Author: Jim Conners (Google+)
Rating: 10.0
Pages: 1|2|3|4|5|6|7|8|9|10|11|12|13|14
A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical POS (Point-of-sale) terminal located in most retail outlets. Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant.
So what exactly does this mean? Here is an explanation in human terms:
A payment gateway basically is a credit card terminal for your website. It serves the same purpose but is not tangible like a credit card terminal. Its job is to take the transactions from your website and send it to the processing bank to seek an approval, or decline, and return it to your website so you can complete the transaction (or ask for another form of payment). But, instead of having a human being entering the transaction into a credit card terminal and then reacting to the response (approved or declined), your website is sending over the information on your behalf and reacting to the results based on your website's programming.
Now that we have a simple explanation of what a payment gateway is, let us look at what they're not. There are a lot of misconceptions about what payment gateways are and can do. Here are a couple of things payment gateways in general do not do:
Order management, keeping track of your user's items being purchased, is the responsibility of your shopping cart. The shopping cart adds up the total amount of the purchase and that is the information it passes on to the payment gateway along with the customer's personal information.
Although the payment gateway will make sure you do not send it bad information so it is unable to process the transaction (e.g. make sure the credit card is numeric and the right amount of digits, you provide an expiration date, etc.), they will not make sure that the information you have provided is valid. For example, if a customer types in 12345 as their zip code, the payment gateway will not catch that it is a fake zip code. Same as if a customer used 1234123412341234 as their credit card number. Basic data validation is up to your website's programming to catch and react to.
Here are a couple things that a payment gateway is not:
As mentioned above, a payment gateway connects to a merchant's website or POS system to the merchant's merchant account so it can process credit card transactions. Thus, a payment gateway in and of itself is not a merchant account. It can't process transactions without a merchant account being linked to it. A payment gateway without a merchant account is even less useful then a credit card terminal without a merchant account.
Payment gateways are commonly confused with third party processors as on the surface the two seem to be very similar. While it is true that third party processors do include a form of payment gateway in their services they are very different things. The service third party processors offer is a sharing of their merchant account. To effectively do this they must have you process everything through their system and as a result offer payment gateway-like functionality to facilitate the process. But these are not true payment gateways as they only work with that third party processor and is limited entirely to the services they offer.
Please read our blog post What exactly is a Third Party Processor? to learn more about what they are.
After reading that, you may think that payment gateways are not all that special. Well, you would be half right. They are far less complicated then most believe them to be. They are specialized applications and they do their job well. But many payment gateway providers do offer additional services to add value to their products. Some additional tools commonly offered include:
With Internet sales making up the overwhelming majority of credit card fraud, screening sales for fraud is a high priority for every online merchant. Most gateway providers provide tools to utilize basic fraud tools such as AVS and CVV by reporting the results of these systems or even allowing transactions to be declined automatically that fail either test.
Each transaction that is processed through a payment gateway is captured and stored in a merchant's account for later reference. This makes keeping track of online payments automatic (and hopefully redundant).
A common feature of subscription based websites is the ability to charge customers on a regular scheduled basis. Some POS software includes recurring payment functionality and many payment gateways offer this feature as well. By doing so they take the burden of PCI Compliance off of the merchant. The merchant does not need to worry about storing credit card information and the security that is required to do so.
All-in-all a payment gateway's purpose is small in scope but they are still powerful and essential tools for online processing. If they still seem daunting to you, just remember they are just virtual credit card terminals and act almost in the very same way. They connect your website to your merchant account so you can get paid from credit card sales. Simple yet powerful. 4
If you would like to learn more about specific gateways be sure to read our article Six Payment Gateways Reviewed which compares some of the more popular payment gateways in use today.
For a technical look at gateways be sure to read Integrate the Authorize.Net Payment Gateway with PHP and Integrate the Authorize.Net Recurring Billing API with PHP which provide PHP code for working with the Authorize.Net gateway.
Accepting Payment | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Compliance Issues