What is a Payment Gateway?
A common question in communities around the Web is, “what exactly is a payment gateway”? According to Wikipedia:
A payment gateway is an e-commerce application service provider service that authorizes payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical POS (Point-of-sale) terminal located in most retail outlets. Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant.
So what exactly does this mean? Here’s an explanation in human terms:
A payment gateway basically is a credit card terminal for your website. It serves the same purpose but is not tangible like a credit card terminal. It’s job is to take the transactions from your website and send it to the processing bank to seek an approval, or decline, and return it to your website so you can complete the transaction (or ask for another form of payment). But, instead of having a human being entering the transaction into a credit card terminal and then reacting to the response (approved or declined), your website is sending over the information on your behalf and reacting to the results based on your website’s programming.
Now that we have a simple explanation of what a payment gateway is, let’s look at what they are not. There are a lot of misconceptions about what payment gateways are and can do. Here’s a couple of things payment gateways in general do not do:
- Manage orders
Order management, keeping track of your user’s items being purchased, is the responsibility of your shopping cart. The shopping cart adds up the total amount of the purchase and that is the information it passes on to the payment gateway along with the customer’s personal information.
- Validate data
Although the payment gateway will make sure you don’t send it bad information so it is unable to process the transaction (e.g. make sure the credit card is numeric and the right amount of digits, you provide an expiration date, etc.), they won’t make sure that the information you have sent is valid. For example, if someone types in 12345 as their zip code, the payment gateway won’t catch that it is a fake zip code. Same as if someone used 1234123412341234 as their credit card number. Basic data validation is up to your website’s programming to catch and react to.
Here’s a couple things that a payment gateway is not:
- A merchant account
As mentioned above, a payment gateway connects to a merchant’s website or POS system to the merchant’s merchant account so it can process credit card transactions. Thus, a payment gateway in and of itself is not a merchant account. It cannot process transactions without a merchant account being linked to it. A payment gateway without a merchant account is even less useful then a credit card terminal without a merchant account. At least a credit card terminal can be used as a paper weight!
- A third party processor
Payment gateways are commonly confused with third party processors (see What exactly is a Third Party Processor?) as on the surface the two seem to be very similar. While it is true that third party processors do include a form of payment gateway in their services they are very different things. The service third party processors offer is a sharing of their merchant account. To effectively do this they must have you process everything through their system and as a result offer payment gateway-like functionality to facilitate the process. But these aren’t true payment gateways as they only work with that third party processor and is limited entirely to the services they offer.
After reading that, you may think that payment gateways aren’t all that special. Well, you’d be half right. They are far less complicated then most believe them to be. They are specialized applications and they do their job well. But many payment gateway providers do offer additional services to add value to their products. Some additional tools commonly offered include:
- Fraud screening
With Internet sales making up the overwhelming majority of credit card fraud, screening sales for fraud is a high priority for every online merchant. Most gateway providers provide tools to utilize basic fraud tools such as AVS and CVV by reporting the results of these systems or even allowing transactions to be declined automatically that fail either test.
- Payment history
Each transaction that is processed through a payment gateway is captured and stored in a merchant’s account for later reference. This makes keeping track of online payments automatic (and hopefully redundant).
- Recurring billing
A common feature of subscription based websites is the ability to charge customers on a regular scheduled basis. Some POS software includes recurring payment functionality and many payment gateways offer this feature as well. By doing so they take the burden of PCI Compliance off of the merchant. The merchant does not need to worry about storing credit card information and the security that is required to do so.
All-in-all a payment gateway’s purpose is small in scope but they are still powerful and essential tools for online processing. If they still seem daunting to you, just remember they are just virtual credit card terminals and act almost in the very same way. They connect your website to your merchant account so you can get paid from credit card sales. Simple yet powerful.
Technorati Tags: payment gateway, recurring billing, merchant account, fraud screening, avs, cvv, POS systems, PCI compliance