What is a Payment Gateway?

A payment gateway securely transmits sensitive payment information from a customer’s issuing bank to each party involved with a card transaction. Payment gateways connect the merchant’s payment portal (like a website) to the acquiring bank or front end processor. 

Every ecommerce business needs to have a payment gateway. There is no other way to accept credit cards online without one.

While mostly associated with online transactions, payment gateways can also be used at traditional brick and mortar businesses.

How Payment Gateways Work in Payment Processing

On the surface, a payment gateway is simple. All of us use a payment gateway when we shop online. As a customer, you simply enter your credit card information and confirm the transaction. The payment gateway takes that information, sends it to the processor, and ultimately enables businesses to accept payments online. 

However, a payment gateway is significantly more complex behind the scenes for accepting payments. There are several different types of payment gateways, but they all work in the same way. Without getting too technical, here’s guide on how payment gateways work:

1. Customer places an order online and submits their payment information: For online orders, there won’t be any chip or swipe involved. This is a card-not-present transaction. Instead, the merchant will ask for the customer’s name, address, card expiration date, and card verification number. 

2. Payment information is securely uploaded to the payment gateway: When you accept credit card payments, this information is passed using a secure SSL connection. The billing data is encrypted and sent to the merchant’s processor. The merchant processor will ultimately be the company that processes the transaction. 

3. Payment processor route the transactional information to the issuing credit card association: The credit card company ((Visa, Mastercard, American Express, etc) charges a small fee for their role in the transaction, known as the interchange fee. The payment processing company pays the interchange and then passes those costs to the merchant. 

4. The transaction is either approved or declined: Transactions will be approved if the card is valid, the customer is an authorized user, sufficient funds are available, and there are no holds or freezes on the account. Once the issuing bank approves or denies the request, the information starts to flow back in the opposite direction, starting with the payment processor. If the transaction is denied, a response code will be used to define the reason why.

5. The payment processor forwards the response back to the payment gateway: Again, the payment gateway is the bridge between the processor and the interface used to process transactions. The gateway sends the information back to the portal (such as the website), which relays the response to the customer and the merchant. This entire procedure usually takes two or three seconds at most. The customer will typically get some type of confirmation number and receipt, while the merchant will begin to process the order. 

What Does a Payment Gateway Do?

Payment gateways play a crucial role in the transactional process. But beyond its basic functionality, a payment gateway typically comes with additional functions. Here’s a closer look at exactly what a payment gateway does:

Connects With Payment Processors

As the name implies, your payment gateway is a “gateway” between a company’s website and payment processor. The gateway acts as the customer-facing checkout option, which is then passed through to the processor handling the actual transaction processing on the backend.

Initiates the Authorization Process

Once the gateway receives payment details, it forwards all of the transaction data to the acquiring bank or payment processor. From there, the acquiring bank approves or denies the transaction before the authorization response is eventually sent back to the gateway. It’s the gateway’s job to forward the authorization response to the business.

Helps Provide Payment Compliance

PCI Compliance is short for PCI DSS (payment card industry data security standard). It’s a set of guidelines that a merchant must follow to ensure secure cardholder data. 

Online transactions are processed on the payment gateway’s servers, as opposed to the servers hosting your website. With that said, it’s still a good idea to maintain a secure network on your own website, even though the transaction is technically processed elsewhere. 

Comes With a Virtual Terminal

Virtual terminals are essentially browser-based POS systems, and you can get one from payment gateway providers.

With a virtual terminal, you can process a customer’s credit card information using an online web form, directly through an Internet browser. You can also set up a virtual terminal to process payments from smartphones, tablets, and other mobile devices. 

Stores Information

The downside of processing payments on a virtual terminal is that the customer is required to enter all of their information manually. This is a tedious process.

The best payment gateways will store customer information on a database, assuming the customer gives them permission. When a customer comes back to your website, they can simply select a card or payment method that they’ve used in the past. 

Payment gateways will encrypt the customer’s billing information and securely store it separately from your ecommerce website. This is definitely something you need to keep a close eye on when you’re evaluating a payment service provider. 

Automates Billing Processing

As I just explained, consumer billing information can be stored on the payment gateway. This allows you to set up recurring billing for subscription-based services. 

Whether you’re billing on a monthly, quarterly, or annual basis, the best payment gateways will allow you to set up these parameters when customers are signing up for your service. 

Encrypts Payment Information

All sensitive customer information, credit or debit card data, and transactional information are encrypted by the payment gateway before getting passed along to the processing bank.

In addition to helping you accept payments, the best payment gateways will also provide tokenization in addition to encryption. Having a secure payment gateway is an absolute must for accepting online payments. 

Supports Third-Party Integrations

You should look for a payment gateway that seamlessly integrates with the platforms that you’re already using. As an ecommerce store owner, you shouldn’t force the customer to leave your website to process a transaction. Look for a payment gateway that can be embedded directly into your ecommerce platform. 

Furthermore, the majority of major payment gateways integrate with accounting software like QuickBooks. This feature can save you hours of manually entering transactions into your bookkeeping system. 

Helps Prevent and Detect Fraud

The best payment gateways come with built-in fraud prevention features. They can use things like an AVS (address verification service) or CVV checks to ensure the person attempting to make the purchase is an authorized cardholder. 

These types of fraud measures can help stop fraud automatically before a transaction get processed. If you’re looking for the absolute best payment gateway, make sure they can help you stop fraud.

What’s the Difference Between a Payment Gateway and Payment Processor?

The terms payment gateway and payment processor are often confused with each other. While both are part of the transactional process, the two are very different. 

A payment processor executes transactions between the merchant, issuing bank, and acquiring bank. Lots of payment processors will also provide hardware, like credit card machines for brick and mortar stores. The payment processing fees also come from your processor. 

Payment gateways transmit payment data to the payment processor. It acts as a bridge between the customer payment portal (typically an ecommerce website) and the processor. 

The payment processor is the company that ultimately processes the transaction. The payment gateway can best be described as an online POS system. 

Every ecommerce website needs both a payment gateway and payment processor. If your brick and mortar business doesn’t process payments online, you may not need a payment gateway, but you will need a payment processor. 

What’s the Difference Between a Payment Gateway and Merchant Account?

Businesses accepting online payments need a payment gateway and a merchant account to operate.  But payment gateways and merchant accounts each serve unique functions. 

A payment gateway facilitates online transactions and allows businesses to process payments. Once processed, the payments land in a merchant account before they’re deposited into the company’s checking account.

Merchant accounts are just holding accounts where transactional funds are held. Once the funds have been verified, they can pass through to a merchant’s business bank account (minus the transaction fees).

Payment gateways are the connection between the cardholder’s bank and a business merchant account. They allow funds to flow from one to another once the transaction clears.

Without a payment gateway, you wouldn’t be able to accept online card payments. And without a merchant account, there wouldn’t be anywhere for your money to go after it’s processed through the gateway.

Key Takeaway: You Need a Payment Gateway to Accept Online Payments

You need your own payment gateway to process credit card payments online, as it’s not always something you can get directly from your processor. 

It’s essential to understand exactly what a payment gateway does and how it works. This information will help you choose the right payment gateway provider for your business. 

For additional assistance with ecommerce credit card processing, contact us here at Merchant Cost Consulting. We’re happy to provide you with a free audit and analysis to see if your credit card processing fees can be lowered.