A payment gateway is an eCommerce application service provider service that authorizes payments for e-businesses, online retailers. It is the equivalent of a physical point of sale terminal located in most retail outlets. Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor.
A payment gateways support the full range of processing services: authorization only, authorization and capture, refunds and voids. Every major gateway offers a virtual terminal option which enables merchants to enter in a browser the payment information as they are completing a transaction over the phone or have received a payment over the mail. Moreover, the virtual terminal allows to create and save customer profiles within the gateway, which can be accessed later for a speedier payment processing. Additionally, virtual terminal can be set up to install payment plans, as well as process deferred payments.
A payment gateway facilitates the transfer of information between a payment portal (such as a website, mobile phone or IVR service) and the Front End Processor or acquiring bank. When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction. Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geo-location, velocity pattern analysis, OFAC list lookups, ‘black-list’ lookups, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.
Payment gateways and shopping carts enter the transaction cycle at different stages. Shopping carts enable customers to select items for purchase and calculate the total cost of the order, including shipping and handling charges and taxes, if applicable. Once that is done and the customer places the order, the customer is taken to the check-out where he or she is asked to provide the payment information, which is then collected and managed by the gateway.
A detailed description of the eCommerce transaction process:
• The cardholder fills out a payment information form to pay for a purchase at an eCommerce website’s check-out
• The gateway collects the payment information and sends it, securely encrypted, to the processing bank for authorization
• The processing bank sends the request, through Visa’s or MasterCard’s payment networks, on to the card issuer. Be advised that Discover and American Express act as both card issuers and processors, so the authorization process is much simpler
• The card issuer approves or declines the transaction and sends its response, through Visa or MasterCard, to the processing bank
• The processing bank forwards the response, through the gateway, to the merchant who completes the transaction accordingly
• In the case of an approved transaction, the merchant deposits the receipt with its processing bank, requesting payment
• The processor then credits the merchant’s account and submits the transaction to Visa or MasterCard for a settlement
• Visa or MasterCard then pays the processing bank, while simultaneously debiting the card issuer’s account.
• The card issuer then posts the transaction to the cardholder’s account and requests payment with a monthly statement
Security
Since the customer is usually required to enter personal details, the entire communication of ‘Submit Order’ page (i.e. customer – payment gateway) is often carried out through HTTPS protocol. To validate the request of the payment age result, signed request is often used – which is the result of the hash function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway.
To validate the request of the payment page result, sometimes IP of the requesting server has to be verified.
There is a growing support by acquirers, issuers and subsequently by payment gateways for Virtual Payer Authentication (VPA), implemented as 3-D Secure protocol – branded as Verified by VISA, MasterCard SecureCode and J/Secure by JCB, which adds additional layer of security for online payments. 3-D Secure promises to alleviate some of the problems facing online merchants, like the inherent distance between the seller and the buyer, and the inability of the first to easily confirm the identity of the second.
Types of Payment Gateways
• API (Application Programming Interface) Gateway
In this type of gateways customer never sees the payment gateway Web site – the shopping cart talks to it seamlessly in the background. This is generally the best option as it’s a transparent experience for the shopper, rather than being transferred to another site at the crucial moment of taking the money. For the APIs, shopping cart vendor have to do hard work to support it, so there’s very little work for the shop owner, to do. The only work for the shop owner is to secure a certificate installed on server.
• Third Party Payment Gateway
The customer starts the checkout process on the site, but completes payment on the payment gateway site. While this can be simpler to setup in some cases, the experience is unsettling for the customer, and may result in losing a few sales. Some third-party payment gateways allows to customize the page design.
• Integrated Payment Gateways
In this scenario, a merchant account from the bank is not required – the payment gateway does everything. For start-up businesses, this can be an easy start. Generally the fees are higher for an integrated service, but the trade-off is simplicity for the shop owner. The best known integrated gateways are PayPal and 2Checkout.
Ranosys Technologies has created a number of eCommerce systems with the integration of Payment Gateways. They holds the essence of any eCommerce site. It, in a way, represents a physical POS (Point-of-sale) terminal located in most retail outlets. Payment gateways encrypt sensitive information, such as credit card numbers to ensure that information passes securely between the customer and the merchant. The Payment Gateway is needed to be acquired by the owner of the site and the integration of the same in to the website is performed by the development team of the project at Ranosys Technologies.
