The payment gateway is one of the key parts of the process of online payments, since it captures and transmits customers’ sensitive data. When a client makes a purchase on a merchant’s website, the payment takes him about three seconds. During such a short period of time, a payment gateway does a great deal of work to allow the safe passage of the transaction. This article explains what a payment gateway is, how it works, gateway integration methods, and their pros and cons.
Payment gateway: an overview
According to the definition, its technology is used by a payment service provider (PSP) in order to process online payments. Simply put, a payment gateway is a mechanism that collects a client’s sensitive information, checks to see whether the money is available, and ensures that a merchant gets paid.
The gateway acts as a link between a merchant’s website and an acquirer, needed to facilitate payments between clients and merchants. In online transactions, a payment gateway is an equivalent of a Point of Sale (POS) terminal or a card reader which is used in card-present transactions.
One of its main functions also is to protect the customer’s sensitive data. When the customer provides his data, the gateway encrypts it, and sends it to the acquirer and back in the encrypted form. Encryption transforms data into another form, or code, to provide access only to the people who have the authority to read it.
How does a payment gateway work?
We have figured out the concept of a payment gateway, so let’s figure out how it works. To better understand the payment gateway’s operating principle, we will take a look at the online transaction processing as a whole.
- The payment gateway starts its work when a client purchases a product or service at a merchant’s website. After confirming his desire to make a purchase, the client gets to the payment page. It is located on the merchant’s website, or on the third-party website, depending on the payment gateway integration method.
- The client puts his payment information, which is sensitive data, on the payment page. The data is instantly sent to the payment gateway afterward. The gateway receives the sensitive data from the client, and encrypts it to protect sensitive information. Also, the gateway checks the transaction for fraud via anti-fraud filters, then transmits it securely to the acquiring bank.
- The acquirer sends the client’s information to the card network (Visa, Mastercard), which has its own anti-fraud systems, afterward the data goes from the card network to the issuing bank, which applies the systems of fraud prevention as well. After that, the issuer authorizes the transaction, and decides whether to approve it or not.
- The approval or declination goes back to the card network, and later to the acquirer. The acquirer transfers it to the gateway, which in turn sends it to the merchant. In the case of transaction approval, the issuer sends the funds to the acquirer, which is then deposited into the merchant account.
Gateway integration methods
Now that you know how the payment gateway works, there is one more challenge – to choose the method of integration. When choosing a payment gateway for your e-commerce, there are several alternatives to consider. A difference between the methods of integration lies in the way sensitive information is stored and transmitted. The choice of the most suitable integration method for a company will depend on its needs.
- Hosted Gateway
A hosted payment page is located outside the merchant’s website. You should have noticed this type of gateway integration when, at the time of purchasing a product or a service, you were redirected from a website page to a payment page. The main feature of this type of payment gateway is that the client’s sensitive data is processed on the outside payment page without passing directly through the merchant’s website. The advantage is that the merchant does not need to worry about PCI data security standards compliance, because he is not responsible, due to the security of the transaction. However, the disadvantage is that the customer may lose his confidence in the merchant’s trustworthiness the moment he is redirected to another website, and as a result, does not complete the purchase.
- Server Integration
Unlike hosted gateway, the server integration method (SIM) initiates a transaction directly on the merchant website. Due to that, the process takes less time, and the сlient’s trust is not undermined by redirection to third-party websites. At the same time, the processing of transactions falls to the payment gateway servers, because they are directly integrated with the merchant servers. One of the main benefits of SIM is that you can make the payment page customizable according to the style of your brand. On the other hand, SIM requires a guarantee of the security of customer data, PCI DSS compliance, and SSL certification.
- Direct Post
This method also hosts payments on the merchant’s website. The difference is that the customer’s sensitive data goes to the payment gateway right after he makes a purchase, not being stored on the merchant’s website. Since the merchant does not have the client’s sensitive information stored, he should not obtain a PCI DSS certificate. The downside of Direct Post is that the security of such information transmission is likely to be compromised.
- Advanced Integration
The advanced integration method (AIM) is needed for those merchants who want to fully manage the online transaction experience of their clients. With AIM, the customer makes payment directly on the merchant’s website, and transactions are sent to the payment gateway by end-to-end SSL connection, which is why the SSL certificate is needed. This option is more suitable for a large-scale business, however, full control over payments also comes with a great responsibility to protect buyers’ data security.
The payment gateway is one of the main components of the payment process. Its function is to gather and transfer the data between the client, the merchant, the acquiring and issuing banks, and the card networks. There are four main types of gateway integration depending on which payment page is located on the merchant’s website or outside of it. It is crucial to choose the payment gateway according to the needs of your business, because the security and the speed of transactions depends on the gateway.