An online payment gateway is the virtual version of the point of sale card terminal you see in stores, in other words a credit card processor. So simply put, a payment gateway is a service that connects your website to your bank and is an essential part of a Credit Card Processing facility.
There’s a standard routine for every credit card transaction on the web. First, your customer completes their shopping and lands on an order summary page. When the customer is happy with the order your website displays a page where the customer enters their full credit card details. Your customer then clicks through, sending the credit card information from their browser to your server, which in turn passes the information to the payment gateway.
That’s when the payment gateway takes over: it checks the credit card information for validity, determines which bank manages the customer’s credit card (the issuing bank) and then sends a request to the issuing bank for a payment transfer. The issuing bank validates the card, checks whether the customer has funds available and returns a result to the payment gateway, indicating whether the funds will be transferred and if not, returns a reason why.
The payment gateway gets to work again, telling your website whether funds were authorized for transfer and then initiates a funds transfer (settlement request) to the bank holding your merchant account (the acquiring bank). It’s then your website’s job to tell your customer that the transaction has been fulfilled and to then initiate whatever steps necessary to deliver the goods or services your customer purchased.
Payment gateways differ in shape and size but there are three main types. If you would like to give your customer the most transparent, trusted and hassle-free way of paying you, you should use an Application Programming Interface (API) to connect your website to the payment gateway. The benefit of an API is that your customer never sees any element of the payment gateway’s website; the payment gateway does its job seamlessly in the background while your customer waits at your website.
There are two drawbacks: you may need to do additional programming to implement the API and you need to implement strict security protocols on your website and hosting equipment, including a security certificate. The former is probably less of a problem as most shopping card solutions come with standard API connectors. Managing the security side of things can be a hassle though, and you ultimately have the responsibility of making sure your customer’s card details remain a secret.
If the API route sounds daunting you could use a third-party payment gateway, in which case your customer is transferred to the third-party’s website to enter their card details and complete payment. You need to weight up the potential for lost sales (customers could get hesitant when they suddenly see a different website) against the ease of implementation.
Finally there are a few companies that offer integrated payment gateways in which case you don’t even need a merchant account and the brand name of an integrated payment gateway may provide reassurance for your customer. The flipside is far higher processing fees.
All payment gateways essentially work in the same way but there are other factors your need to know about. This includes advanced fraud detection abilities, virtual terminals (you can enter your customer’s card details manually) and whether the payment gateway will deal with recurring fees.