What is a Payment Gateway? Why You Need One & How it Works
Image source: Burst
An integral component of your payment gateway is security. A payment gateway helps protect you and your customers from fraudulent activity. It authenticates the cardholder to make a safe payment from the shopper’s account to the merchant’s account. The payment gateway ensures that the complete payment flow is secure.
According to statistics from Merchant Savvy, payment fraud losses have more than tripled since 2011 and are expected to exceed $40 Billion by 2027.
Major credit card brands created a set of rules that require anyone with access to card information, including payment gateways, to be compliant. The security standard is called the Payment Card Industry Data Security Standard. Also known as PCI DSS or PCI Compliance.
E-commerce businesses use payment gateway solutions to safely and securely process online transactions.
This article explains what a payment gateway is, who the key players are in the payment process, and why you need a payment gateway.
What is a Payment Gateway?
A payment gateway is the technology that transmits payment data from the cardholder (your customer) to the acquiring bank. It then sends a response from the issuer to confirm whether the transaction is approved or declined.
It’s essentially a safe and secure infrastructure that bridges the gap between your business and your customer.
In-store, a point of sale terminal (POS) or mobile POS system looks at card chips to validate the shopper’s credit card. Online, a payment gateway confirms whether a payment is legitimate. With online payments you can’t access your customer’s physical card, so your payment gateway does the work for you.
Payment Gateways Execute Various Transaction Types
- Authorization is used to check if the cardholder has enough money to pay. This doesn’t include the actual transfer of funds. Authorization helps you ensure that a customer is able to pay for the item ordered and it also confirms whether the payment is safe and secure.
- Capture is when the authorized payment is actually processed. Funds are then sent to your business bank account.
- Sale is a mix of both authorization and capture transactions. First, the cardholder is authorized, then the funds may or may not be captured. A payment for immediate purchases like recurring or subscription payments and e-tickets is also referred to as a sale.
- Refund occurs when an order is canceled. After a customer requests a refund, you have to process the refund and return the money.
- Void is like a refund but can be processed if the money was not yet captured.
Who’s Involved in the Online Payments Process?
There are a few key players involved in the online payments process. After your customer clicks the “Pay Now” button on your checkout page, these are the parties that collaborate to approve and process the transaction.
- Merchant - This refers to you. An online business that does business in any vertical that sells its products or services online is an online merchant.
- Customer - Also referred to as the cardholder, the customer is the person who comes to your e-commerce website and initiates a transaction.
- Issuing Bank (or issuer) - This is the customer’s bank that issues the cardholder’s debit or credit card.
- Acquiring Bank (or acquirer) - This is the bank that hosts the merchant’s credit card processing account (referred to as the merchant account). Payments are received and then the acquirer sends the merchant’s transactions to the issuer.
Further reading: Your Guide to Payments Terminology
Why Do I Need a Payment Gateway?
During an online payment transaction, the shopper’s card can’t be physically tapped or swiped on a POS terminal. Online payments are processed as a card not present transaction (CNP).
Because of this, you can only depend on the credit card information that the cardholder fills in on your payment page. This imposes a problem. There is no way for you to know that the customer is using their own card.
In online payments, the risk for fraud is undoubtedly higher. This is where the payment gateway comes into play. Without a payment gateway in the online payment process, fraudsters can easily access the customer’s card information. If this sensitive data is compromised it can expose your business to fraud and chargebacks.
Think of a payment gateway as the protector of your shopper’s payment data. It encrypts data as it communicates the information from you to the acquiring bank, and the issuer to mitigate security threats.
Your payment gateway can help you manage chargebacks and fraud. And it can also protect you from closed accounts, exceeding credit limits, insufficient funds, and expired cards.
How Does a Payment Gateway Work?
Now that you understand why you need a payment gateway, we'll take a look at how a payment gateway works through the payment flow.
1. Customer Proceeds to Checkout
Your customer selects the product they want to purchase and proceeds to checkout. Each payment gateway offers different options for your payment page.
MONEI offers you the following options for your payment page.
MONEI’s hosted payment page is the simplest and most secure way to collect payments from your customers. It’s an off the shelf prebuilt payment page that includes the following features:
- Real-time card validation
- Optimized for mobile payments
- Supports 13 languages
- Supports multiple payment methods
- Customize the appearance and domain of your checkout
- 3D Secure 2.1 & 2.2 compliant
- PCI Compliant and SCA ready
The payment modal is a component of the hosted payment page that enables you to securely collect payments from your customers. With this feature, your customers won’t get redirected to another domain. They never leave your website during the checkout process.
It’s the intermediate step between our prebuilt payment page and our card input component.
Implementation of the payment modal is relatively easy. Integration consists of creating a payment object and confirming the payment.
You can use the card input component to embed a payment form into your custom checkout page. While this option requires more programming, it’s the most flexible option.
All of MONEI’s payment page options use tokenization and encrypt credit card data on the front-end. Also known as client-side encryption.
