The purpose of a payment gateway is to receive transactions that originated in a card-not-present (CNP) location, such as through a web browser or mobile phone. The gateway is designed to securely capture the customer’s card account information and send it to the payment processor. The gateway links a business’ shopping cart or online e-commerce application to their internet merchant account provider.
Once account information is captured, it’s sent to the payment processor for authorization at the card payment networks. Payment gateways are able to process these transactions by encrypting the card account information before transmitting to the payment processor.
How a Payment Gateway works
Upon checkout of the shopping cart, the cardholder account information is encrypted using a secure XML file. This file is sent through a Secure Sockets Layer (SSL) connection to the merchant’s gateway application. The SSL is a secure link that connects the customer’s web browser or mobile device to the payment gateway and prevents the threat of outside attacks. We integrate with; WooCommerce, Shopify, BigCommerce, Ecwid, LimeLight, Magento, Opencart and Prestashop to name a few.
At the payment gateway, the cardholder data is deciphered and sent through another SSL connection to the payment card network for the authorization request. This connection uses a financial message format similar to ISO 8583 to encrypt account information at a high level.
Authorization requests are sent to the card association to determine the card issuing bank if the customer is using a Visa or MasterCard. Transactions using the American Express or Discover (including Diners, JCB and China UnionPay) networks are sent directly to that card network. These companies operate differently from Visa and MasterCard since they act as both processor and the customer card issuer.
Within a matter of a couple of seconds, a decision is determined by the card issuing bank and the response code is sent back through the same secure path. This response is displayed in the shopping cart as either an approval or denial of authorization along with a unique transaction ID.
The final step of the payment gateway is the sending of a summary of pending authorizations, known as the batch. The batch is the finalized request for settlement of customer funds by the merchant. This batching process is an automated, nightly occurrence that allows merchants the ability to edit authorizations. Changes such as adding tips, voiding charges or issuing refunds, prior to finalizing the request are made at this time.
Payment gateways are an economical way for merchants to fully understand their customers and sales history.
Using a High Risk Virtual Terminal
Merchants using a payment gateway can also input other sales transactions into the gateway through a virtual terminal. A virtual terminal operates with many of the same functions as a gateway while allowing merchants more flexibility. These terminals allow merchants the ability to process both online and swiped payments through the same application.
When a business receives a sale from a telephone or in-person transaction, merchants enter the customer information for authorization into the virtual terminal. Virtual terminals use the same protocols as gateways to transmit customer account information. These protocols include encrypting and sending card account information with the highest levels of financial security.
Similar to a credit card terminal, merchants processing a virtual terminal transaction are presented with a payment application on their computer screen. This screen allows merchants to input customer card and transaction information manually. Once the merchant fills in all the transaction fields, the authorization request is captured. At this point, the encrypted file reaches the payment processor and a response is requested.
Many merchants operating both retail and online businesses find using a virtual terminal much more beneficial than using a separate credit card machine. Some merchants install card swipers into their locations to quickly process transactions through the terminal. Merchants using this system have significantly more sales information due to the extensive reporting available through the gateway’s shared software.
Having one terminal that can track and provide easy reporting on all sales helps simplify customer management and business operations. The ability to manage transactions, while designating different employee permissions, can help reduce the threat losses. These losses from fraud or other mistakes are easily found and can be fixed by viewing transaction reports.
Virtual terminals provide merchants with additional features not available with most credit card terminals. By opting to add hardware, merchants can easily implement a virtual terminal into their existing payment gateway.
Finding the Right Payment Gateway Provider
Performing a simple search will return several different payment gateway service providers from all corners of the world. Most gateways cater to their local clientele or service a specific industry. Partnering with a merchant services provider that offers a payment gateway solution designed for a merchant’s business is extremely beneficial. Not only do they provide security, but offering specific functionality saves businesses’ time and money. This is also important for merchants that are using a shopping cart program such as WooCommerce or Shopify. Knowing that the payment gateway is compatible is paramount for the integration to work.
The most important function of the payment gateway is providing a secure link between the customer’s web browser or mobile device and the payment processor. Working with a payment gateway service provider that is certified as a PCI Compliant service provider is essential for e-commerce businesses. Businesses that disregard this requirement will become non-compliant with the card associations and incur fines.
Within the PCI Compliance standards, there are 4 different levels of security. Each level is based upon the total number of yearly transactions processed and requires varying degrees of security assessments. A Level 1 PCI Compliant gateway provides the highest levels of security for merchant transaction processing through their website or virtual terminal.
Once a business has narrowed down the different PCI Compliant gateways, merchants will want to check into each one’s features. With many different options, it’s important to determine the gateway that offers the best functionality. Checking the different features offered by the various providers can help determine the best company to partner with.
As businesses research potential gateway service providers, the fact that security and functionality are clearly the most important parts of a payment gateway. Merchants should test the security and features of each gateway before integrating. Keeping these 2 factors in mind, a merchant can easily choose the best gateway service that works with their shopping cart program.
Get Started Processing Transactions Today
Merchants with questions concerning their current gateway or looking for a new service provider are encouraged to contact the payment processing professionals at Allied Payments. Our team is experienced working with our payment gateway and can help answer any questions. For more information about the security or features built into our gateway, please contact our team. We look forward to helping businesses process their high-risk payments safely and securely, whether they are online or in person.