What Are Payment Gateways?
Payment Gateways - An Introduction
Almost everyone builds a website today believing that some day in the foreseeable future the website being built will be a source of revenue to the builder. This means that most websites will have some sort of E-Commerce underlay, i.e. a Shopping cart which sells either products or services, which is linked to one or multiple Payment Gateways.
It is a Payment Gateway that facilitates Credit Card or Debit Card based financial transactions between the website selling products or services, normally referred to as the Merchant and the buyer of such products or services normally referred to as the client or customer.
What is a Payment Gateway?
A payment gateway is a third party, E-commerce application service provider that authorizes payments for E-businesses (i.e. online merchants) connected with the use of international credit or debit cards. Some pretty well known third party, E-Commerce application service providers are Paypal and Google Pay.
When any payment gateway service is bound to an online shopping cart it acts as the equivalent of the physical point of sale terminal located in a retail outlet. i.e. Once you’ve loaded your shopping cart with products at any retail outlet you have to make payment for these at the point of sale terminal located within the retail outlet somewhere.
Hence, all E-Commerce websites must have a Shopping cart application which is in effect the equivalent of the shopping cart in retail outlets, which you must load with products or service that you wish to purchase. The shopping cart in turn must be bound to a Payment Gateway which is the equivalent of the Point of sale terminal at the E-Commerce website.
Payment gateways protect credit or debit card details by encrypting sensitive information, such as credit card numbers, CVV numbers, card owner’s personal information and ensure that information is passed completely securely between the customer, merchant and the credit or debit card payment processor.
Payment gateways take on the responsibility of:
- Checking the validity of the credit or debit card with its original issuers
- i.e. VISA, Master Card, American Express (AmEx) and so on or a Bank in case of a debit card
- If the credit or debit card is invalid the purchase transaction is immediately declined with an appropriate message to the Merchant
If the credit or debit card is valid, the payment gateway ensures that the card carries enough clear balance to be able to pay for the products / services purchased at the Merchant’s website. If there is no clear balance on the credit or debit card the purchase transaction is immediately declined with an appropriate message to the Merchant.
Hence there is a considerable amount of communication that occurs between the Payment gateway and the credit card issuer or a Bank in case of a debit card, communication that takes place using very secure channels.
These secure channels for communications are very expensive to setup and run, hence they are setup by payment gateways who in turn retail these expensive, secure networks across a multitude of E-Commerce websites. Indeed without payment gateways collecting payments via the Internet would be impossible.
Building E-Commerce websites today is a snap using content management systems like, Joomla, WordPress, Drupal, Magneto and others. All have excellent shopping carts which can be bound to multiple payment gateways by individuals with almost zero technical skills.
Step by step, here is a quick overview of what a Payment Gateway does for both a Merchant and Customer in an E-Commerce website.
When a customer attempts to purchase a product or service from a payment gateway enabled merchant, the payment gateway performs a variety of tasks to process this transaction.
A customer places order on website by pressing the 'Submit Order' or equivalent button, and then enters their card details using via a page delivered using a secure linkup. This page is not part of the website itself (although it may look like it is) but delivered using secure Internet resources owned by the Payment Gateway.
Since the purchase is being attempted via a website, the customer's Browser is automatically forced to encrypt the information being sent between the Browser and the merchant's Payment Gateway by the payment gateway Server which controls all communications between the customer's Browser and itself. This is done using Secure Socket Layer (SSL) encryption.
All the pertinent information entered in the customer’s Browser is then forwarded
by the Payment gateway to the card associated with the payment being made in
case of a credit card (i.e. VISA, Master Card, AmEx)
or a Bank in case of a Debit card.
The card company associated with the credit card being used then routes the transaction to the correct card issuing bank. eg. A VISA card issued by CitiBank - CitiBank will be informed of the transaction.
Once the credit card issuing bank receives such a payment authorization request it sends a response back to the Payment Gateway (via the same process as the request for authorization) with a response code. In addition to determining the fate of the payment, (i.e. approved or declined) the response code is used to define the reason why the transaction failed (such as insufficient funds, or bank link not available and so on).
Once the Payment Gateway receives this response, it forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted appropriately and the relevant response is relayed back to the cardholder and the merchant.
This entire process which consists of multiple entities working together in perfect harmony, i.e. the website, Payment Gateway, The Card issuer and the Bank from which the card was issued, typically takes 15 to 20 seconds.