How Payment Gateways Work & Why Merchants Need Them
According to recent estimates, US credit card transaction volume was primed to top $3 trillion in 2022. That doesn’t count sales involving debit and prepaid cards, which add nearly $2 billion more to the total.
That’s a lot of money moving around… but how exactly does it happen? How does a dollar get from a cardholder’s account to the merchant?
Swiping or dipping a credit card is a casual, automatic action for consumers. It seems like a straightforward process, but each card transaction involves multiple parties and actions going on behind the scenes. One link in this chain is what’s called a payment gateway.
Recommended reading
- What is EMV Bypass Cloning? Are Chip Cards Still Secure?
- Terminal ID Number (TID): What is it? What Does it Do?
- Dispute Apple Pay Transaction: How Does The Process Work?
- What is PSD2? How it Impacts Banks, Businesses & Consumers
- P2P Payment Use in eCommerce Jumps 66% in 2024
- Visa+: Get the Most Out of Digital Wallets With This Tool
What is a Payment Gateway?
- Payment Gateway
Payment gateways are software applications that encrypt and transmit customer and bank information between the merchant, the bank, and the payment processor.
[noun]/pā • mənt • ɡāt • wā/Payment gateways are software applications that serve as conduits to allow cardholder data to pass securely between parties. Gateways are primarily used for eCommerce; for all practical purposes, online stores can’t accept credit card payments without one.
While brick-and-mortar stores can use a gateway, they typically rely on their physical card readers to transmit payment data from the cardholder to the acquiring bank. Obviously, online stores don’t have that advantage, so they require a different solution.
Having a gateway eliminates your need for manual input of credit card numbers. This speeds up the checkout process and increases accuracy. Customers are actually interacting with the gateway when they key in card data on your checkout page. The gateway encrypts the information so it isn’t accessed and misused by cyber criminals, then transmits it to the processor.
The application will also tell you whether a transaction has been authorized or declined by the issuer. More sophisticated gateways may provide additional functions, such as screening transactions for potential fraud.
How Do Payment Gateways Work?
There are two types of payment gateways. First, we have integrated gateways, which are built directly into a merchant’s eCommerce platform. In contrast, third-party systems send customers to an external site for checkout.
The payment gateway’s role in this process is primarily to ensure that the transaction is routed through a secure connection. It encrypts cardholder information, and also performs fraud checks before sending the card data to the processor.
The process typically follows the same basic flow:
- Cardholder places an order through merchant's checkout page. Transaction details are forwarded to payment gateway.
- Gateway submits this information to merchant’s acquiring bank. This is often done through a third-party processor.
- Transaction information goes to the card network (Visa, Mastercard, etc.), which routes it to issuing bank.
- The bank checks available funds or credit, then informs the network whether the transaction is approved or declined.
Approving a transaction is not the same as authorizing one. This initial check only looks for signs of fraud, and makes sure the cardholder has the necessary funds or credit available.
Up to this point, the information has been flowing primarily in one direction. Now, though, the data does an about-face and travels the same course, but in reverse:
- Issuer’s response is sent back to the card network, who routes it to the merchant’s payment processor.
- Payment processor forwards the information to the payment gateway, which forwards it to the merchant.
- Merchant informs cardholder that the transaction has either been approved or declined, as per bank response.
- If everything checks out, merchant completes the transaction and receives the funds after finalizing and batching.
The entire process is usually completed within 5 seconds, which is why it seems so uncomplicated to the end user.
Why Do I Need a Payment Gateway?
A payment gateway protects your customers’ data. It also helps ensure your funds and all transaction information get sent to the right place.
Strictly speaking, you don’t absolutely need to have one. There are ways of skirting the issue, such as only accepting payments through a service provider like PayPal. That could limit your options substantially, though. For most entities that accept online payments — regardless whether you’re a retailer, a service provider, a nonprofit organization, etc. — you probably don’t have much of a choice.
With no access to the customer’s actual card, the risk posed by payment fraud is considerably higher for online stores. If personal cardholder data is compromised, your business may get the blame. Payment gateways safeguard your shopper’s payment data, and in the process, protect you from fraud and chargebacks. They follow strict procedures for securing data, as defined by the PCI-DSS compliance standard.
Gateways offer other benefits, as well. They simplify the payment process for your online store and help you receive payments faster. At the same time, your gateway shields your business from expired cards or accounts with insufficient credit.
Payment Gateways vs. Payment Processors
While the terms are often used interchangeably, “payment gateways” and “payment processors” are not the same thing. Any merchant who wishes to accept credit cards must have a payment processor. As we mentioned above, though, the need for a payment gateway is primarily for online commerce. Here’s a side-by-side comparison of the two services.
Payment Processor | Payment Gateway |
Facilitates communication between the merchant and bank for fund transfer | Collects and verifies the buyer’s credit card information; encrypts data for transmission |
Validates card information for card-present sales | Validates card information for card-not-present sales |
Necessary for any merchant accepting credit cards | Necessary for online merchants |
Can function as a stand-alone service | Still requires a payment processor |
Complicating the issue even further, a number of payment processor gateway providers, such as PayPal and Stripe, fulfill a dual function. They offer payment processing and acquiring services, as well as a built-in payment gateway on the platform. These services are a “one-stop shop” for merchant services.
Are There Down Sides to Using a Payment Gateway?
While payment gateways are crucial to online sales, there are some challenges to consider.
Like any other service, not all gateways are created equal. Some only work with certain issuers. Some may not integrate easily into your website, and some aren’t equipped to deal with alternate payment methods like cryptocurrency.
Security is also a huge consideration. One of the main tasks of a gateway is protecting sensitive data, but that doesn’t mean they’re all 100% secure. Less reputable companies may not have as many safeguards in place.
Then there’s the price. Gateway providers charge a fee, which is to be expected, but the costs can vary greatly. Most involve a set-up fee, a fixed monthly charge, and per-transaction fees. Others have hidden charges that aren’t revealed pre-purchase. This means that the cheapest solution isn’t necessarily going to be a good fit. For example, merchants with a global audience need to consider whether the provider charges more for international transactions.
Finally, payment gateways aren’t always known for their flexibility. Rigid systems may require reprogramming to meet your needs. That could be costly and potentially lock you into a service that limits your ability to scale.
While there are limitations, however, none of these are deal breakers. It really comes down to studying your options, researching what’s available, and partnering with the right provider.
How to Choose a Gateway Provider
So how should a merchant go about choosing a payment gateway? Part of it is understanding both your needs and the capabilities of your provider. There’s no magic formula, but here are some factors to consider:
How Much Does a Payment Gateway Cost?
Pricing on a gateway system can be hard to determine because there are so many moving pieces. Multiple parties are involved, and most add their own fees to the mix. While merchants may not pay these fees directly, they will be added to the cost of the gateway.
Each provider has their own terms of use and their own way of calculating pricing. Some typical fees involved include:
Payment Gateways: One Small Step in the Payment Process
Payment gateways play a vital role in the payment process, particularly for eCommerce. This software helps merchants streamline their operations and – more importantly – protect cardholder information in transit. Because each transaction is reviewed prior to authorization, gateways also have a role in preventing card fraud.
Pre-transaction fraud screening may not significantly impact customer disputes and chargebacks, though. Many disputes are the result of first-party fraud, which happens after the fact. True fraud prevention and risk mitigation requires a more comprehensive approach.
To learn about chargeback management help that goes beyond the minimal assistance offered through PayPal and other processors, talk to Chargebacks911® about a free chargeback analysis today.