales and that is 10% more than in the previous year.

The users are eager to install and use mobile apps as they are offered any possibility (all-in-one experience) to act here and now irrespective of the place and time.

The variants to pay for goods and services through the mobile device are numerous. The post runs on the most popular one: online cards payment and about bottlenecks of the m-commerce and the ways to avoid them.

Card Payment Process

In practice, the card payment process presents a complex chain that includes several participants.


Card payment process by the example of Mastercard.

The Internet user visits your mobile resource, selects the goods wanted, adds them to the cart and enters data required to complete delivery and payment. The time span between these operations and payment confirmation is several seconds.

But these are major efforts that lie behind the apparent easiness. Before the payment is safely delivered to the merchant’s account the magic will happen and it will be performed by quite ordinary persons and institutions.

The starting point in the chain is the bank that issues a debit or credit card to the user, namely the issuing bank.

To be able to accept payments from users you as the merchant need a merchant account, where your acquiring bank will transfer funds to, obtained as a result of selling goods/services in your app.

The merchant account differs from the ordinary bank account as it is used to accept funds paid by customers with credit or debit cards for the goods or services purchased through the Internet.

The card data entered by the holder in your app get first into the payment gateway (Stripe, PayPal Payment Pro, 2CheckOut, Bambora).

The payment gateway is an online analog of the physical terminal in your app. This is a unit responsible for safe collection and transfer of the sensitive data of the buyers from the online shop to the processor.

The payment processor (First Data, TSYS, WorldPay) receives the data and based on the card number defines the card system where the card belongs to and transfers the transaction data into the network of the system Visa, MasterCard, American Express, Discover).

This is where the main work starts. The network interacts with the issuing and acquiring banks to obtain all required verifications and perform the transfer of funds.

How to Avoid M-Commerce Bottlenecks

The key risks that may embitter the life of the mobile business owners are (as in the Internet-free trade) the risk to get cheated or the risk to lose the buyer when he changes the mind to make purchases due to the reasons of his own. The mobile commerce differs through its own specific nature but also has three pillars to lean on:  safety, user-friendliness and reliable payment gateway as an intermediary to transfer the transaction information from the user to the processor and further along the payment processing chain.

Problem: How to Escape the Heap of Abandoned Carts

As long as every element of the vehicle works smoothly, the application functions and you get profit. But there can be a cloud in the perfect sky. As mobile payments grow more popular, the competition increases and the users become more demanding. In case of any difficulties, doubts or failures, the potential buyers interrupt the purchase procedure and leave in search of more convenient and safe option.

According to statistics the percentage of the abandoned carts in mobile apps is 85.65%.

This means of 100 potential buyers who have already chosen the goods in your shop, 85 persons for some reason interrupt the shopping process. Your profit will result from the rest 15 users only. The amount that passes by your budget if you do not take any appropriate measures is easy to be calculated.

Solution: to Improve UX

To reduce the number of users who refused shopping one shall first find out the reasons behind it.

Many users simply look through the goods or compare prices on the Internet and in such case their decision depends on the correspondence of the goods/services to their requirements and needs.

There are also objective reasons for the users to refuse shopping having chosen the goods and added them to the cart. One of these reasons referred to by the users is a not user-friendly and too long procedure for completing and paying the order.

According to research by Baymard Institute, large-scale companies may increase conversion by 35% due to improved checkout form UX.


Above is the example of the confirmation page where the key activity button is visually identified (Confirm & Pay). Prior to confirming the payment, the user can check all the information required and edit it, if necessary. The single order stages are visually separated. This is simple, clear, easy-to-understand.

Problem: How to Escape Getting Cheated

The fraud victims are two parties: purchasers and merchants.

The first group runs the risk to lose money and not to receive the purchased goods/service.

35% of the purchasers are ready to decide against making the purchase if the site or the app does not include any logos or symbols confirming that the resource guarantees protection.

In this case, the purchaser mostly receives compensation, while the merchant risks both to lose the goods and to be obliged to pay the compensation.

According to research the average percent of the expenses related to fraud in mobile and e-commerce within the total gains has grown up to 1,8% as compared to 1,5% in 2017. This year the sales are expected to make $2,4 trillion and this means the losses related to fraud will reach $43,2 billion.

It should be noted that 60% of the confirmed fraud transactions are performed through mobile devices.

To the payment of the compensation in cases of dispute and fraud the liability to the international card systems are added (Visa, Mastercard), depending on the card types you work with. Each system defines the acceptable rate of the chargebacks and fraud cases. If the threshold is exceeded, a monitoring program starts that may provide for monthly penalties and additional fees.

