A payment gateway is a service used by e-commerce websites which processes and authorizes online payments made by debit or credit cards. While the fully detailed operational transaction process may seem quite specific, in essence, basic principles are equivalent to those at play when using point-of-sale terminals in a retail store. Some, but not all developers of this indispensable companion to a merchant account now propose full-stack payment services, eliminating the need to get an account at the bank to handle these operations.
Components of a payment gateway
In principle, an online payment gateway is very similar to physicial, in-store credit card processing equipment.
1) Virtual terminal
While in-store card processing equipment has a physical terminal in the shape of a PDQ terminal, with a keypad to enter the PIN and LCD display to show instructions, online gateways are programmed to display a virtual terminal on the shopper’s screen, where he or she can key in the credit or debit card PIN.
2) Shopping cart connection.
The gateway is connected to the virtual shopping cart in the same fashion as a PDQ is connected to an electronic till and inventory, so as to allow instant processing from the merchant’s website.
Transaction process using a payment gateway
As the name clearly indicates, a gateway makes the connection between the buyer’s data and the seller’s data. Understanding the payment process leads to a better understanding of why gateways providers were originally meant to be external protagonists of online purchases, not related to the acquiring bank or credit card network.
1) From the e-commerce website to the gateway
• The customer makes an order on an e-commerce by proceeding to online checkout
• Submitted credit card information is encrypted by the web browser to travel either to the merchant's webserver, then to the gateway, or directly to the gateway (the two options correspond to different levels of PCI-DSS security
2) From the geteway to the card association, issuing bank, acquiring bank... and back to the website
• The gateway connects with the merchant’s acquiring bank to push the transaction information there, but also,
• sends the information to the card network or association like MasterCard or Visa.
• authorizations are received by the gateway and ultimately the acquiring bank, from the issuing bank,
• authorization is then forwarded to the merchant’s website.
And all this only lasts less than five seconds!
It clearly appears that the payment gateway acts as an intermediary, bearing a big part of the security burden, preserving the merchant’s, customer and acquiring bank from direct interception attempts or compromising behaviours.
Both a gateway and a merchant account are needed to handle credit card payments. While some of the payment gateway providers have decided to stick to their core business, others have ventured to also provide merchant account services, thereby eliminating the need for the business customer to resort to a bank himself for the account.
1) Pure players
There are many gateway providers, but major ones include:
2) Full stack payment providers
More and more providers however now also offer merchant account services, but in fact, often through partnerships with high-street banks:
• First Data...