Payment gateway
Encyclopedia
A payment gateway is an e-commerce application service provider
service that authorizes payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar
. It is the equivalent of a physical point of sale
terminal located in most retail outlets. Payment gateways
protect credit card details by encrypting sensitive information, such as credit card
numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor
.
When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction
Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation
, velocity pattern analysis, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS
checks.
Application service provider
An application service provider is a business that provides computer-based services to customers over a network. Software offered using an ASP model is also sometimes called On-demand software or software as a service ....
service that authorizes payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar
Brick and mortar
Brick and mortar in its most simplest usage is used to describe the physical presence of a building or other structure...
. It is the equivalent of a physical point of sale
Point of sale
Point of sale or checkout is the location where a transaction occurs...
terminal located in most retail outlets. Payment gateways
Gateway (computer program)
A gateway is a link between two computer programs or systems such as Internet Forums. A gateway acts as a portal between two programs allowing them to share information by communicating between protocols on a computer or between dissimilar computers....
protect credit card details by encrypting sensitive information, such as credit card
Credit card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...
numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor
Payment processor
A payment processor is a company appointed by a merchant to handle credit card transactions for merchant banks. They are usually broken down into two types: front-end and back-end....
.
How payment gateways work
A payment gateway facilitates the transfer of information between a payment portal (such as a website, mobile phone or IVR service) and the Front End Processor or acquiring bank.When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction
- A customer places order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service.
- If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's webserver. This is done via SSL (Secure Socket Layer) encryption.
- The merchant then forwards the transaction details to their payment gateway. This is another SSL encrypted connection to the payment server hosted by the payment gateway.
- The payment gateway forwards the transaction information to the payment processorPayment processorA payment processor is a company appointed by a merchant to handle credit card transactions for merchant banks. They are usually broken down into two types: front-end and back-end....
used by the merchant's acquiring bankAcquiring bankAn acquiring bank is the bank or financial institution that processes credit and or debit card payments for products or services for a merchant. The term acquirer indicates that the bank accepts or acquires credit card transactions from the card-issuing banks within an association...
. - The payment processorPayment processorA payment processor is a company appointed by a merchant to handle credit card transactions for merchant banks. They are usually broken down into two types: front-end and back-end....
forwards the transaction information to the card associationCard associationA card association is a network of issuing banks and acquiring banks that process payment cards of a specific brand.-Examples:Familiar payment card association brands include Visa, MasterCard, American Express, Discover, Diner's Club, and JCB. Visa, MasterCard and American Express issuers co-brand...
(e.g., Visa/MasterCard)- If an American ExpressAmerican ExpressAmerican Express Company or AmEx, is an American multinational financial services corporation headquartered in Three World Financial Center, Manhattan, New York City, New York, United States. Founded in 1850, it is one of the 30 components of the Dow Jones Industrial Average. The company is best...
or Discover CardDiscover CardThe Discover Card is a major credit card, issued primarily in the United States. It was originally introduced by Sears in 1985, and was part of Dean Witter, and then Morgan Stanley, until 2007, when Discover Financial Services became an independent company. Novus, a major processing center, used to...
was used, then the processor acts as the issuing bankIssuing bankAn issuing bank is a bank that offers card association branded payment cards directly to consumers.-Detail:The issuing bank assumes primary liability for the consumer's capacity to pay off debts they incur with their card....
and directly provides a response of approved or declined to the payment gateway. - Otherwise, the card association routes the transaction to the correct card issuing bankIssuing bankAn issuing bank is a bank that offers card association branded payment cards directly to consumers.-Detail:The issuing bank assumes primary liability for the consumer's capacity to pay off debts they incur with their card....
.
- If an American Express
- The credit card issuing bankIssuing bankAn issuing bank is a bank that offers card association branded payment cards directly to consumers.-Detail:The issuing bank assumes primary liability for the consumer's capacity to pay off debts they incur with their card....
receives the authorization request and sends a response back to the processor (via the same process as the request for authorization) with a response code. In addition to determining the fate of the payment, (i.e. approved or declined) the response code is used to define the reason why the transaction failed (such as insufficient funds, or bank link not available) - The processor forwards the response to the payment gateway.
- The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted as a relevant response then relayed back to the cardholder and the merchant.
- The entire process typically takes 2–3 seconds.
- The merchant submits all their approved authorizations, in a "batch", to their acquiring bankAcquiring bankAn acquiring bank is the bank or financial institution that processes credit and or debit card payments for products or services for a merchant. The term acquirer indicates that the bank accepts or acquires credit card transactions from the card-issuing banks within an association...
for settlement via their processor. - The acquiring bankAcquiring bankAn acquiring bank is the bank or financial institution that processes credit and or debit card payments for products or services for a merchant. The term acquirer indicates that the bank accepts or acquires credit card transactions from the card-issuing banks within an association...
deposits the total of the approved funds in to the merchant's nominated account. This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank. - The entire process from authorization to settlement to funding typically takes 3 days.
Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation
Geolocation
Geolocation is the identification of the real-world geographic location of an object, such as a radar, mobile phone or an Internet-connected computer terminal...
, velocity pattern analysis, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS
Address Verification System
This is credit card address verification. Were you looking for POSTAL Address Verification?The Address Verification System is a system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the...
checks.
Security
- Since the customer is usually required to enter personal details, the entire communicationCommunicationCommunication is the activity of conveying meaningful information. Communication requires a sender, a message, and an intended recipient, although the receiver need not be present or aware of the sender's intent to communicate at the time of communication; thus communication can occur across vast...
of 'Submit Order' page (i.e. customer - payment gateway) is often carried out through HTTPSHttpsHypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
protocol. - To validate the request of the paymentPaymentA payment is the transfer of wealth from one party to another. A payment is usually made in exchange for the provision of goods, services or both, or to fulfill a legal obligation....
page result, signed request is often used - which is the result of the hashHashHash may refer to:* Hash symbol, the glyph #* Hash mark , one of various symbols* Hash , a coarse mixture of ingredients* Hash chain, a method of producing many one-time keys from a single key or password...
function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway. - To validate the request of the payment page result, sometimes IPIP addressAn Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of the requesting server has to be verified. - There is a growing support by acquirers, issuers and subsequently by payment gateways for Virtual Payer Authentication (VPA), implemented as 3-D Secure3-D Secure3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service...
protocol - branded as Verified by VISA, MasterCard SecureCode and J/Secure by JCB, which adds additional layer of security for online payments. 3-D Secure3-D Secure3-D Secure is an XML-based protocol designed to be an added layer of security for online credit and debit card transactions. It was developed by Visa with the intention of improving the security of Internet payments and offered to customers as the Verified by Visa service...
promises to alleviate some of the problems facing online merchants, like the inherent distance between the seller and the buyer, and the inability of the first to easily confirm the identity of the second.
See also
- Payment Card IndustryPayment card industryThe payment card industry denotes the debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses.The term is sometimes more specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express, Discover Financial...
- PaymentPaymentA payment is the transfer of wealth from one party to another. A payment is usually made in exchange for the provision of goods, services or both, or to fulfill a legal obligation....
- Merchant accountMerchant accountA merchant account is a type of bank account that allows businesses to accept payments by debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of credit card and/or debit card transactions...
- Electronic commerceElectronic commerceElectronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online...