What is a payment gateway?

When accepting credit and debit cards at your brick-and-mortar store, a POS system is what allows you to capture payment data at the checkout counter. In the eCommerce world, though, merchants rely on payment gateways to securely accept payments online.

However, not all payment gateways are created equal. Before choosing a solution for your e-commerce store, it is important you understand:

• What Is a Payment Gateway?
• How a Payment Gateway Works
• Payment Gateway vs. Processor
• Types of Online Checkout Options
• Payment Gateway Limitations

Think of a payment gateway as the online equivalent of physical credit and debit card reader. Both capture payment data before encrypting this information and forwarding it to a payment processor for authorization.

The primary difference is that e-commerce merchants using payment gateways:

• Never have direct access to their customers’ credit cards
• Rarely (if ever) meet their customers face to face

This is the beauty of selling online. You can connect with users around the globe, generating sales around the clock.

However, selling to remote, anonymous shoppers carries a host of security risks. For example, criminals can easily intercept credit card details sent back and forth between your online store and your payment provider.

Payment gateways are one of the first lines of defense in fraud prevention. They help keep sensitive payment details out of the hands of criminals — but how?

How a payment gateway works

Step 1: Credit card information is swiped, dipped, or manually entered.

Step 2: Payment gateway encrypts cardholder data and sends to the payment processor.

Step 3: The payment processor notifies the card-issuing bank and the transaction is approved or rejected.

Step 4: The payment processor communicates the authorization or decline back to the payment gateway.

Step 5: The gateway notifies the transaction originator. If approved, funds are deducted from customer’s account and settled into the merchant’s bank account.

When one of your customers is ready to check out from your online store, the individual fills in his or her payment data before clicking the “Buy” button.

Your payment gateway is a literal “gateway” through which that customer’s credit card data must pass. Yet, before the customer’s payment details are forwarded to your processor, they are encrypted using any number of security protocols, including:

• Transport Layer Security (TLS)
• Secure Sockets Layer (SSL)

Your payment processor receives these encrypted details before sending them to the customer’s bank for approval. Once the transaction is verified, the secure payment processing network returns an approval to the payment gateway.

Congratulations! You just made a new sale. From the moment your customer clicked the “Buy” button, the entire process only took seconds.

The difference between a payment gateway and a payment processor

Payment processors (sometimes known as payment providers) handle many aspects of secure credit card processing — including data security, user authentication, and fund settlement. They may also supply the credit card machines and other equipment used to accept electronic payments. Payment processors also act as liaisons by transmitting the transaction data between your business and customers’ credit card providers (i.e., issuing banks).

Whether you sell primarily online or through a physical store, you’ll need a merchant account to accept credit cards. Think of these as specialized bank accounts that can receive electronic payments.

However, there is one more piece of the puzzle:

• If you’re a brick-and-mortar merchant, you need a credit card terminal or virtual terminal to swipe or dip your customers’ plastic at the checkout counter.
• If you’re an e-commerce merchant, you need a payment gateway linked to your store’s online checkout form or shopping cart.

The difference between a payment gateway and a payment processor is that a payment gateway is what captures and encrypts your customers’ credit card data in the e-commerce world.

Online checkout payment options

With a payment gateway, there are several ways to accept online payments.

1. Simple checkout (aka redirects)

When customers are ready to buy, they are temporarily redirected off-site to provide their payment details and confirm their purchase. Once the transaction goes through, those users are automatically brought back to your site.

For many e-commerce merchants, this is the easiest type of checkout experience to implement. Because no credit card data is ever captured on your server, you don’t have to worry as much about payment security.

The downside is that the Simple Checkout strategy interrupts the user experience, since you are redirecting customers off-site.

2. On-site checkout and payment

When customers are ready to buy, they fill in their payment details and confirm their purchase — all entirely on your site.

The downside is that because everything happens on your servers, you take on the payment security for all your customers’ sensitive information. This brings your website and servers into PCI scope, which is expensive and requires technical expertise to set up correctly.

3. On-site checkout, off-site payments

When customers are ready to buy, they are temporarily redirected off-site to complete the transaction. However, the site to which they are redirected looks exactly like your e-commerce store. Customers enter their information on a hosted payment page, which means that the checkout form is hosted on a third-party site. By removing this process from your systems and servers, you reduce your PCI scope and minimize your risk of a data breach.

Once the transaction goes through, users are automatically brought back to your site. Again, users don’t know this. As far as they’re concerned, they never left your e-commerce store.

When set up correctly, the On-Site Checkout, Off-Site Payments approach offers the best of all worlds. Your customers benefit from a seamless shopping experience. In fact, you can customize your hosted payment page with your online store’s branding, logo and color palette.

Limitations of gateway merchant services

Payment gateways are a prerequisite for online credit card acceptance, but that doesn’t mean they aren’t without limitations. Below are just some of the challenges e-commerce merchants face when using payment gateways for their online stores:

• Payment gateways don’t accept all types of credit card payments. Admittedly, the same is true of POS terminals. The difference is that payment gateways can more easily expand their functionality with simple software upgrades.
• Payment gateways sometimes have difficulty with international transactions. That’s because each country uses slightly different authentication protocols and currency restrictions.
• Payment gateways don’t always mesh nicely with your other software. This can be a major hurdle if you’re already heavily invested in accounting apps, shopping carts or customer relationship management (CRM) suites that aren’t compatible with your chosen payment gateway.

As with all digital tools, payment gateways are susceptible to malware and viruses. Although software patches can fix many of these problems, your payment environment could still be vulnerable if you store any credit card data locally.

Which online payment gateway solution is right for you?

If you sell online, you need a payment gateway of some kind to securely process credit and debit card sales. This is true whether you run a for-profit business selling widgets or a nonprofit charity collecting donations.

There are hundreds (if not thousands) of competing payment gateway options out there. Before committing to any solution, it is vital that you:

• Understand why payment gateways exist and how they keep you safe
• Decide what type of checkout experience you want to provide to your users
• Choose a payment gateway that meshes with your current operations and tools

Arguably most important, you need a payment solution that can grow with your business over time. You might sell exclusively online right now, but what happens if you start interfacing with customers at tradeshows or at your new brick-and-mortar retail store?

You need a payment gateway provider that can accommodate this type of growth, as well as offer a full spectrum of PCI-compliant secure payment processing and data protection tools, including:

• Credit Card Tokenization
• Point-to-Point Encryption (P2PE)
• Hosted Payment Pages
• Fraud Management Filters

Also, consider the following:

• Does the gateway support omnichannel payments — whether your users want to pay online, in-person, via mobile, or with a virtual terminal?
• Does it offer seamless integration with many software platforms, apps, or tools your business already uses?
• Does it offer multiple payment gateway APIs in several different languages that allow you to integrate payments into whatever software or system your business is currently using?

If you need help accepting payments for your online business, schedule a free consultation with our merchant services team today.