The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
What is a payment gateway?
Payment gateways play a major role in the e-commerce industry. It is the online equivalent of a POS (Point of Sale) terminal that you would use if you were in a physical shop. A payment gateway acts as the middleman between a buyer and seller, responsible for keeping a financial transaction secure. Used by online merchants and card machines to process payments securely where a customer effectively ‘hands over’ their sensitive card information, any online, PayPal, credit card or debit card transaction must be conducted via a payment gateway.
How do they work?
When making a payment online or via a card machine, the payment gateway that is being used by the merchant, or seller, goes through the main steps in making a payment via a gateway.
Step 1 – the buyer places their order via their computer, mobile, payment processor (i.e. the Swipe machine) or another device using their preferred payment format, i.e. credit/debit card or PayPal.
Step 2 – the seller, or merchant, transfers the order data via a secure connection to the payment gateway, which then routes the transaction to the buyer’s issuing bank/finance house requesting that the transaction is authenticated.
Step 3 – the buyer’s bank, credit card company or finance house then approves, or declines, the transaction based on whether there are available funds. When approved, the transaction is transferred back to the payment gateway for processing.
Step 4 – the payment gateway records and stores the transaction details, and sends a message to the buyer that the sale has been approved, as well as a copy of the approval to the seller and the buyer.
Step 5 – the bank, credit card company or finance house settles the transaction with payment gateway, who then sends the money to the seller.
This transaction takes no more than a few seconds but as simple as it sounds on the surface, there are lots of security protocols going on behind the scenes. With payments being the most crucial step for the e-commerce industry to succeed, the use of cyber security is vital. Payment gateways will often handle all the necessary security measures through the means of encryption and tokenisation.
Why would you use a third-party payment gateway?
Most external payment gateways take a fee with every purchase; however, while this may seem a drawback for a merchant’s business model, the long-term benefits exceed the negative impacts. Third-party payment gateway companies design their gateways as the main focus of their company, thus investing large amounts of time and money into making them as efficient and secure as they can. Payment gateways also protect businesses from online fraud. Most provide multi-factor authentication features enabling merchants to confirm a customer is who they say they are when they make an online purchase. Similarly, with a third-party gateway, the merchant never stores or handles the customer’s data themselves, thereby minimising any potential security risks and the possible impact of a data breach.
Who are the top gateways and what should you look for?
PCI-DSS compliance – the first thing to look for when deciding on a payment gateway provider is a company that is PCI-DSS compliant to a high level. The PCI-DSS (Payment Card Industry Data Security Standard) provides a set of guidelines for organisations that handle card payments and transactions. The safest level of compliance is the PCI-DSS Level 1.
Reliability – since the payment gateway is going to be responsible for processing your online sales, reliability should be at the face of your shop. If the payment gateway is down, it is just as bad as having a ‘closed’ sign on shop door. A good uptime ensures a good reputation for the merchant, and creates customers who will be sure to return.
Implementation – implementing a third-party gateway with your existing site can be a little difficult, particularly if you’re not a seasoned online ecommerce store. Some payment gateway companies will provide a helpline when integrating a new payment system with an online store, but be prepared that some companies don’t offer this facility. Similarly, if the merchant uses a CMS such as WordPress, security checks will have to be carried out to ensure that there aren’t any plugins that may clash with each other and produce any potential security vulnerabilities. If a merchant is looking for a seamless experience, some providers offer the ability to embed their gateway into the site itself, whereas the majority of common payment gateways require the customer to be redirected to the third-party’s website to complete the payment.
Payment Options – different payment gateways allow customers to use different payment methods, i.e. using PayPal to credit and debit cards. The options change from gateway to gateway provider and it is well worth taking the time to decide which payment methods to offer, and choose a gateway that will offer the methods you want to use. For example, a part of a merchant’s business model may be to allow the redemption of gift codes but not all gateways will offer this so, the details of the services that a gateway offers should be carefully examined.
Some of the top payment gateways used by merchants include Stripe, which charges a per transaction fee of 2.9% + $0.3. However there is no additional fee for allowing customers to use debit cards on the ecommerce website. Another top contender is PayPal’s Payment Pro, a newer payment gateway aiming for faster check out times and seamless integration. Similar to Stripe, they charge a per transaction fee but also charge $30 a month to allow customers to use their card as a payment method.
Amazon offers a payment gateway service which they claim guarantees 100% security across all transactions. Again, a per transaction fee applies. With Amazon being the largest e-commerce store, their service comes with a wide variety of tools as part of the package aimed at not only attracting new customers, but turning existing clients into repeat customers.
Conclusion
Unless conducting a financial transaction using cash, any other form of payment for goods or services, online or via a shop, uses a payment gateway that is usually provided by a third-party company. The trick is to ensure that the payment gateway provider selected delivers the features and requirements needed for your shop or online store, including ensuring the highest level of PCI-DSS compliance and security.
