A payment gateway is exactly what keeps the payments ecosystem rolling smoothly, as it allows online payments for consumers and businesses. If you’re an online merchant, you don’t have to be a payment gateway expert, but it’s worth understanding the fundamentals of how a web payment flows from your customer to your bank account.
This short article explains exactly what is a payment gateway, how it works, just why an online merchant needs one and choosing which payment gateway service is right for your business.
The main element players in online payments
Before we delve deeper into the definition of a payment gateway, we have to identify the main element players in online payments. When a customer clicks on the “Pay” button on your website, they are the key players involved in the payment process:
The merchant: this is you, i.e an internet business operating in virtually any vertical (travel, retail, eCommerce, gaming, Forex, etc), supplying a service or product to customers
The client: the client, also called a cardholder, who wants to access the merchandise or services that the merchant is selling, and initiates the transaction
The issuing bank: the issuing bank is the customer’s bank that issues the cardholder’s credit or debit card with respect to the card schemes (Visa, Mastercard)
The acquirer: also called the acquiring bank, the acquirer is the lending company that maintains the merchant’s bank account (known as the merchant’s account). The acquiring bank passes the merchant’s transactions to the issuing bank to receive payment
What is a payment gateway / processor?
The definition of an payment gateway is the technology that captures and transfers payment data from the client to the acquirer and then transfers the payment acceptance or decline back to the client. A payment gateway validates the customer’s card details securely, ensures the funds can be found and eventually allows merchants to receives a commission. It acts as an interface between a merchant’s website and its own acquirer. It encrypts sensitive mastercard details, ensuring that information is passed securely from the customer to the acquiring bank, via the merchant.
Quite simply, the payment gateway works as the middleman in the middle of your customer and the merchant, ensuring the transaction is completed securely and promptly. A web payment gateway can simplify how merchants integrate the required software. As the middleman during the payment processing, the gateway manages the customer’s sensitive card details between your acquirer and the merchant.
Why do we desire a high risk payment gateways?
You may be thinking, why do you desire a payment gateway if it’s only a middleman? Before we answer this question, we’ll have a step back and highlight that online payment is processed as a card-not-present transaction. The customer’s card cannot be physically swiped over a POS terminal, as you’ll normally do if you processed the payment in a brick-and-mortar shop. Therefore, you can only rely on the card information that the client is entering on the payment page. But, how will you make certain that the card the customer is using is their card? In card-not-present transactions, the fraud risk is significantly higher, which is where a payment gateway does its magic.
What would happen invest the the payment gateway out of the online payment flow? Fraudsters could have easier usage of card data you process, exposing your business to fraud and chargebacks. In addition, fraudsters would also find additional ways to initiate illegitimate transactions, leaving you even more subjected to fraud and damaging your brand reputation.
A payment gateway is the gatekeeper of your customer’s payment data. For online merchants, a payment gateway relays the information from you, the merchant, to the acquirer and the issuing bank using data encryption to keep unwanted threats from the sensitive card data. Apart from fraud management, a payment gateway also protects merchants from expired cards, insufficient funds, closed accounts or exceeding credit limits.
How does a payment gateway work?
How payment gateway works
Now that you’ve understood why merchants desire a payment gateway, let’s have a step further and analyse what sort of payment gateway works throughout the payment journey.
The client chooses the merchandise or service they need to buy and proceeds to the payment page. Most payment gateways give you different alternatives for your payment page. emerchantpay’s payment gateway gives you the below options for your payment page tailor-made for your business needs:
Hosted payment page
A hosted payment page is an out-of-the-box payment page where customers are redirected when they will be ready to checkout. The payment gateway securely receives the transaction data before it passes it to the acquirer. A hosted payment page reduces the PCI burden for online merchants if you don’t acquire and/ or store the cardholder data on your server.
Server-to-server integration
A server to server integration is also known as a primary integration as it allows communication between two servers; the merchant’s server with the payment gateway’s server. By requesting the card information on the payment page, a direct transaction can be initiated. Customers can finalise a card payment without being redirected to the payment page of the payment gateway, resulting in faster checkout, more consistent user experience and much more control over the appearance and feel of the payment page from the merchant’s perspective. A server-to-server integration would work if you gather and/ or store the payment data before sending those to the payment gateway for processing.
Client-side encryption
Client-side encryption, also called encryption-at-source identifies encrypting sensitive on the client-side device before sending it to the merchant’s server. This permits the merchant to simplify your PCI compliance requirements. The bottom line is, it allows you to accept payments on your website while encrypting card data in your browser, using the payment gateway’s encryption library.
The client enters their credit or debit card details on the payment page. This info are the cardholder’s name, card expiration date and CVV number (Card Verification Value). These details is securely passed onto your payment gateway, based on your integration (hosted payment page, server-to-server integration or client-side encryption).
The payment gateway tokenises or encrypts the card details and performs fraud checks before they send the card data to the acquiring bank.
The acquiring bank sends securely the info to the card schemes (Visa, Mastercard).
The card schemes perform another layer of fraud check and then send the payment data to the issuing bank.
The issuing bank, after performing fraud screening, authorises the transaction. The approved or declined payment message is transferred back from the card schemes, then to the acquirer.
The acquiring bank sends the approval or decline message back again to the payment gateway who then transmits the message to the merchant. In case the payment is approved, the acquirer collects the payment amount from the issuing bank and holds the fund into your merchant account (more on that down the road).
deposits the funds in to the merchant’s account, an activity which is known as the settlement; when the actual settlement will occur, will depend on the agreement the merchant has using their payment gateway.
Predicated on the message, the merchant may either display a payment confirmation page or ask the customer to provide another payment method.