Every ecommerce merchant needs an online payment gateway. Still, this essential piece of technology is the unsung hero of the online payment world. A lot of merchants don’t even know they’re using one; they assume that their merchant account does all of the payment processing for them. But the gateway is its own entity, and it’s important to understand how it works.
Online Payment Gateways – An Overview
An online payment gateway is an encrypted, internet-based channel through which credit card data is transmitted. It works like a point-of-sale terminal or metaphorical cash register, but for online transactions. There are different types of payment gateways, including those used by traditional credit card terminals, point-of-sale systems, and ecommerce businesses.
Not all payment processors use the internet to transmit data. A payment gateway may rely on a phone line or even a private encrypted network. Online payment gateways are typically reserved for e-businesses, ecommerce stores, payment aggregators (like PayPal, Stripe, and Amazon Pay) and web-based point-of-sale systems. Because the transaction is taking place via the internet, the online payment gateway must be web-enabled.
The online payment gateway is the intermediary between the merchant, the customer, the issuing bank, and the acquiring bank. Credit and debit card payments are:
- Initiated by the customer
- Submitted by the customer’s bank (the issuing bank)
- Sent through the payment gateway
- Approved by the acquiring bank (usually your merchant provider)
Once approved, the funds are available to you, the merchant.
To break it down on more of a micro level, the customer first enters their credit or debit card details on your payment page. They’ll typically need to provide their card number, expiration date, and CVV (Card Verification Value) number unless they’re using an alternative payment method.
The issuing bank then approves this charge, allowing it to be submitted securely through the payment gateway via your hosted payment page, server-to-server encryption, or whatever type of integration you have set up.
The payment request then reaches the acquiring bank and is immediately accepted or declined. If it’s accepted, the funds are stored in your merchant account. You can then transfer them to your business bank account at any time (this is known as settlement, a process which usually takes 1 to 2 days). When the payment is processed, the status is sent as a response back through the payment gateway, notifying the customer about whether the online transaction has been accepted or declined.
How Does an Online Payment Gateway Work?
An online payment gateway works like any traditional payment gateway but relies on web-based technologies to secure transactions. Because billions of people have access to the internet, online transactions are uniquely vulnerable to third-party interception. That’s why online payment gateways have specialised safeguards in place.
- Online payment gateways use SSL (Secure Sockets Layer) certificates to establish encrypted links between issuing and acquiring banks.
- Online payment gateways use tokenisation technologies to convert sensitive financial data into a random string of characters, thus rendering the information useless to any malicious third parties who breach the gateway.
- Online payment gateways use fraud detection tools to identify potentially fraudulent transactions. The merchant can often customise their settings to approve or decline transactions based on specific red flags (such as country of origin, the customer’s chargeback history, etc…).
- When a payment is received by the acquiring bank, the bank will submit the data to the credit card association (Visa, Mastercard, American Express, etc…) which then performs its own fraud test before the transaction is ultimately approved or declined.
These safeguards aren’t just there to keep the customer happy. They are strictly required as conditions of PCI compliance.
Online Payment Gateway vs Payment Processor
Although the payment gateway serves a precise, singular purpose, the terms “online payment gateway” and “online payment processor” are commonly confused and conflated.
The payment processor is the acquiring bank that approves the funds and interfaces with the credit card companies. The payment processor also stores all of the funds earned from your transactions and ensures that they’re available to you when you need them.
The payment gateway, on the other hand, is simply the secured channel through which the funds travel to reach your payment processor. Think of an imaginary line between the issuing bank and the payment processor. That’s the payment gateway.
Essential Qualities in an Online Payment Gateway
When seeking a payment gateway, look for the following qualities:
- PCI compliance. First and foremost, a gateway must be PCI-compliant. This means that the payment gateway provider adheres to all 12 security protocols set by the PCI Security Standards Council.
- Enhanced fraud scrubbing capabilities. Every gateway has some type of fraud detection capabilities in place. But you want a gateway that goes the extra mile, assessing card information in real time against a massive database of fraudulent credit card activity and identifying a wide range of potential issues like historical fraud activity, excessive chargebacks, and potentially stolen credit card information.
- Scalability. Some payment gateway services are designed with small businesses in mind. Others can accommodate massive mega-corporations. If you operate a large business, you need to know that your payment gateway service can handle it. If you run a smaller business, you need to know that the provider is equipped to accommodate you and can scale up as your business grows.
- Access to other merchant services. Many merchant providers will offer a payment gateway along with their main credit card processing services. This kind of all-in-one solution may result in a more affordable, streamlined experience.
Unicorn Payment offers all of these services and more. Our global payment gateway can process nearly 200 unique forms of currency, and it even includes a virtual terminal, free integration assistance, and much more.
Do I Still Need to Worry About PCI Compliance if I Have a Secure Payment Gateway?
Even if your payment gateway is PCI compliant, you still need to ensure that all other aspects of your website and payment experience adhere to PCI standards. For example, you’ll need to maintain the appropriate firewalls and antivirus software and also limit the number of employees who have access to customer payment data.
Having a PCI-compliant payment gateway is an excellent first step, but it only secures the actual transmission of payment data. It doesn’t render your website invulnerable to attacks or protect your customers’ stored information.
Can You Accept Credit Card Payments Without an Online Payment Gateway?
It is impossible to transmit credit card data online without some type of payment gateway between the two financial institutions. So a better question is: Can you accept credit card payments with a dedicated gateway? In other words, is there a way to complete these transactions without paying for a gateway service?
There are services that will let you process payments without a dedicated gateway. These are known as payment aggregators or payment facilitators. Companies like PayPal, Stripe, and Square will allow you to use their gateway and merchant ID to transact business, meaning that they serve as a sort of middleman. For example, PayPal uses the Payflow payment gateway. Payment aggregators have very high acceptance rates for new merchants, which is why they appeal to businesses that have been turned away by traditional merchants.
The problem is that you still have to pay per transaction, and you’ll actually end up paying more in the long run, especially if you deal in high-volume sales. These services are also less convenient for customers and less secure for you, and that may hurt your conversion rate. If you want to run a serious online business with a streamlined checkout experience, it’s always worth it to invest in your own dedicated payment gateway services.
How Do You Set Up an Online Payment Gateway?
Your online merchant services provider can walk you through the process of setting up your payment gateway. In some cases, a bit of coding will be required to integrate the gateway into your shopping cart via API connection. In other cases, the process may be as simple as installing a plug-in that works with your ecommerce platform.
Look for a payment service provider that offers free setup assistance. Some companies—like Unicorn Payment—will offer free integration assistance, but other companies might impose an initial setup fee. Always review the fees carefully.
Are There Any Free Online Payment Gateways?
There is no such thing as a free online payment gateway. Every credit card transaction incurs a fee, usually in the form of a markup and interchange fee. Somebody has to pay for that fee, and the burden almost always falls on the merchant.
If a company promises a free online payment gateway, read the fine print. Some of these companies are outright scams, and some will use clever but misleading language to entice you. For example, they might allow a free signup or waive the monthly service charge but still impose a per-transaction fee and charge for additional features. Other payment providers will promise you a free gateway when you sign up for merchant services, but the costs are ultimately rolled into the total price of your merchant account.
Every Online Business Needs a Payment Gateway
You might not give much thought to your payment gateway as you go about your daily business, but it performs an invaluable service without which your ecommerce store couldn’t exist.
Security, dependability, and value are all essential components in choosing the right payment gateway. So make sure to choose the right gateway for your needs and use it to its full potential alongside all of your merchant services. It may be the biggest advantage you can give your online store.