What is a Payment Gateway and How Does It Work?
What is a Payment Gateway?
A payment gateway is a technology that holds and transfers payment information from cardholders to acquiring banks. After this, the same data is transferred into a payment (either declined or accepted) and is sent back to the cardholder. The payment gateway validates the information securely and checks if the required amount of funds is available for the product/service to be paid. It also ensures that the sensitive information is being encrypted and transmitted securely from the cardholder to the acquirer through the merchant. This is usually handled by payment service providers (PSPs)
The online payment gateway serve as an intermediary technology between the merchant and its customers. It can significantly simplify the integration process.
Moreover, the payment gateway helps merchants to keep their businesses secured. Since clients make card-non-present transactions on merchants’ websites, the levels of fraud are usually higher compared to transactions made on a POS terminal in a physical shop. The reason for this is that merchants do not have the resources to check if the presented card is valid or if it belongs to the same person that presented it at the cashier. The software also protects merchants from expired cards, insufficient funds, inactive accounts or exceeding credit limits.
Without a payment gateway hackers would have free access to clients’ sensitive information and could use it for illegal activities. This is dangerous for both clients and merchants. While clients may have been deceived with large amounts or have their personal information stolen or even sold, merchants may face problems such as excessive illegitimate transactions, monetary and reputational damages.
A multi-currency payment gateway enables you to accept payments in various currencies and process international payments from customers across the globe.
How does it work?
1. A cardholder selects a product/service and continues to the payment page. The payment gateways offer several options:
- Hosted payment page where a client is redirected to a checkout. This option reduces the engagement with PCI compliance standards and is suitable for e-commerce merchants who don’t collect and store any cardholder data on their server.
- Server-to-server integration facilitates a communication between merchant’s server and the payment gateway server. Customers make the payment on the payment page without being redirected to the gateway’s payment page. This option is beneficial as it improves the time needed to complete the order as well as the overall customer experience as the merchant has more control over the payment page.
- Client-side encryption is when the card data is being encrypted on client’s device before being sent to merchant’s server by using the payment gateway’s encryption library. This solution is another way of minimizing the PCI requirements.
2. The client fills out their card details on the payment page. After adding the cardholder name, expiration date and CVV number, the data is securely transferred to the payment gateway based on the chosen integration (hosted payment page, server-to-server, client-side encryption).
3. The payment gateway encrypts the data and performs fraud checks to confirm that all the information is correct before sending it to the acquiring bank.
4. Upon receival, the acquiring bank forwards the information to the card schemes.
5. When the card brand schemes perform their additional verifications, the payment data is sent to the issuing bank.
6. The issuing bank then checks the data further and authorizes the transaction by forwarding the approval or decline message back to the acquiring bank through the card schemes.
7. Once the payment message is received, the bank sends it to the payment gateway which transmits it to the merchant. If the transaction is accepted, the acquiring bank will take the payment amount from the issuing bank and hold it in the merchant account.
8. On the agreed settlement day (usually 1 time per week), the acquiring bank will release the settlement in merchant’s bank account.
9. When this process is completed, the cardholder will receive a message that the payment was successful or that they should try with a different payment method.
Even though it may seem complicated, in reality this whole process usually takes around 3 seconds to perform. Check out also the difference between payment gateway and payment processor.
We advise our future clients to Contact Us so that together we can find the best integration option for their businesses.