Every dollar spent by a mobile shop in relation to fraudulent orders costs the shop on an average additionally $3,34.

Solution: to Apply Proven Methods and Means of Protection

PCI compliance

The merchants and processing service providers working with the international card systems fall within the scope of the Payment Card Industry Data Security Standard (PCI DSS) and are obliged to comply with.

Over 80% of users feel more protected if they see credible card logos in online shops.

Here you may check the level and status of the service provider prior to making the choice:

The responsibility for complying with the PCI requirements rests with both the processing system and the owner of the mobile app that accepts the payments. This means if you see the purchasers’ card data in your app, stores them or have access to them, you are in charge of their security as well.

To lighten a load of the responsibility for apps and websites Stripe offers the following:

  • to collect the card information using Checkout, Stripe.js library and Elements or SDK mobile libraries. The data will be safely transferred directly to Stripe, bypassing your servers;
  • to use Transport Layer Security (TLS);
  • to undergo annual review and PCI compliance verification of your accounts.

As a simple solution for the issue of ensuring compliance with PCI requirements Braintree, PayPal division, suggests using the ready-made Drop-in UI for checkout or the variant that can be customized — Custom UI with Hosted Fields.


Tokenization is an alternative method to reduce the amount of the sensitive information of the cardholders that is kept by the merchant.

The card data are replaced with the unique set of symbols, a token. The data themselves are stored by the payment system (payment gateways, Apple Pay, Google Pay), and the merchant uses the token. Even if a hacker gets access to the tokens, they cannot be used. The tokens cannot be mathematically decrypted and they are hard to be matched with card numbers especially in case there is no access to tokenization logic.

Tokenization does not exclude the necessity to comply with PCI DSS requirements but decreases the merchant’s responsibility due to the fact that the merchant keeps tokens and not the credit card numbers.


Fraud prevention

There are additional scanning and monitoring tools aimed to prevent fraudulent actions that are available for your use depending on your business nature:

  • address verification system (AVS),
  • cardholder verification method (CVM),
  • bank identification number check (BIN).

3-D Secure

3-D Secure is the protected protocol used for users’ authorization during transactions without card presence. The protocol provides additional safety level and presents the second step of the authentication by means of protection codes.

Not every Internet shop and bank support the protocol, and it is not obligatory to be used. Provided the 3-D Secure technology is used during the purchase, the complete responsibility for transaction safety and for eventual chargebacks rests with the card issuer. But if the purchaser card is connected to the service and the shop does not use it, this is the merchant who bears the responsibility.


Problem: How to Avoid Mistakes in Choosing Payment Gateway

Payment gateways are the first hands to accept the users’ confidential information in the process of shopping. Being integrated into your app they shall ensure safe and easy procedure for users, as already mentioned above.

At the same time for you as for the merchant, the payment gateway shall offer the possibilities and options that are actually needed by your business. Your expenses for the payment gateway integration and usage shall not exceed those that are actually required.

In Bounce project, we used two payment gateways: Beanstream (Bambora) and Stripe. The merchant can choose which one is to be used for accepting payments.

Stripe has fitted ideally the business-processes: the user creates a merchant account by means of  Stripe and connects it to the personal Internet shop with minimum efforts. In favor of Stripe speaks also simple API and numerous possibilities offered. The payment system covers many countries and a lot of currencies.

WIth Beanstream it was more complicated to implement the business processes than with Stripe, and the currencies offered were fewer (at the time of development: EUR, CAD, USD). But tBeanstream was still chosen because of its advantageous rates in Canada - the key target area of the app.


One of the Stripe advantages is the possibility to choose between using your already existing account and creating a new one.

Solution: to Consider Key Factors

What countries and currencies are covered with the payment gateway

Check in what countries the payment gateway can be used and whether it supports the currencies of your potential purchasers. Take into account any restrictions that may turn to be significant exactly in the case with your business and its further development.

For example, supports the merchant account in the USA, UK, Europe, Canada or Australia, and in every country, it works with definite processors.

Stripe covers 25 countries and supports 135+ currencies, that allow issuing bills to your clients in their national currency while you get funds in your currency. But there are some restrictions:

  • Some items on the list are not supported for American Express: AFN, AOA, ARS, BOB, BRL, CLP, COP, CRC, CVE, CZK, DJF, FKP, and 17 more currencies.
  • Only the USA dollars are used for JCB, Discover and Diners Club.
  • Some payment methods (for example, those supported with Source) are available for the specific currencies only.