Client-side encryption refers to encrypting sensitive credit card information on your customer’s device before sending data to your server (merchant server). Working with a payment gateway means you don’t have to worry about becoming PCI compliant. The payment gateway already is and you can ensure that your customer’s card data gets encrypted using technology such as tokenization.
2. Customer Fills in Card Details
Your customer fills in their debit or credit card details on the payment page. Including their name, card expiration date, and the card verification value (CVV). Then the cardholder's information is securely sent to your payment gateway.
3. Payment Gateway Encrypts Details
Once the cardholder's information is received by the payment gateway, it encrypts or tokenizes the credit card details. Then the payment gateway runs fraud checks before the card data gets sent to the acquiring bank.
4. Acquirer and Issuer Communicate
Then the acquiring bank (also referred to as the merchant acquirer or acquirer) securely sends the payment information to the card schemes. Also known as card networks.
The card schemes complete another round of security checks for fraud. Then the payment data gets sent to the issuing bank.
After completing fraud screening, the issuing bank authorizes the transaction. The approved or declined payment message gets sent back from the schemes and then to the acquiring bank.
Then the acquirer sends the approved or declined payment message back to the payment gateway, and the final message gets sent to the merchant. For approved payments, the acquiring bank collects the transaction amount from the issuer (or issuing bank) and transfers the funds to your merchant account.
You can't access a merchant account like a traditional bank account. It's a business agreement with a Mastercard and/or Visa acquiring member bank. In the payment transaction process, the acquiring bank receives the funds from the issuer. This typically happens one day after the transaction. Then the payment is settled and the money is deposited into your business bank account (minus transaction fees). Acquiring banks assume the risk of credit card transactions, and wait to get paid from the issuing banks at a later time.
5. Payment Settlement
Settlement happens once the transaction is approved and funds get released and deposited into your business bank account. The official settlement time depends on the agreement you have with your payment gateway. With MONEI’s payment gateway, verified merchants get payment settlements in 24 hours.
6. Payment Confirmation
Once the payment is approved and processed, you can display a payment confirmation page. If the payment is not approved, you can ask customers to provide another payment method.
Both you and your customers benefit from payment gateway technology.
Your customer's card details are always secure, and they have a range of payment methods to choose from. And you (the merchant) can be sure that your e-commerce store is compliant with payment security regulations. Activity goes on in the background and the steps outlined above happen in real-time or just a few seconds.
Now that you have a better understanding of how a payment gateway works, it’s time to choose a solution for your e-commerce business. Consider factors like where your customers are located, what payment methods they prefer, and your long-term growth plans.
Then weigh your options to decide which e-commerce payment gateway provider is right for your business.
Here are some questions to consider:
What Are the Pricing Options?
Like any software service, a payment gateway charges a fee for using its tools and technology to process and authorize your online transactions.
It’s critical to evaluate transaction fees. A small percentage doesn’t sound like much, but it adds up if you have a large volume of sales or high-priced products.
MONEI offers a dynamic pricing model to help you save money. As you scale and sell more, your transaction fees decrease.
Does the Payment Gateway Help You Set Up a Merchant Account?
You need a merchant account to accept credit card payments. Smaller businesses usually work with an "all-in-one" payment service provider (PSP), which includes merchant account services and payment processing. While larger businesses opt for a different setup and tend to go for a full-service merchant account for e-commerce.
Depending on the payment gateway you choose, it may offer merchant account services. When you create an account with MONEI, all you need to start accepting credit card payments is a Virtual POS.
A Virtual POS (point of sale) is an application used to authorize card transactions. It’s the technology that allows you to integrate credit card payments into your e-commerce store. This involves the credit card processor and the acquiring bank (merchant account services).
We can help you get a Virtual POS with one of our acquiring bank partners and provide technical support while you’re getting set up. Submit a request here.
Does the Payment Gateway Support Many Payment Methods and Currencies?
Image source: Statista
Mobile payments are projected to reach 1.31 billion users worldwide by 2023. Mobile payments refer to a digital or e-wallet (i.e. Apple Pay) that stores your credit card information or your money. Digital wallets make it possible for you to make an online purchase or contactless in-store payment without a bank account.
Image source: Statista
Bizum has also gained massive popularity in Spain. At the end of 2020, it reached 13.6 million users. E-commerce payments through Bizum hit 54 million euros in more than 850,000 purchases.
Make sure the payment gateway you choose offers all major payment methods including the most popular types of payment in your country or region.
If you have an international business or want to let customers pay regardless of their currency — look for a payment gateway that supports multiple currencies. Depending on the payment solution, multi-currency processing may or may not involve additional fees.
Is Your Country Supported By the Payment Gateway?
Many payment gateway providers focus on a specific country or region.
Do you want to use a solution built for businesses across the globe or one that is local to your country or region?
The choice is yours, but make sure the payment gateway supports the country where your business is based and registered.
Are Your Products Permitted?
There are two types of product categories — digital and physical. Within each of these categories, there are different product types. Look for a list of restricted products to make sure the payment gateway permits your products.
