What is a payment gateway

Sebastien | 01st March 2013 | Posted in Knowledge base, Payment gateway

A payment gateway refers to the online system that is used to process credit card and other payment transactions in real time. It is a web-based service that integrates into an e-commerce website’s shopping cart and collects payment information provided by a customer at the check-out. Essentially, the payment gateway is the service required by merchants who wish to accept online credit card payments. It also facilitates payments through a virtual terminal.

How payment gateways work

Online shopping has definitely been made possible by, among others, the payment gateway. A payment gateway is a server that is dedicated to linking websites and banks so that online credit card transactions can be completed in real-time. In a simple and straightforward manner, the payment gateway works in this way; it receives the payment data from the frontend system, encrypts it, sends it to the bank for processing, receives the banks authorization and then communicates the authorization information back to the front-end.

There are two types of payment gateways. The integrated payment gateways (API) are standalone systems designed to be integrated with third party systems. Payment gateways can also come bundled with their own shopping carts and virtual terminals which is aptly named the hosted payment gateway. To find a compatible payment gateway, merchants should first speak with their merchant account provider to get recommendations.

To differentiate between the payment gateways and shopping carts, it is important to note that they come into the transaction cycle at different stages. The shopping carts enable customers to select items for purchase and calculate the total cost of the order, including shipping and handling charges and taxes where possible. Once the customer places the order, the customer is taken to the check-out where he or she is asked to provide the payment information, which is then collected and managed by the payment gateway. The payment gateway systems are owned and hosted by the technology providers eliminating the need to install additional software by merchants on their servers.

The payment gateway is set into motion once a customer checks out from a shopping cart. The transaction that is received is sent to the payment processor associated with the merchant’s acquiring bank. What follows is that the payment processor forwards the information it receives to the card association e.g MasterCard which gets the transaction information to the card issuing bank. At this point, the information is referred to as the authorization request since credit, debit and fraud checks are done before a response is relayed to the payment processor. The response is either the transaction is approved or denied depending on specific reasons such as insufficient funds. With approval of the transaction, the payment processor communicates with the payment gateway to relay the response to the website and onward to the cardholder and the merchant. The whole process as described above is referred to as Authorization, often abbreviated “Auth”.

The order now awaits fulfilment from the merchant and a similar process as described above takes palce through the payment gateway to clear the authorization. The process is initiated by the merchant. After a period of time, most often a day, the merchant submits a batch of approved authorizations via the payment processor to the acquiring bank so that settlements are made. The settlement requests are submitted to the credit card issuer(s) so that payment is made to the acquiring bank. The final step occurs when a deposit of all approved funds is made to the merchant’s account of choice by the acquiring bank.

The Security of a payment gateway

In the noble quest to fight online fraud, online retailers are feeling the pressure from oversight and regulatory authorities, the credit card companies and banks to implement important security technologies and strategies. They include:

SSL certificate for integrated payment gateway

For a website to process payments, it must fulfill SSL requirements. Remember that payment gateways are independent of SSL certificates and do nothing themselves to make a website secure. This is particulary required for the API Integration in which a website is connected securely to the payment gateway. This seamless integration demands that the website must have the ability to provide a secure connection between the user, in addition to a secure connection between the website and the payment gateway.

PCI DSS compliance

PCI DSS refers to the Payment Card Industry Data Security Standard, a set of security standards that help reduce the risk of the customer cards data getting into the wrong hands. PCI compliance comes with levels 1-4. It is mandatory for all businesses accepting card payments since it helps in making shopping on the internet safer by reducing online fraud, preventing theft and the unauthorised use of credit and debit cards, protecting both consumers and businesses from fraudulent activity and ensuring merchants are securely storing, processing.

3D secure

3D Secure is an online service designed to make online shopping transactions safer by providing an extra layer of protection through the authentication of the cardholder’s identity at the time of purchase. 3D Secure is one method for online merchants to combat fraud and should come integrated to the payment gateway. The benefits are that it creates a level of consumer trust and confidence in online shopping and works to reduce disputes and fraudulent activity.


Tokenization is yet another security measure and is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. It has helped tighten security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.

Additional services that may be provided by payment gateways

Virtual terminal

Virtual terminal is a web-based application mostly coming free with a payment gateway that eliminates the need for hardware, dedicated phone lines and costly maintenance. The benefits of the vitual terminal are no hardware and maintenance costs, easy and quick processing of payments and the easy modification of payment options as business grows. It is actually the best solution for merchants who manually enter credit card and electronic check transactions for mail order/telephone order sales.

Reporting tools

These are actually very important features that must come with payment gateways. The best reporting tools offer real time reporting of every credit card transaction enabling the tracking of sales.

Payment reconciliation

Another of the features offered with payment gateways. Payment reconcialiatio involves the matching of invoice date to income and discrepancies that occur. The needs for payment reconciliation differ from one business to another and the inclusion in apayment gateway saves on time and effort in reconciling errors and payments with customers and with banks. It offers improved revenue capture.

Recurring payments

This is a feature added to payment gateways to enhance customer loyalty. The recurring payment feature captures customer’s payment information, billing amount, and payment schedule. The rest is automatically done by generating subsequent transactions based on the schedule provided. Enhanced billing efficiency and reduced cost as opposed to amnual billing are two big advantages.

It would be important to consider the reputation of a specific payment gateway in the marketplace. Search for reviews and customer testimonials and evaluate if the service and it overall reputation places it in good standing. Technical support is another thing to look out for before settling for a decision as to which payment gateway is best for your business.
Published on 1 March 2013 by Sebastien for LimpidMarket