When accepting credit and debit cards at your brick-and-mortar store, a POS system is what allows you to capture payment data at the checkout counter. In the eCommerce world, though, merchants rely on payment gateways to securely accept payments online.
However, not all payment gateways are created equal. Before choosing a solution for your e-commerce store, it is important you understand:
Think of a payment gateway as the online equivalent of physical credit and debit card reader. Both capture payment data before encrypting this information and forwarding it to a payment processor for authorization.
The primary difference is that e-commerce merchants using payment gateways:
This is the beauty of selling online. You can connect with users around the globe, generating sales around the clock.
However, selling to remote, anonymous shoppers carries a host of security risks. For example, criminals can easily intercept credit card details sent back and forth between your online store and your payment provider.
Payment gateways are one of the first lines of defense in fraud prevention. They help keep sensitive payment details out of the hands of criminals — but how?
Step 1: Credit card information is swiped, dipped, or manually entered.
Step 2: Payment gateway encrypts cardholder data and sends to the payment processor.
Step 3: The payment processor notifies the card-issuing bank and the transaction is approved or rejected.
Step 4: The payment processor communicates the authorization or decline back to the payment gateway.
Step 5: The gateway notifies the transaction originator. If approved, funds are deducted from customer’s account and settled into the merchant’s bank account.
When one of your customers is ready to check out from your online store, the individual fills in his or her payment data before clicking the “Buy” button.
Your payment gateway is a literal “gateway” through which that customer’s credit card data must pass. Yet, before the customer’s payment details are forwarded to your processor, they are encrypted using any number of security protocols, including:
Your payment processor receives these encrypted details before sending them to the customer’s bank for approval. Once the transaction is verified, the secure payment processing network returns an approval to the payment gateway.
Congratulations! You just made a new sale. From the moment your customer clicked the “Buy” button, the entire process only took seconds.
Payment processors (sometimes known as payment providers) handle many aspects of secure credit card processing — including data security, user authentication, and fund settlement. They may also supply the credit card machines and other equipment used to accept electronic payments. Payment processors also act as liaisons by transmitting the transaction data between your business and customers’ credit card providers (i.e., issuing banks).
Whether you sell primarily online or through a physical store, you’ll need a merchant account to accept credit cards. Think of these as specialized bank accounts that can receive electronic payments.
However, there is one more piece of the puzzle:
Again — that payment gateway is what captures and encrypts your customers’ credit card data in the e-commerce world.
With a payment gateway, there are several ways to accept online payments.
When customers are ready to buy, they are temporarily redirected off-site to provide their payment details and confirm their purchase. Once the transaction goes through, those users are automatically brought back to your site.
For many e-commerce merchants, this is the easiest type of checkout experience to implement. Because no credit card data is ever captured on your server, you don’t have to worry as much about payment security.
The downside is that the Simple Checkout strategy interrupts the user experience, since you are redirecting customers off-site.
When customers are ready to buy, they fill in their payment details and confirm their purchase — all entirely on your site.
The downside is that because everything happens on your servers, you take on the payment security for all your customers’ sensitive information. This brings your website and servers into PCI scope, which is expensive and requires technical expertise to set up correctly.
When customers are ready to buy, they are temporarily redirected off-site to complete the transaction. However, the site to which they are redirected looks exactly like your e-commerce store. Customers enter their information on a hosted payment page, which means that the checkout form is hosted on a third-party site. By removing this process from your systems and servers, you reduce your PCI scope and minimize your risk of a data breach.
Once the transaction goes through, users are automatically brought back to your site. Again, users don’t know this. As far as they’re concerned, they never left your e-commerce store.
When set up correctly, the On-Site Checkout, Off-Site Payments approach offers the best of all worlds. Your customers benefit from a seamless shopping experience. In fact, you can customize your hosted payment page with your online store’s branding, logo and color palette.
Payment gateways are a prerequisite for online credit card acceptance, but that doesn’t mean they aren’t without limitations. Below are just some of the challenges e-commerce merchants face when using payment gateways for their online stores:
As with all digital tools, payment gateways are susceptible to malware and viruses. Although software patches can fix many of these problems, your payment environment could still be vulnerable if you store any credit card data locally.
If you sell online, you need a payment gateway of some kind to securely process credit and debit card sales. This is true whether you run a for-profit business selling widgets or a nonprofit charity collecting donations.
There are hundreds (if not thousands) of competing payment gateway options out there. Before committing to any solution, it is vital that you:
Arguably most important, you need a payment solution that can grow with your business over time. You might sell exclusively online right now, but what happens if you start interfacing with customers at tradeshows or at your new brick-and-mortar retail store?
You need a payment gateway provider that can accommodate this type of growth, as well as offer a full spectrum of PCI-compliant secure payment processing and data protection tools, including:
Also, consider the following:
If you need help accepting payments for your online business, schedule a free consultation with our merchant services team today.
What the new COVID-19 relief bill means for Black and minority-owned business
Access business credit scores and find funding for free with Nav
Fast casual vs. fast food: What is the difference?