Payment gateways

Payment gateways are a secure online link between a merchant and an acquiring bank. They act like a PDQ in a shop by validating and relaying a customer’s card details securely, before collecting payment and giving it to your internet merchant account (IMA).

  • Your payment gateway must be compatible with your eCommerce shopping cart.
  • There are two types of gateway; hosted and integrated.
  • Regardless of the eCommerce platform — you must use a payment gateway.

If your website has an online shopping cart taking card payments in real-time, you need a payment gateway service in addition to an IMA. This is because the shopping cart applications are not allowed to communicate (send and receive the transaction information) to payment processors directly (for security reasons).

Payment gateways protect credit card details by encrypting sensitive information, such as account numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor.

A payment gateway service company has gone through the extensive and lengthy process of getting approved to communicate with payment processors. A payment gateway company acts as the mediator for communicating the transaction information between the shopping cart application and payment processors.

Even if you are taking payments by post, phone or fax, you still need a payment gateway.

How your payment gateway works

Your payment gateway conducts the flow of information between a payment portal (a website, mobile phone etc) and the front end processor or acquiring bank.

When customers order a product or service from a payment gateway enabled merchant, the gateway carries out a series of tasks to process the transaction.

The process works like this:

  • Customer places an order from a website or their card details are entered via a third party
  • If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's web server. This is done via SSL (Secure Socket Layer) encryption
  • Merchant forwards transaction details to their payment gateway. This is another SSL encrypted connection to the payment server hosted by the payment gateway
  • Payment gateway forwards the transaction information to the payment processor used by the merchant's acquiring bank
  • The payment processor forwards the transaction information to the card association (Visa/MasterCard etc)
  • The card association routes the transaction to the correct card issuing bank
  • The card issuing bank receives the authorisation request and does fraud and credit or debit checks and then sends a response back to the processor (via the same process as the request for authorisation) with a response code (eg approved, denied). In addition to communicating the fate of the authorisation request, the response code is used to define the reason why the transaction failed (such as insufficient funds). Meanwhile, the credit card issuer holds an authorisation associated with that merchant and consumer for the approved amount. This can impact the consumer's ability to further spend (because it reduces the line of credit available or because it puts a hold on a portion of the funds in a debit account)
  • The processor forwards the authorisation response to the payment gateway
  • The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted as a relevant response then relayed back to the merchant and cardholder. This is known as the authorisation or ‘auth’
  • The entire process typically takes 2–3 seconds
  • The merchant then fulfils the order and the above process is repeated but this time to 'clear' the authorisation by completing the transaction. Typically the 'clear' is initiated only after the merchant has fulfilled the transaction (eg shipped the order). This results in the issuing bank 'clearing' the 'auth' (ie moves auth-hold to a debit) and prepares them to settle with the merchant acquiring bank
  • The merchant submits all their approved authorisations, in a ‘batch’ (eg end of day), to their acquiring bank for settlement via its processor
  • The acquiring bank makes the batch settlement request of the credit card issuer
  • The credit card issuer makes a settlement payment to the acquiring bank (eg the next day)
  • The acquiring bank subsequently deposits the total of the approved funds in to the merchant's nominated account (eg the day after). This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank
  • The entire process from authorisation to settlement to funding typically takes 3 days

Payment gateways: making your choice

There are some fundamentals to bear in mind when considering a payment gateway. The most important is compatibility with your eCommerce platform, in other words, will it work with your shopping cart? Many of the shopping carts on the market automatically configure with the main payment gateways, but it would be wise to check with your web developer before signing up.

Other things to consider are the level of support for any problems you encounter, length of the contract for the service and any hidden costs (such as extra security or mail order and telephone payments) and the level of fraud protection the gateway provides. Most gateways will provide a dashboard to let you analyse sales figures and generate reports.

The other factor to consider when choosing your payment gateway is whether it is hosted or integrated.

When you set up a payment gateway, you can opt to have the payment page hosted by the payment service provider (PSP). By doing this you increase security as the PSP will have a high level of security in place. It will also save you time and hassle dealing with security updates or compliance issues.

The alternative is an integrated payment gateway or application program interface (API), which gives you much greater flexibility and control over your payment page. It also means that shoppers never leave your site, so does provide a better branding experience.

You are responsible for security compliance and will have the versatility to integrate your payment page with devices like mobile and tablets.

Which option is best for you will depend on the level of technical nous you have. Hosted is faster to obtain and simpler. API is more flexible but requires advanced IT skills.

Help choosing your payment gateway

When evaluating the different payment gateways on the market, you should consider the following:

Gateway features
Your gateway should carry out transactions quickly and reliably without charging over the odds. The process should be hassle-free. It’s a service after all, and one that you are paying for. Good payment gateways should dovetail with your business, security features and banking arrangements.

eCommerce and site integration
We’ve said it before, let’s say it again. Integration is everything with payment gateways. A good gateway will configure quickly with your shopping cart. Remember that your choice of hosted or integrated gateway will depend on the level of technical expertise you have. Always check with an IT specialist to make sure your chosen solution is compatible with the rest of your eCommerce platform.

Even if you’ve bought a straightforward gateway from a reputable source, it’s inevitable that you’ll run into problems at some point. Having readily accessible support therefore is a must.

Using your gateway
You’ve got to be able to use it, so make sure you can! Choose a product that is straightforward to understand and just as easy to use.

Latest payment news

We can help

Three reasons to compare

  1. Find the best prices...
  2. From leading providers...
  3. Quickly and simply!

Please login using your email address

Sorry, your login details were incorrect


© Copyright 2013 Electronic Payments, All Rights Reserved 99 Giles Street, Edinburgh | Scotland, EH6 6BZ | 08000 248 620