coral connects commerce communities
checkouts  ·  planning & development

building payment checkouts

a checkout is where a customer's intention to pay becomes revenue, or does not. the decisions made before a single line of code is written determine whether a checkout converts. this is the planning framework that prevents the most expensive mistakes.

6 minute read CoralCommerce team checkout & integration
definition

A payment checkout is the sequence of user interface steps and payment processing events that occur between a customer's decision to purchase and the completion of a payment transaction. Checkout design determines conversion rate, compliance exposure, and customer experience across every market a business operates in.

plan first
user journeys before code
the most expensive checkout mistakes are made before development starts, in market selection, payment type decisions and regulatory assumptions
local first
payment type by market
brazil favours pix, africa favours mobile money, europe requires psd2 sca, the uk has some of the strictest distance selling rules, one checkout design does not fit all markets
hosted vs headless
the compliance fork
hosted checkouts qualify for pci dss level 1 compliance automatically, headless checkouts require the merchant to maintain their own compliance scope
54 regulators
Africa alone
each african country has its own payment regulator, building a checkout for africa means building for as many regulatory environments as countries you target

start with the market, not the payment method

The most common checkout planning mistake is starting with payment method selection, deciding which cards, wallets or local methods to support, before understanding the market those methods will serve. Market analysis should precede payment type decisions, because the market determines the payment types, the payment types determine the checkout flows, and the checkout flows determine the compliance requirements.

For each target market, three questions need answers before checkout planning can begin: Who are the customers, what is their demographic, device usage, and digital payment maturity? What payment types are dominant in this market for digital commerce? And what regulatory requirements govern how payments are accepted, disclosed and processed in this jurisdiction?

demographics determine payment type

Customer demographics are not just a marketing consideration, they are a payment infrastructure decision. In Brazil, Pix instant bank transfer now dominates both physical and digital commerce. In most African markets, mobile money is the primary digital payment type for the largest consumer demographic. In South Africa, the outlier on the continent, card payments remain dominant. In Europe, PSD2 has created a mature open banking ecosystem alongside card dominance.

A checkout that does not offer the payment type a customer expects to use will not convert, regardless of how well everything else is designed. Payment type selection should be driven by what the target customer actually uses in their market, not by what is easiest to integrate.

coralcommerce checkout coverage

coralcommerce makes two sets of hosted checkout templates available to clients for customisation, a comprehensive library covering every standard step in a payment checkout including card tokenisation, card store and wallet steps, 3dssec verification, order confirmation, payment option selection, and email notifications. templates are fully editable html/css/js and hosted in our secure azure environment.

understanding country and regulatory requirements

Payment regulation varies not just by country but by payment type. Mobile money across most of Africa is regulated separately from card payments, always settles in local currency only, and is subject to its own licensing regime distinct from banking regulation. Card payments in Europe require PSD2 Strong Customer Authentication compliance for online transactions above certain thresholds. The UK applies some of the strictest distance selling and consumer protection regulations to digital commerce in any major market.

For payment facilitators accepting payments on behalf of merchants, the regulatory threshold is higher still, most markets require the facilitator itself to be licensed or to operate through a licensed local partner. South Africa requires a locally registered licensed partner. Nigeria tightly controls its licensed payment operator ecosystem. Understanding these requirements before committing to a market is not optional, it is the difference between a compliant operation and an illegal one.

hosted vs headless: the compliance decision

One of the most consequential checkout architecture decisions is whether to use a hosted checkout, where the payment pages are served by the payment provider, or a headless integration where the merchant controls the entire user interface.

Hosted checkouts place the sensitive payment steps (card data capture, SCA challenges, 3DS flows) within the payment provider's secure environment. This means the merchant's PCI DSS compliance scope is significantly reduced, in most cases to a self-assessment questionnaire rather than a full annual audit. CoralCommerce hosted checkouts automatically qualify for PCI DSS Level 1 compliance.

Headless integrations give the merchant full control over the customer interface, but any step that captures cardholder data within the merchant's own environment places that environment in scope for a full PCI DSS audit. For merchants with the engineering capacity and compliance infrastructure to manage this, headless offers maximum design flexibility. For most merchants, hosted is the commercially rational choice.

building user journeys before building code

Each payment type produces a distinct user journey, different steps, different outcomes, different terminology and different potential error states. A card payment flow, a mobile money flow, and a bank transfer flow through the same checkout are three separate sequences of events. Planning these journeys on paper, or in a design tool, before writing code surfaces complexity that would otherwise emerge as bugs during testing.

Between order confirmation and payment completion, every step should be communicated clearly to the customer. If a hosted checkout redirects the customer to a third-party environment, prepare them for that transition rather than allowing an unexpected change of visual context to create doubt. Overcommunication at each checkout step costs nothing and recovers meaningful conversion.

frequently asked

questions about payment checkout design

What is the most common payment checkout planning mistake?

Starting with payment method selection before understanding the target market. The market determines the dominant payment types, the payment types determine the checkout flows, and the flows determine the compliance requirements. Market analysis should precede all other planning decisions.

What is the difference between a hosted and headless payment checkout?

In a hosted checkout, payment pages are served by the payment provider, automatically qualifying for PCI DSS Level 1 compliance and keeping cardholder data outside the merchant environment. In a headless checkout, the merchant controls the full interface but takes responsibility for PCI DSS compliance for any steps where cardholder data is captured.

Why does payment type vary so much by market?

Consumer payment preferences are shaped by the infrastructure available in each market. Brazil's Pix rail, Africa's mobile money networks, and Europe's open banking ecosystem each reflect different financial infrastructure histories. A checkout must offer what customers in a specific market actually use.

Does PSD2 SCA apply to all European online payments?

PSD2 Strong Customer Authentication applies to online card transactions in the EEA and UK above certain thresholds, with some exemptions for low-value, low-risk and recurring merchant-initiated transactions. CoralCommerce European connectors are built for PSD2 SCA compliance including 3DS v2.2 frictionless and challenge flows.

How does CoralCommerce support checkout implementation?

CoralCommerce provides a hosted checkout template library covering all standard payment steps, fully editable and hosted in Azure. For headless integrations, CoralCommerce provides a full API with documentation and directly embedded technical support. New payment types are added as channels without requiring checkout code changes.

How many user journeys does a typical payment checkout contain?

A checkout serving multiple payment types contains a distinct user journey for each type, card, mobile money, bank transfer and wallet flows each have different steps, outcomes and error states. Each journey should be planned and documented before development begins.