Did you make an online purchase this week? Then you used a Payment Gateway without even knowing it. A Payment Gateway provides a safe method of transferring cardholder data from a website to a payment network for processing. It communicates the confirmation of sufficient funds and the transaction approval back to the website.
It’s the technical glue that connects the point of sale to the payment network and is unique to card-not-present, online payments. Now, if you’re looking to accept online payments, you may be wondering how a Payment Gateway fits into the process. After all, there are shopping carts that your customers use to input their information and Merchant Service Providers who equip you with a merchant account to accept online payments. A Payment Gateway process works silently in the background, processing and providing a response to the card-not-present payment request as the customer’s screen refreshes.
The Payment Gateway Process
In what is (ideally) a matter of seconds, Payment Gateways undertake a long list of impressive steps to authenticate and authorize your e-commerce transactions. We say this is ideally the case because a gateway with poor user experience or too many steps can cause customers to bounce and fail to complete their purchases.
Payment Gateways accomplish their task in the following sequence:
Step 1: The customer enters the payment information and indicates the desire to complete the purchase. The cardholder data is encrypted and sent off.
Step 2: The encrypted data goes to the merchant’s Payment Processor.
Step 3: The processor sends the transaction to the appropriate Card Association, which include Visa, MasterCard, Discover and Amex. An Interchange rate is assessed for the transaction. Note that due to the higher risk of fraud for card-not-present transactions, the Interchange rate is higher for online payments.
Step 4: The transaction is approved or denied based on the presence or lack of sufficient funds.
Step 5: If sufficient funds are present, the transaction is authorized. The customer’s issuing bank transmits the authorization back to the payment processing network, the Card Association and finally the merchant. The Payment Gateway provides confirmation to the e-commerce site or shopping cart.
Step 6: Although steps one through five take a matter of seconds, the transaction will often sit as pending for 24 to 48 hours before the funds are withdrawn from the customer’s credit card and deposited in the merchant account.
As with any provider of a service, no two Payment Gateways are entirely alike. From price to simplicity and security, the following are considerations you should make when selecting a Payment Gateway for your business’s e-commerce.
Pricing and Fees
If you have already been accepting credit cards at your business for some time, the idea of paying a fee for a transaction service is no surprise. The best Payment Gateways don’t charge a gateway fee simply to use their services, but such fees are indeed common, so it would be prudent to ask about such fees up front as you compare your options.
Your best chance of avoiding these recurring fees is by using a gateway that’s an extension of another payment service (i.e., a combined all-in-one Merchant Service Provider and Payment Gateway). Typically, these businesses are already making money on your account, negating their need to charge a fee to cover the cost of their services.
As stated before, a Payment Gateway fits into an ecosystem of providers. By merging your Merchant Service Provider with your gateway, you can reduce the number of bills you receive, slash some fees and have a better understanding of your effective processing rate. When it comes to shopping carts, your gateway must integrate with whichever solution you select. Luckily, there are numerous intuitive shopping carts that offer a quick setup for your business, along with dozens of gateway options. Some flexible and easy-to-use shopping carts include ONTRAPORT, 3dcart, Ecwid and CS-Cart.
Card-present transactions are far simpler. The best way to streamline your e-commerce transactions is by opting for an all-in-one service and selecting an integrated shopping cart that’s simple to use and covers your needs.
Any business or organization that processes, stores or transmits cardholder data falls under PCI scope. Protecting your cardholder data is imperative to your business’s success, as a breach will cost you repeat customers and future business.
These PCI considerations apply to all providers who assist with your credit card transactions, so vet your Payment Gateway provider, Merchant Service Provider and online shopping carts for their PCI readiness. The security standards to maintain PCI compliance change every year, so a provider who was PCI Level 1 before may now no longer be as secure as necessary. Look for providers with a continued track record of PCI Level 1 compliance. This will help you feel secure in selecting them as your provider, as they’ve shown a consistent commitment to meeting the highest security requirements established by the card brands.
Do you accept online payments? What do you like or dislike about your current gateway provider? What questions do you have? We’d love to hear from you!
Editor's Note: This post was originally published in November 2018 and has been updated for comprehensiveness and accuracy.