A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.
A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank.
The definition of a payment gateway is the technology that captures and transfers payment data from the customer to the acquirer and then transfers the payment acceptance or decline back to the customer. A payment gateway validates the customer’s card details securely, ensures the funds are available and eventually enables merchants to get paid. It acts as an interface between a merchant’s website and its acquirer. It encrypts sensitive credit card details, ensuring that information is passed securely from the customer to the acquiring bank, via the merchant.
In other words, the payment gateway works as the middleman between your customer and the merchant, ensuring the transaction is carried out securely and promptly. An online payment gateway can simplify how merchants integrate the necessary software. As the middleman during the payment processing, the gateway manages the customer’s sensitive card details between the acquirer and the merchant.
Why do we need a payment gateway?
You may be thinking, why do you need a payment gateway if it’s only a middleman? Before we answer this question, we’ll take a step back and highlight that online payment is processed as a card-not-present transaction. The customer’s card cannot be physically swiped on a POS terminal, as you would normally do if you processed the payment in a brick-and-mortar shop. Therefore, you can only rely on the card information that the customer is entering on the payment page. But, how can you be sure that the card the customer is using is their card? In card-not-present transactions, the fraud risk is significantly higher, and this is where a payment gateway does its magic.
What would happen if you take the payment gateway out of the online payment flow? Fraudsters would have easier access to card data you process, exposing your business to fraud and chargebacks. On top of that, fraudsters would also find additional ways to initiate illegitimate transactions, leaving you even more exposed to fraud and damaging your brand reputation.
A payment gateway is the gatekeeper of your customer’s payment data. For online merchants, a payment gateway relays the information from you, the merchant, to the acquirer and the issuing bank using data encryption to keep unwanted threats away from the sensitive card data. Aside from fraud management, a payment gateway also protects merchants from expired cards, insufficient funds, closed accounts or exceeding credit limits.
Now that you’ve understood why merchants need a payment gateway, let’s take a step further and analyse how a payment gateway works throughout the payment journey.
(i) The customer chooses the product or service they want to purchase and proceeds to the payment page. Most payment gateways offer you different options for your payment page. emerchantpay’s payment gateway offers you the below options for your payment page tailor-made for your business needs:
- Hosted payment page: A hosted payment page is an out-of-the-box payment page where customers are redirected when they are ready to checkout. The payment gateway securely receives the transaction data before it passes it to the acquirer. A hosted payment page reduces the PCI burden for online merchants if you don’t collect and/ or store the cardholder data on your server.
- Server-to-server integration: A server to server integration is also known as a direct integration as it enables communication between two servers; the merchant’s server with the payment gateway’s server. By requesting the card details on the payment page, a direct transaction can be initiated. Customers can finalise a card payment without being redirected to the payment page of the payment gateway, resulting in faster checkout, more consistent user experience and more control over the look and feel of the payment page from the merchant’s perspective. A server-to-server integration is suitable if you collect and/ or store the payment data before sending them to the payment gateway for processing.
- Client-side encryption: Client-side encryption, also known as encryption-at-source refers to encrypting sensitive on the client-side device before sending it to the merchant’s server. This enables the merchant to simplify your PCI compliance requirements. In a nutshell, it enables you to accept payments on your website while encrypting card data in your browser, using the payment gateway’s encryption library.
(ii) The customer enters their credit or debit card details on the payment page. These details include the cardholder’s name, card expiration date and CVV number (Card Verification Value). This information is securely passed onto your payment gateway, based on your integration (hosted payment page, server-to-server integration or client-side encryption).
(iii) The payment gateway tokenises or encrypts the card details and performs fraud checks before they send the card data to the acquiring bank.
(iv) The acquiring bank sends securely the information to the card schemes (Visa, Mastercard).
(v) The card schemes perform another layer of fraud check and then send the payment data to the issuing bank.
(vi) The issuing bank, after performing fraud screening, authorises the transaction. The approved or declined payment message is transferred back from the card schemes, then to the acquirer.
(vii) The acquiring bank sends the approval or decline message back to the payment gateway who then transmits the message to the merchant. If the payment is approved, the acquirer collects the payment amount from the issuing bank and holds the fund into your merchant account (more on that later on).
(viii) deposits the funds into the merchant’s account, a process which is known as the settlement; when the actual settlement will occur, depends on the agreement the merchant has with their payment gateway.
(ix) Based on the message, the merchant may either display a payment confirmation page or ask the customer to provide another payment method.