For example, some payment service providers don't work with merchants who sell CBD products (physical) and cryptocurrencies (digital).
📚 Further reading: How to Sell CBD Online: Your Guide to Success
Is it a Hosted or an Integrated Payment Gateway?
Similar to e-commerce platforms, which offer hosted and self-hosted options, payment gateway solutions can be integrated into your store or hosted off-site. There are advantages and disadvantages to both scenarios. Let’s look in more detail.
Hosted Payment Gateway
A hosted payment gateway redirects the cardholder to the payment processor’s platform to fill in payment information. The advantage of a hosted solution is that the payment gateway is responsible for all data security and PCI compliance. You don’t have to worry about it.
The disadvantage of a hosted payment gateway is that your customer can be redirected off of your website to a third party domain. This can result in lost sales and lower conversion rates.
Fortunately, with MONEI’s Payment Modal, the cardholder is never redirected. Instead, a payment window appears on your checkout page so your customer never leaves your website (i.e. fewer lost sales and increased conversions).
Integrated Payment Gateway
Integrated payment gateway solutions connect to your e-commerce website using an application programming interface (API) that is created by the payment solution provider.
It’s a seamless experience for your customers. The advantage is that shoppers never have to leave your website to fill in their payment details and complete their purchase.
The drawback of an integrated payment gateway is that you’re required to manage the programming. MONEI’s dev documentation helps you (or your developer) integrate the payment gateway with your e-commerce website so it’s functioning in no time.
In some cases, with integrated payment gateways, you’re liable for complying with your country’s payment regulations. However, at MONEI we handle it for you whether you choose a hosted payment gateway or an integrated payment gateway.
Is the Payment Gateway Integration Process Easy?
If you’re not a developer, you’ll want to hire one to integrate your payment gateway with your e-commerce website. Usually, payment gateways provide documentation to help with the integration process.
It’s optimal to choose a payment gateway solution that has a quick and easy integration process. And it’s crucial to make sure the infrastructure doesn’t result in poor user experience (UX) and slow payment processing. Make the payment process easy and convenient for your customers, and ensure they can use their preferred payment method.
Is the UX Optimized for Mobile?
79% of customers make online purchases via their mobile phone and 40% of users will go to a competitor after a bad mobile experience. Make sure the payment gateway solution you choose has optimized its software for mobile design and user experience.
Can You Implement Recurring Payments?
If you’d like to offer recurring payments or subscriptions check if the payment gateway supports automatic recurring payments. If it doesn’t, you’ll have to manually bill your customers on a recurring basis. This takes up valuable time that you could be spending on growing your business.
Is the Payment Flow User Experience Good?
As you review your payment gateway choices, but cognizant of the appearance of each solution. What kind of experience will your customer have? Is checkout easy on all devices?
The number of steps the user has to take to get from their shopping cart to the payment confirmation screen shouldn’t be too long. If the shopper feels like you’re asking too much, there’s a higher probability that they’ll abandon their cart.
If you can’t find it in the documentation, ask the payment gateway if you can do a live demo. We have a live demo available for each of our solutions. Try them here: Prebuilt payment page live demo, payment modal live demo, and card input component live demo.
Further reading: 11 E-commerce Checkout Page Tips
Is the Payment Gateway Compliant with Security Requirements?
Whether you have a big e-commerce business or a small online shop, security compliance is vital.
A payment gateway allows you to customize the appearance of your checkout page and domain. Customers don’t know they’re redirected temporarily to a third party to process their payment.
It’s your responsibility to make sure the payment gateway you choose is compliant with PCI-DSS security regulations. PCI is a set of requirements created by the Payment Card Industry Security Standards Council. It enhances cardholder data security and guarantees that sensitive credit card information and data are safely handled and stored.
Does the Payment Gateway Have Smart Routing Capabilities?
Smart routing refers to a process where transactions are sent to multiple acquirers. This decreases the likelihood of the transaction getting declined and resulting in a lost sale.
Choosing a payment gateway that has smart routing capabilities can help increase your conversion rate and overall sales revenue.
Wondering what an acquirer is? Read Your Guide to Payments Terminology
Does the Payment Gateway Work Globally?
A globally acceptable payment gateway can help you grow your business internationally.
Choose a multi-currency payment gateway to accept payments from customers across the globe in a range of currencies. This is also known as cross border sales.
Multi-currency payment processing takes place when your e-commerce business can accept card transactions from customers in foreign currencies. International payment gateway services let you extend your reach to customers around the world.
Look for a payment gateway with dynamic currency conversion as well as a simple process for authorizing and settling international payments.
Moving Forward with Your Payment Gateway
Regardless of the e-commerce platform you choose for your business, working with a payment gateway is crucial to the security of your online store.
At MONEI, our mission is to help you simplify all payment options through one single platform.
Alexis Damen is the Head of Content at MONEI. She loves breaking down complex topics about payments, e-commerce, and retail to help merchants succeed (with MONEI as their payments partner, of course).