What is a payment gateway? How does it work?

Index [Hide] [Show]

Payment gateway is a service with a software application behind it. Its main function is to create a link between the buyer and the bank of the seller guaranteeing secure exchange of confidential encrypted information, such as credit card number or CVV. In order to process the payments it is required to have a merchant account linked to the payment gateway.  

The role of payment gateway in E-commerce

Payment gateway is an essential part of e-commerce and its main roles in the process of online purchase are the following:  

  • Authorize transactions between the buyer and the bank of the seller. 
  • Show the status of the transaction: Payment accepted, pending payment, Payment cancelled.  
Payment accepted: The consumer has successfully completed payment. If the payment was made correctly the payment gateway will receive the notification OK and the code of authorization (TAN) from the bank issuer of a card used for the purchase. Once the notification is received the panel of control of the payment gateway will indicate status Accepted.   

Pending payment: A payment was created or even initiated, but not yet completed. In this case the client has started filling in his credit card information and his own personal data but at some moment he either left the process or interrupted it in order to finish it later. In this case the status of the transaction shown in the panel of control of payment gateway is Pending.    

Payment cancelled or failed: The bank of the customer did not authorize the transaction. There are several reasons why the bank issuer of the card doesn’t authorize the payment. The most common ones are: insufficient funds, limited number of transactions per day, suspicions operation. In this case, net to the status of transaction, the client will be able to see in his panel of control the code of the error with its detailed description and communicate it to the customer.  

  • Control all the transactions that have been carried out throughout a day, week, month, year or other period of time that the client can choose personally.  
  • Obtain detailed information about each operation: type of card (debit or credit), card brand, country where the transaction was made, IP of the customer, amount paid, data of customer invoicing, description of the purchase. 
  • Make refunds from the panel of control with just one click and manage chargebacks. 
  • Allow you to search for any transaction processed by the payment gateway from the day it was contracted.  
  • Send payment links and emails, generate payment buttons and place them on client´s webpage. 
  • Activate and deactivate 3D Secure protocol for extra protection of your online business.  

Types of payment gateways  

Depending on the way the commercial activity is carried out there are two payment-processing options: Payment gateway for card-not-present operations (CNP) and payment gateway for card-present transactions (CP).  

Payment gateway CNP transactions 

As the name indicates, CNP transactions are those that are processed without the physical presence of a card. Due to the fact that the presence of a cardholder and his signature are not needed, they are classed as of high-risk. In order to make a CNP payment, it is sufficient to have the card number, expiring date and sometimes CVV code. This kind of payment processing is used for MOTO, recurring payments or online stores purchases.     

Even though CNP payments are the most common ones in e-commerce, its safety has been always questioned. The main difficulty of the merchant in this case is to verify whether the cardholder really approves the purchase. With the development of 3D Secure protocol, where the customer has to introduce the unique code in order to proceed with the operation, the security level of CNP payments has increased significantly.  

What differentiates one payment gateway from another is the level of security it provides to the merchant and its clients. The ultimate anti-fraud technology used by many payment processor providers is called “Fraud Scrubbing”. It consists in creating the sequence of rules and parameters that analyzes if a transaction is fraudulent or secure. The merchant can create any rule, or choose among 200 existing ones, in order to protect his clients. One of the examples of fraud scrabbling rules is IP based rule. For example, a businessman with a card issued by English bank goes to Turkey on a business trip. While there, he wants to make an online purchase but because his home address doesn’t match his IP the transaction can be cancelled or delayed until there is a possibility to double check the authenticity of this transaction. So anyone who hires payment gateway for CNP transactions can indicate what kind of security parameters should be applied to his business.    

The most popular Fraud Scrubbing parameters:

  • IP of a purchase should match the IP of a client.
  • The purchases originated from high-risk countries are not accepted.  
  • Transactions exceeding fixed limit are declined. 
  • Only certain card brands are accepted. 
  • E-mail antiquity check.  

Payment gateway CP transactions 

CP transactions are not applied to e-commerce and are characterized by low level of risk they involve. Because the presence of a cardholder is required in order to make a CP transaction it is not difficult for a seller to verify his identity and confirm his willingness to proceed with the payment. 

When a physical POS terminal is used there are two ways to confirm the authorization of a transaction. The first one is an invoice that gets printed at the same moment when the transaction gets approved. The second way to confirm the status of the operation is by connecting to panel of control of the contracted payment gateway.   

The fees charged for processing CP transactions are quite lower than those applied when CNP sale takes place. It can be explained by the high level of risk and large list of security checks that have to be done in order to process CNP transaction.    

How to choose payment gateway?  

While the owners of online store are focused on merchant account application and its approval it is very important to take time and choose a payment gateway that suits your commercial requirements perfectly.  

When choosing payment gateway follow this checklist: 

  • It should be hosted on last generation servers that comply with all security requirements. 
  • It should use SSL protocol and avoid third parties intervention. 
  • The server where the payment gateway is hosted should comply with PCI DSS security regulations.
  • Informative panel of control. 
  • Its integration is easy and it supports the most popular Internet CMSs: OctoberCMS, Prestashop, Magento, Woocommerce, Magento, WHMCS, OpenCart, Drupal, ZenCart and VirtueMart.
  • It has alternative functions to the CMS, such as, payment links, e-mail pay, payment by SMS, payment buttons.
  • Advanced anti-fraud technology and 3D Secure protocol are implemented.
  • Highly qualified customer support with short period of response.