The purpose of a payment gateway is to receive transactions that originated in a card-not-present (CNP) location, such as through a web browser or mobile phone. Gateway solutions can securely capture the customer’s card account information and sends it to the payment processor. The payment gateway links a business’s shopping cart or e-commerce application to its internet merchant account provider for online payments.
Once account information is captured, it’s sent to the payment processor for authorization at the card payment networks. Payment gateways can process these transactions by encrypting the payment card account information before transmitting it to the payment processor and customer bank card issuer.
How a Payment Gateway Works
When the customer is ready to pay and check out of the shopping cart, the cardholder account information is encrypted using a secure XML file. This file is sent to the merchant’s payment gateway application through a Secure Sockets Layer (SSL) connection. The SSL is a secure link that connects the customer’s web browser or mobile device to the payment gateway and prevents the threat of outside attacks. We integrate with; WooCommerce, Shopify, BigCommerce, Ecwid, LimeLight, Magento, Opencart, and Prestashop.
The cardholder account payment data is deciphered at the payment gateway and sent to the payment card network through another SSL connection for the authorization request. This connection uses a financial message format similar to ISO 8583 to encrypt account information at a high level.
Authorization requests are sent to the card association to determine the bank card issuer and if the customer is using a Visa or MasterCard. Transactions using the American Express or Discover (including Diners, JCB, and China UnionPay) networks are sent directly to that payment card network. These companies operate differently from Visa and MasterCard since they act as a merchant acquirer, bank processor, and card issuer.
Within a matter of a couple of seconds, a decision is determined by the card issuing bank, and the response code is sent back through the same secure path. This response is displayed in the shopping cart as either an approval or denial of authorization, along with a unique bank transaction ID.
The final step of the payment gateway is sending a summary of pending authorizations, known as the batch. The batch is the finalized request for the settlement of customer funds by the business to the card issuer. This batching process is an automated, nightly occurrence allowing merchants to edit authorizations. Before the finalization, changes such as adding tips, voiding charges, or issuing refunds can be made.
Payment gateway solutions are an economical way for merchants to understand their customers and their business sales history fully.
Use a Virtual Terminal to Accept Payment
Merchants using online payment gateways can also input other sales transactions into the gateway through virtual terminals. A virtual terminal operates with many of the same functions as an online payment gateway while allowing merchants more flexibility. These terminals allow merchants to process online and swipe payments through the same application.
When a business receives a sale from a telephone or in-person transaction, merchants enter the customer information for authorization into the virtual terminal. Virtual terminals use the same protocols as gateways to transmit customer account information online. These protocols include encrypting and sending card account information with the highest levels of financial security.
Like a credit card terminal, merchants processing a payment through a virtual terminal transaction are presented with a payment application on their computer screen. This screen allows merchants to input customer card and transaction information manually. The authorization request is captured once the merchant fills in all the transaction fields. At this point, the encrypted file reaches the payment processor, and a response is requested.
Many merchants operating retail and online businesses find using a payment gateway or virtual terminal much more beneficial than using a separate credit card machine. Some merchants install card swipers in their locations to quickly process online payments through the terminal. Merchants using this system have significantly more sales information due to the extensive reporting available through the gateway’s shared software.
Having one terminal that can track and provide easy reporting on all sales helps simplify customer management and business operations. The ability to manage transactions while designating different employee permissions can help reduce the threat losses. These losses from fraud or other mistakes are easily found and can be fixed by viewing transaction reports.
Virtual terminals provide merchants with additional features not available with most credit card terminal solutions. By adding hardware, merchants can easily implement a virtual terminal into their existing payment gateway.
Finding the Right Payment Gateway Provider for your Merchant Account
Performing a simple search will return several different payment gateway service providers from all corners of the world. Most payment gateways cater to their local clientele or service a specific industry. Partnering with a merchant services provider that offers a payment gateway solution designed for a merchant’s business is extremely beneficial. Not only do they provide security, but offering specific functionality saves a business time and money. This is also important for merchants using shopping carts programs like WooCommerce or Shopify. Knowing that the payment gateway is compatible is paramount for the integration.
The most important function of payment gateways is to provide a secure link between the customer’s web browser or mobile device and the payment processor. Working with a payment gateway service provider certified as a PCI Compliant service provider is essential for e-commerce businesses. Businesses that disregard this requirement will become non-compliant with the card associations and incur fines.
Within the PCI Compliance standards, there are 4 different levels of security. Each level is based on the total number of yearly transactions processed and requires varying security assessments. A Level 1 PCI Compliant gateway provides the highest levels of security for merchant transaction processing through their website or virtual terminal.
Once a business has narrowed down the different PCI Compliant gateways, merchants will want to check each one’s features. With many different options, it’s important to determine the gateway that offers the best functionality. Checking the different features offered by the various providers can help determine the best company to partner with.
As businesses research potential payment gateways, security and functionality are the most important parts of each of the gateway solutions. Merchants should test the security and features of each gateway before integrating. Keeping these two factors in mind, a merchant can easily choose the best gateway service that works with their shopping cart program and business.
Get Accepting Online Payments at your Business Today
Merchants with questions concerning their current payment gateway or looking for a new service provider are encouraged to contact the payment processing professionals at Allied Payments. Our team is experienced working with our payment gateway and can help answer any questions concerning accepting payments online or in a store. For more information about the security or features built into our gateway, please get in touch with our team. We look forward to helping businesses safely and securely process all card schemes, including high-risk online payments.