As part of our series, "Understanding the Ins and Outs of Credit Card Processing" we explain what a payment gateway is and its importance in the payment process.
The Payment Gateway sits between the Merchant and the Processor, who passes transactions to the Network (MasterCard, Visa, American Express, Discover, etc). The role of the Payment Gateway is that of a secure information conduit that complies with credit card processing security rules and regulations. Once the card information is entered, the Payment Gateway transmits the card data to the Network who then passes it on to the card’s issuing bank for authorization.
Most payment gateways accomplish this in a few seconds with these steps:
- Encryption: Between the user’s browser and the server of the retailer, a payment gateway will encrypt (encode for private use) data for exclusive use between seller and buyer.
- Request: The authorization request occurs when a payment processor gets approval from a credit card company or financial institution to proceed with the transaction.
- Fulfillment: When the payment gateway has the authorization, it allows the website and interface to proceed to the next action.
All of this happens in the blink of an eye using encryption technologies to ensure confidential cardholder information is never exposed. Payment Gateways work across all payment environments: desktop, mobile, brick and mortar, bricks and clicks and even voice recognition-enabled payment processes. White label Gateway options will even allow you to apply your graphic user interface (GUI) or page template online to create a seamlessly branded experience for Customers engaging with your company or organization.
What Do Payment Gateways Include?
In addition to their basic function of transmitting and receiving credit card transaction data via the internet, most payment gateways also come with several useful “extras.” Features you should consider in choosing a payment gateway include the following:
- Payment Information Storage: No customer wants to have to re-enter their credit card information every time they place an order. Payment information storage builds a database of customer information, so the customer can simply choose a card they’ve used before when they come back to your site. Best of all, the gateway encrypts this information and stores it separately from your website. This provides an additional layer of security and eases your PCI compliance requirements. One potential pitfall with this feature involves data portability, or rather the general lack of it. If you switch to a different gateway provider, you will often lose all your customer data and have to start over from scratch. Depending on the gateway provider, it might be possible to transfer the data to your new gateway, but this can be an expensive and time-consuming endeavor.
- Encryption: All payment gateways encrypt sensitive credit card information before they pass it along to the processing bank. It’s a bonus if the gateway also offers tokenization.
- Recurring Billing: Subscription-based pricing is more popular than ever, and a recurring billing feature can allow you to automate this process. You can also customize things like billing intervals and set up trial periods for your subscriptions.
- Virtual Terminal: As noted above, a virtual terminal is a browser-based version of the physical credit card terminal. A virtual terminal allows you to input a customer’s credit card information and process a transaction directly through your computer’s web browser via an online web form. Virtual terminals can also be set up to run on mobile devices, including smartphones and tablets. In a retail setting, you can attach a USB-connected credit card reader and take advantage of lower, swiped (or card-present) processing rates.
- PCI Compliance: Several gateways on the market today simplify PCI compliance for eCommerce merchants. Transactions are conducted on the gateway provider’s servers, instead of the server hosting your website. Because the gateway interface is integrated into your website, the customer never needs to leave your site to complete an order. With this arrangement, you don’t need to maintain a secure network to be PCI compliant (it’s still a good idea, of course).
- API Tools & Developer Information: One of the most appealing features of payment gateways is that they’re generally “plug and play,” meaning you can set them up on your website without having to do any coding. If, on the other hand, you’re a proficient software programmer (or you have access to a web developer who can do it for you), most gateway providers offer a number of APIs (application program interfaces) that will allow you to customize how the gateway functions on your website. Each gateway provider has its own unique set of APIs that you can access.
You’ll want to learn all the players in the payment process and how they work together from the moment a customer’s card has been swiped, keyed into a terminal, or entered into a web page, up to the moment the funds are transferred into your bank account. Our ebook, Understanding the Ins and Outs of Credit Card Processing explains this and more.