Payment gateway

Overview

A Payment gateway is a technology used by merchants to accept debit or credit card purchases from customers. The term includes not only the physical card-reading devices found in brick-and-mortar retail stores but also the payment processing portals found in online stores. A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone, or interactive voice response service) and the front end processor or acquiring bank.

Functionality

When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction.

A customer places an order on a website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service. If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's webserver. In other cases, the merchant may encrypt the data. This is done via Secure Socket Layer (SSL) encryption.
The merchant then forwards the transaction details to their payment gateway. This is another (server-to-server) SSL encrypted connection to the payment server hosted by the payment gateway.
The payment gateway forwards the transaction information to the merchant's acquiring bank, or the bank's processor.
The response is forwarded by the payment gateway to the merchant's server. SSL encryption is used to ensure that the information is secure. The merchant's server decrypts the response and sends it to the customer's browser. If the transaction is approved, the merchant fulfils the order.
The merchant submits all their approved authorizations, in a "batch" (end of the day), to their acquiring bank for settlement via its processor.
The acquiring bank deposits the total of the approved funds into the merchant's nominated account. This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.

The gateway is just one part of the total E-commerce transaction "loop".

Types of Payment Gateways

There are two main types of payment gateways: modern (or hosted) payment gateways and classic (or pro/self-hosted) payment gateways.

Modern (Hosted) Payment Gateways

Modern payment gateways allow customers to enter their credit card details directly on the merchant's checkout page. The advantage of this method is that the customer never has to leave the merchant's website to complete the purchase. This results in a more seamless user experience and can help reduce shopping cart abandonment rates. Examples of modern payment gateways include Stripe and Braintree.

Classic (Pro/Self-Hosted) Payment Gateways

Classic payment gateways require the customer to leave the merchant's website and complete their payment on the payment gateway's platform. Once the payment is complete, the customer is redirected back to the merchant's website. While this method can be a bit more disruptive to the user experience, it has the advantage of taking the burden of security compliance off of the merchant's shoulders, as all sensitive data is handled by the payment gateway. Examples of classic payment gateways include PayPal and WorldPay.

Security

Payment gateways are subject to stringent security standards to ensure that sensitive customer data is protected. These standards are set by the Payment Card Industry Security Standards Council (PCI SSC) and include the Payment Card Industry Data Security Standard (PCI DSS). Compliance with these standards is mandatory for all entities that store, process, or transmit cardholder data.

Advantages and Disadvantages

Payment gateways offer several advantages, such as the ability to process transactions in real time, integration with various shopping cart systems, and robust security measures. However, they also have some disadvantages, such as transaction fees, the potential for technical glitches, and the need for businesses to comply with PCI DSS.