Merchant Accounts and Gateways
To accept credit card payments, an organization has to have a "merchant account". This is the kind of account that any retailer has that enables them to take credit card payments. Merchant accounts are issued by banks and by many independent companies as well. The merchant account allows funds to be transferred by the credit card processors from the credit card system to your bank account. That is, you need the merchant account to receive funds from the credit card system. If you take cards on-line, you need a special kind of merchant account called a "card not present" or "mail order phone order" account. These are handled differently than accounts that have a swiping terminal, because the risks are different.
In addition to the merchant account, you will generally need a "gateway processor". The gateway processor actually receives a transaction from you, gets authorization from the customer's bank, and then "settles" the transaction, charging the customers credit card account and crediting your merchant account. In some cases, banks will provide the merchant account and also handle the gateway processing, but usually third parties are involved. There are just a few large gateway processors. Examples include authorize.net, firstdata, and bankcard services.
Most major shopping cart packages can interface to any of the major gateways.
Of course, everyone gets their cut of the transaction, so there are fees involved.
A discount -- a percentage of each transaction that is retained by the processor. This ranges from less than 3% to more than 8%, depending on a variety of things, including other fees, volume, and type of card (Amex costs a lot more than Visa, which is why many merchants won't take it.) Usually, you get credited for the full amount of each transaction, and the discount fees are deducted directly from your bank account at the end of the month.
So having a regular merchant account can be costly. But it does offer some advantages.
There's a tight audit trail. Funds from the customer's card are immediately reported to you and deposited in your account the next day.
The customer sees your name on his credit card statement, not some third party that he's never heard of.
You can take credit cards at events or over the phone, and enter them yourself using the gateway's "virtual terminal".
You can issue credits if necessary
You can set up automatic periodic transactions
You can take any cards you want, if you're prepared to pay the discount. You can even set it up to take over-the-phone "checks".
A Word About Security
When you run an on-line credit card transaction, you never see or have access to the customer's credit card number. You will only see the last 4 digits. The transaction data goes from the web page on the donor's computer via an encrypted datapath to the credit card gateway processor. The DPO secure web site will be an intermediary if you're using that, but everything is always encrypted and nothing is stored along the way. It is not even stored at the gateway processor. The customer's card number is not stored anywhere except at the issuing bank.
If you elect to keep track of donor's credit card information so you can re-run cards (for monthly donors, for example) then you MUST keep that information secure. It must be encrypted on any computer that it is saved on, especially if it's a Windows computer, as they are easily invaded by worms and other mal-ware. The best thing to do is just not have the data at all. The second best is to keep it on a removable disk, so it is not connected to the computer at all except when needed.
Avoiding A Merchant Account
There are several ways to take credit cards that do NOT require you to get a merchant account.
One is PayPal (http://www.paypal.com ) Pro: Easy to set up; no setup or minimum; moderate costs. Paypal is bank, so has some powers and regulatory constraints that go with that . (That's good.) Con: Bad reputation; tends to spam people; can't control extra data collection like employer and occupation or event, you have to manually move the money from their account to yours. Really only good for collecting the total amount; you almost need a front end system to capture and manage other information.
Another is clickandpledge.com. (http://www.clickandpledge.com) Pro: easy to set up; no setup or minimum; cost is a % of transactions, so predicable. Designed for political and non-profits, lets you set different "products" and prices; handles recurring donations; also handles merchandise orders. Con: not a direct deposit. Clickandpledge is a much better solution than Paypal.
The latest and best choice is ActBlue, a PAC that has been set up for the sole purpose of collecting on-line contribution for Democratic candidates and committees. Pro: Strictly Dems; easy setup; no merchant account reqd. Cons: not direct deposit. They have already created pages for every Oregon county. See ActBlue page.