We are all familiar with using card terminals in physical locations, such as a retail shop, so the easiest way to think about a payment gateway is as a 'virtual' card machine for your website. These are sometimes referred to as a PSP (Payment Service Processer) or an e-commerce gateway.
Regardless of the size of your business or the amount of transactions you process, to accept electronic payments online, will need a payment gateway to facilitate the process. The payment gateway, is the area of your website, which enables your customers to securely input their credit or debit card to complete a purchase. With the constant battle against fraud, payment gateways help minimise your risk and protect your business by authorising and encrypting transactions, verifying addresses or other personal information.
A payment gateway, will often come complete with a Virtual Terminal for processing mail order or telephone orders (MOTO) as part of package.
How does a Payment Gateway work?
Let's pretend that your customer has the latest football shirt in their online basket/shopping cart, on your website. Your shopping cart connects to your payment gateway to essentially, perform the same functions the point-of-sale machine performs in a physical store.
When selecting a payment gateway provider, you should take into consideration, that it is compatible with the shopping cart that is integrated into your website. You will also need to ensure that a 'relationship' exists between your merchant account provider/acquiring partner.
When the customer tries to pays for the football shirt, the payment details are sent to the payment processor via the gateway. This data being transmitted is always encrypted to ensure PCI DSS compliance and to keep things secure. The payment processor notifies the card-issuer and the transaction is approved or declined. The payment processor then communicates the result back to the payment gateway, who in turn informs the cardholder/customer as to whether the transaction is approved or declined. If approved, funds are deducted from the customer’s account and settled into the merchant’s bank account.
How much does a payment gateway cost?
Some service providers like Stripe and Paypal combine a payment gateway and a merchant account. These services are called aggregators, and whilst very popular and convenient, they are amongst the most expensive options on the market.
Whilst a merchant account provider/acquirer who will charge the merchant for 'acquiring' and 'settling' the funds, the cost of a payment gateway is normally additional and is usually charged as a monthly fee, and then per transaction; for example £25 pcm and 12p per transaction (irrespective of value). The payment gateway provider may well be provided by the acquirer or could be a third party solution provider, such as Gala Technology.
With so many payment gateways available, how do you know which one is right for your business? We would suggest that you think about the features and functions, that will enable you to optimise and process secure and seamless payments on your website and to support reporting and reconciliation post sale.
We have therefore listed some features that you may want to consider.
(1) Security and Fraud Protection
This should always be at the top of the list when selecting anything related to payments. It is paramount, that you keep your business and your customers safe and secure. You may wish to check that the proposed service provider is PCI DSS Level 1 registered by Visa and Mastercard as an approved service provider. In addition, make sure that you are aware of the security parameters that can help prevent fraud such as Address Verification Service (AVS) CV2/CVV checks, velocity checking, PSD2 and up-to-date 3DS services and even additional pre-integrated fraud prevention tools and algorithm.
(2) Acquirer Independence
Be mindful, that your current merchant account provider, may not be your provider forever. You may wish to 'compare the market' in order to obtain better rates, settlement times or service. If your payment gateway is attached to your acquirer, it may be more complicated to change and you may need to engage with your web development team to make changes at additional expense. Therefore choosing a provider, like Gala Technology, who have a large network of relationships with acquirers, may give you more flexibility in the future.
(3) Tokenisation
Payment card security should be your primary concern. Some payment gateway providers can help you protect vulnerable data from the moment it enters your system and as it’s transmitted to the card network, by using tokenisation, with means that the data is encrypted. For example, the personal account number (PAN) is replaced with a randomly generated alphanumeric ID, or token, that is meaningless to everyone except the payment processor. This reduces your PCI DSS scope and liability, as you are not storing card data, which can be hacked or stolen.
(4) DDos Mitigation
A DDoS (Distributed Denial of Service) attack is an attempt to make an online service unavailable by flooding the bandwidth of a web server with huge amounts of traffic. DDoS attacks are becoming more prevalent in the news, with many high profile websites disrupted by these attacks. Does your proposed provider, protect you from DDos? Gala Technology has partnered with a leading cloud-based DDoS mitigation solution provider that provides with an enterprise level global solution, offering 365, 24/7 protection against the largest DDoS attacks.
(5) Recurring and Subscription Payments
Recurring payments provide many benefits for both the merchant and the customer. By creating a payment schedule that works for both parties, payments automatically come in on time, every time. This increases cash flow and improves customer retention, while offering convenience and flexibility for your customers.
(6) Shopping cart integration
As we mentioned above, you must ensure that your payment gateway can connect to your shopping cart.
Some providers like Shopify are reducing the amount of gateway partners they will support, due to commercial relationships with the likes of Stripe. Therefore choosing a provider, like Gala Technology, who have a large network of relationships with shopping cart partners, may give you more flexibility in the future.
(7) Software/API Capabilities
Choosing a payment gateway partner who has API capabilities might be something you wish to consider? API's allow two applications to talk to each other, in order to save you time, providing greater accuracy, and supporting reconciliation/reporting. You will also need to decide whether you would like to have a direct or hosted integration. Direct, means that the cardholder remains within your environment when entering the card information, which means that you need to ensure that everything is protected. A Hosted payment page (HPP) is where the payment process is handled independently of the merchant’s system/enviroment and keeps payment credentials secure from outside threats. By allowing a third-party to process and manage these transactions, merchants are keeping their business’ systems safe and their customer’s personal credentials protected to support PCI DSS requirements.
(8) Virtual Terminal
A payment gateway, will often come complete with a Virtual Terminal for processing mail order or telephone orders (MOTO) as part of package. Merchants should be aware of the potential threat of fraud related chargebacks, additional processing costs and the extra PCI DSS requirements when processing MOTO payments.
You can read more about Virtual Terminals by clicking here.
(9) Alternative Payment Methods (APM's)
While credit and debit cards remain incredibly popular, the ways in which people pay are changing rapidly around the world and you should consider where your customers may be engaging with you from and how they expect to pay. Gala Technology's Open Payment Network offers over 150 Alternative Payment Methods (APMs), such as digital wallets, Paypal, Sofort and Alipay via API integration.
Articles | Support | PCI-DSS | Chargebacks | Advice | Articles | Switch To SOTpay | Jobs
