In order to take credit or debit card payments from your customers online, you need a payment gateway.
A payment gateway is the technology that, after your customer has initiated a card transaction, securely captures their payment details and transmits them to the relevant parties for authorization. Essentially, it is the online bridge between your bank and your customer’s bank.
But, of course, it’s not as simple as that, and to make sure you can create an optimized payments experience for you and your customers, it helps to understand how payment gateways work, how they interact with, and and differ from, other components in the payment chain, and how to integrate with a payment gateway.
This article explains everything you need to know about payment gateways and how they work, as well as the main benefits, and the different types available to merchants.
A payment gateway allows businesses to accept payments from customers online. It allows the customer to initiate a transaction and informs them whether it is successful or not. It essentially serves the same function in the digital economy as that of a POS device in the physical economy.
Payment gateways are the rails that pass the information from the merchant to the issuer and back to the merchant. The information that they pass is a request to the card issuer, who can then approve or decline the transaction depending on the customer’s bank account. The payment gateway then passes this approval or decline back to the merchant.
Payment gateways are typically used for card payments, but they can also facilitate alternative payment methods.
Given the sensitivity of the information being transmitted, payment gateways must secure customer and financial data. They use a variety of technologies to do this. These include network tokenization and encryption in accordance to standards like PCI compliance.
What is network tokenization?
Network tokens are unique digital identifiers used to supply a tokenized value instead of the primary account number (PAN) in all parts of the payment chain. These tokens replace sensitive card data, like the account number and expiration date on the front of a card used for payment, without exposing the actual account details.
How does tokenization work?
A customer enters their account number, security code and other payment information (e.g. at checkout or when setting up a digital wallet)
The merchant’s payment service provider requests a network token from the card scheme
The card scheme shares the network token with the card issuer
The card scheme shares the network token with the merchant’s payment service provider
Both payment gateways and payment processors have a role to play in facilitating online payments.
However, while a payment gateway’s primary function is to capture, encrypt, and transmit payment details for authorization, a payment processor provides an end-to-end online transaction service. That means that it’s responsible for communicating between the customer, merchant, acquirer, and issuer, and ensuring the safe transfer of funds.
Payment processors also usually provide additional tools like fraud detection and prevention, data and analytics, and refund and chargeback management.
Finally, while a payment processor can be used as an independent service, a payment gateway must be integrated with a payment processor.
While all payment gateways perform the same essential function, you can find one that has tools and features that are aligned with your goals or business model.
Here are the main types of payment gateway:
With a hosted payment gateway, when your customer clicks ‘buy now’, they are redirected away from your checkout to a payment service provider (PSP) page to enter their details. They are then redirected back to your website to complete the purchase.
For merchants, the main advantages of a hosted gateway are that the PSP takes control of processing the payment, preventing fraud, and maintaining PCI compliance. Hosted gateways are easy to set up and reduce your administrative burden. However, because the customer is redirected to a third party, you lose some control over the buyer journey.
If you use a self-hosted payment gateway, the customer enters their details directly on your website. Those details are then encrypted and transmitted to the PSP to authorize the payment.
Self-hosted gateways give you much greater control of the checkout experience and, because there’s no redirect, the buyer journey is quick and seamless, which reduces the chance that they’ll abandon the purchase. That said, as you are storing customer information on your servers, you are responsible for PCI-compliance. Self-hosted gateways may also require more in-house technical expertise and greater up-front costs to implement.
API-hosted payment gateways give you maximum control over the payment process and checkout experience, both of which are handled on your website. With an API, you can customize every element of your payments setup, including which methods you accept and security features, and optimize the payments interface for different platforms like mobile.
Because of this, API-hosted payment gateways are perfect for merchants that want to design every aspect of their ecommerce site, as well as merchants that are scaling rapidly or targeting international growth.
As with self-hosted gateways, however, you will be fully-responsible for implementation, security, and compliance.
Local bank integration gateways allow you to route transaction data to the most suitable local bank, which then processes the payment on your behalf. The main advantage of this is that it allows you customers to make payments using their preferred local payment method.
This makes it a great option for ecommerce stores with an international customer base, and can help to boost conversions and loyalty. The only downside is that it can take a high level of technical knowledge to integrate with local bank APIs.
The checkout is an important part of your customer’s experience on your site. Keeping every part of this experience as seamless as possible will prevent cart abandonment and the loss of a sale.
That’s why payment gateways need to evolve as technology, and consumer expectations change. It is vital that they adapt as the way customers expect to pay evolves.
When choosing a payment gateway, you need to consider integration methods and global functionally for your checkout page. How will your customers experience it? Does the page offer local payment methods?
Sending a customer to a checkout page that they are not familiar with or that is not on brand with your business can be a jarring experience for them as they could think the page is fraudulent. Similarly, directing your customers to a page to put in their details with no local payment methods gives your shoppers more opportunity to abandon their purchase—as well as making them suspicious.
The main benefits of payment gateways for online merchants are:
Supports growth - as well as driving efficiency, which, in turn, aids growth, payment gateways often support multiple currencies and local payment methods, making it easy for online merchants to expand into new global territories
Although payment gateways perform the same function, not all are created equal. Here are eight considerations to bear in mind if your business is choosing or changing a payment gateway.
Some gateways are strong in ecommerce, others in traditional face-to-face sales, and others in both. Equally, some gateways have developed features for specific industries, geographies or business models. Ensure that a prospective gateway is a good fit for the way your business trades.
If your business already has relationships with other suppliers, evaluate the costs or changes to equipment, online payment pages etc. required to integrate with a prospective gateway.
Quiz a prospective gateway on settlement times, plus whether funds are settled gross or net of fees and charges, as this will directly impact your cash flow.
Different countries have their own preferred ways of paying and being paid. Ensure a prospective gateway can cater to these, depending on your target customers as well as where and how you trade.
Gateways will have a range of fees and charges for things like set-up, authorization and data security. Understand the fully loaded costs and contract terms to make effective comparisons between gateways.
Check the security policies, procedures and certifications of a prospective gateway. They must have the necessary accreditations to store, process and transmit sensitive customer and financial data. Any organization that is involved in processing, transmitting or storing card data must be PCI compliant —ensure anyone you are working with is certified.
Consider what other services are available from a prospective gateway to drive smarter decisions and growth. This includes data analytics, fraud and risk management.
Ensure that you are comfortable with the level of support you would receive from a prospective gateway. For example, dedicated technical and customer support in your time zone and language.
Read more: Payment gateway vs. payment processor
How you integrate a payment gateway into your website will depend on which type you choose. Hosted, self-hosted, and API-gateways all have different requirements.
Yes, Checkout.com is a payment gateway, an acquirer and processor. Checkout.com offers these in an end-to-end solution. Transactions can be processed faster with less downtime and more accuracy, helping merchants increase acceptance rates and drive overall growth.
As a full-stack solution, Checkout.com takes care of the entire payment lifecycle. That means that, rather than cardholder details being transmitted between multiple third parties, the data all comes from one source, which also improves security and provides a more frictionless customer journey.
To find out more about the payment lifecycle, discover what Checkout.com can offer merchants.