Even if you are not an absolute fan of cryptocurrencies, it is difficult to deny that sometimes the option to pay with it becomes an additional advantage. In case you plan to accept cryptocurrencies, check whether it is possible in the payment gateway chosen.

In 2014 Stripe was the first major processing company that introduced bitcoin support. But in January 2018 they declared exclusion bitcoins of the available payment options. They highlighted that Stripe is optimistic about the future of cryptocurrencies in general and will continue to follow the development of the ecosystem and to search for the opportunities to offer their clients support for cryptocurrencies and new distributed protocols.

If you are aimed at cryptocurrencies only, consider special providers (for example, BitPay).

What payment methods can be offered to your users

Bear in mind that the purchasers will be more active in using your app if they are free to choose and not limited with credit cards only. Whether the payment gateway ensures the users the choice between credit and debit cards of the key issuers (Visa, MasterCard, American Express, Discover), Apple Pay, Google Pay, PayPal, etc.

Whether the payment gateway supports recurring payments

The payment system can save the user’s card data and use them for regularly repeating payments after the first authorization of the cardholder. The user will not have to enter the data every time, and the merchant may plan the revenues based on the stable inflow and save the time: both for itself and for the purchaser.

The function is supported by most providers and you should choose the payment gateway taking into account whether you will be able to change terms and timelines of such payments, what is the available number of package plans and whether the system allows adjusting them based on the terms you apply to accept the recurring payments.

Stripe offers not only to purchase the solution for billing, but also an option that allows creating own customized logic and pricing model using API modules.

What commission fees and agreement terms are offered by the provider

Compare price plans and pricing transparency. Estimate your projected sales turnover and choose the optimal price plan from the point of view of your business and budget capacity.  You pay the provider for the services provided but there is no need to pay the services you do not use.

Study the terms of the service agreement: what is the way the customer support is organized, whether the early agreement termination is provided for, what is the method for dispute settlement. Some questions may not arise from the very beginning, but they are better to be cleared out prior to making your final choice.

Take the time and find the reviews of those who have already used one or another payment gateway. Pay attention to the most frequent complaints and the provider’s feedback, whether the merchants are satisfied with the support provided by the provider.

Whether simple integrations with the external systems are available

The existing integrations with other systems help improve your business processes and save time and efforts.

Stripe partners include Databox platform. The service allows collecting KPI you need and view the analytic data from any device.

Nexudus, a coworking platform, offers easy integration with a number of the processing service providers including Stripe, PayPal, This makes it easier to automate the payment processes within your working space.

Which tools and documents are offered by the provider

In case having considered all the above factors you are still doubtful of the final choice, turn attention to technical issues.

The complete and detailed documents will reduce development time. SDK and libraries available in the required language will also draw nearer the happy moment of the successful integration completion.

As experience confirms, working with Stripe products does not cause any difficulties. Developers are offered simple and easy solutions, detailed documents, simple API, libraries for various programming languages and mobile platforms: Ruby, Python, PHP, Java, Node, Go, .NET, iOS and  Android. The time and efforts saved by the developers may be focused on design or other tasks.

The approach indicates Stripe concept: payments are the issues related to code, not to the financial aspect of the matter.

How the card data of your customers will be transferred in case you decide to change the services provider

For whatever reason in future, you may take a decision to change the service provider and to take your customers’ data with you. To avoid any dependency on the provider in such a situation and make sure that the possibility to port the data according to PCI requirements is available, clear out the key points beforehand:

  • what is required of you to obtain the sensitive data processed or stored by the provider;
  • in what way the data will be transferred, how long it takes and what is the way to ensure their security;
  • whether any fees are charged for the data transfer;
  • whether it is possible to transfer the data directly from one provider to another.

Key Points in Brief

On a final note, we will speak once more on the key critical issues of the mobile commerce and on the advantages gained by the business owner having given them proper consideration.

Checkout page UX — increase in conversion rates due to making the procedure more user-friendly.

Safety — increasing users’ trust and conversion rates, correspondingly  + reducing risks and responsibility of the merchant.

Proper choice of payment gateway — specific possibilities for your product:

  • supporting various currencies/countries and payment methods — covering more potential clients + development possibilities
  • supporting recurring payments — saving the time of the purchaser and the merchant + possibility of revenue forecasting
  • terms of using the payment gateway and fees — excluding spare costs + planning expenses
  • external integrations — automation of current business processes + development possibilities
  • development documents and tools — saving time and resources for development
  • data portability — saved client base + safe data transfer, if required

Message us

Whatsapp logo