Did you make an online purchase this week? Then you used a Payment Gateway without even knowing it. A Payment Gateway provides a safe method of transferring cardholder data from a website to a payment network for processing. It communicates the confirmation of sufficient funds and the transaction approval back to the website.
It’s the technical glue that connects the point of sale to the payment network and is unique to card-not-present, online payments. Now, if you’re looking to accept online payments, you may be wondering how a Payment Gateway fits into the process. After all, there are shopping carts that your customers use to input their information and Merchant Service Providers who equip you with a merchant account to accept online payments. A Payment Gateway process works silently in the background, processing and providing a response to the card-not-present payment request as the customer’s screen refreshes.
The Payment Gateway Process
In what is (ideally) a matter of seconds, Payment Gateways undertake a long list of impressive steps to authenticate and authorize your e-commerce transactions. We say this is ideally the case because a Payment Gateway process with poor user experience or too many steps can cause customers to bounce and fail to complete their purchases.
Payment Gateways accomplish their task in the following sequence:
Step 1: The customer enters the payment information and indicates the desire to complete the purchase. The cardholder data is encrypted and sent off.
Step 2: The encrypted data goes to the merchant’s Payment Processor.
Step 3: The processor sends the transaction to the appropriate Card Association, which include Visa, MasterCard, Discover and Amex. An Interchange rate is assessed for the transaction. Note that due to the higher risk of fraud for card-not-present transactions, the Interchange rate is higher for online payments.
Step 4: The transaction is approved or denied based on the presence or lack of sufficient funds.
Step 5: If sufficient funds are present, the transaction is authorized. The customer’s issuing bank transmits the authorization back to the payment processing network, the Card Association and finally the merchant. The Payment Gateway provides confirmation to the e-commerce site or shopping cart.
Step 6: Although steps one through five take a matter of seconds, the transaction will often sit as pending for 24 to 48 hours before the funds are withdrawn from the customer’s credit card and deposited in the merchant account.
As with any provider of a service, no two Payment Gateways are entirely alike. From price to simplicity and security, the following are considerations you should weigh when selecting a Payment Gateway for your business’s e-commerce.
Pricing and Fees
If you already accept credit cards at your business, the idea of paying a fee for a transaction service is not surprising. The best Payment Gateways don’t charge a gateway fee simply to use their services, but such fees are indeed common, so it's best to ask about these fees up front when you're comparing your options.
Using a Payment Gateway process that’s an extension of another payment service (i.e., a combined all-in-one Merchant Service Provider and Payment Gateway) is the best way to avoid a gateway fee. Typically, these businesses are already making money on your account, negating their need to charge a fee to cover the cost of their services.
As stated before, a Payment Gateway fits into an ecosystem of providers. By merging your Merchant Service Provider with your Payment Gateway, you can reduce the number of bills you receive, slash some fees and have a better understanding of your effective processing rate. When it comes to shopping carts, your Payment Gateway must integrate with whichever solution you select. Luckily, there are numerous shopping carts that are quick to set up, along with dozens of gateway options. Some flexible and easy-to-use shopping carts include ONTRAPORT, 3dcart, Ecwid and CS-Cart.
Card-present transactions are far simpler. The best way to streamline your e-commerce transactions is by opting for an all-in-one service and selecting an integrated shopping cart that’s simple to use and covers your needs.
Any business or organization that processes, stores or transmits cardholder data falls within PCI scope. Protecting your cardholder data is imperative to your business’s success, as a breach will cost you repeat customers and future business.
These PCI considerations apply to all providers who assist with your credit card transactions, so vet your Payment Gateway provider, Merchant Service Provider and online shopping carts for their PCI readiness. The security standards to maintain PCI compliance change every year, so a provider that was PCI Level 1 before may now no longer be as secure. Look for providers with a continued track record of PCI Level 1 compliance. This will help you feel secure in selecting it as your provider, as it's shown a consistent commitment to meeting the highest security requirements established by the card brands.
Do you accept online payments? What do you like or dislike about your current Payment Gateway? What questions do you have? We’d love to hear from you!
Editor's Note: This post was originally published in November 2018 and has been updated for comprehensiveness and accuracy.