A payment gateway is the software or service that allows for secure credit card processing using a web-based verification process. Typically, the payment gateway connects a webstore to a merchant account, allowing the business to securely accept credit card or e-check payments for purchases made online.
In this article, you’ll learn more about why you need a payment gateway and how to choose the right one for your business.
The payment gateway (sometimes called e-commerce or credit card gateway) facilitates the transfer of information from the payment portal/interface (where the customer places an order) to the payment processor, who verifies the transaction with the card company and places the funds (once authorized) in the business’ merchant account.
Although payment gateways are most frequently associated with e-commerce, any transaction where the card is not physically present should run through a gateway in order to follow the proper authorization process. This could include payments where a customer provides card information over the phone, or where they have agreed to recurring billing using the same card for each scheduled payment. In these cases, the gateway will connect the payment processing application (for example your ERP system) with the merchant account in order to authorize the transaction.
The terminology of credit card processing can quickly become confusing. Here are the major players defined:
Merchant – The business making a sale and collecting payment.
Payment Gateway – The virtual equivalent of a physical POS (point-of-sale) terminal (where you would swipe your card at a store).
Typically the gateway can be used in two ways:
Merchant Account – Special type of bank account required to process debit/credit card transactions. An agreement between the merchant, merchant account, and acquiring bank allows the merchant account to draw upon funds from the acquiring bank to pay the merchant for online purchases. The merchant account will hold the funds for a set period of time, usually between 2-7 days, before releasing the funds to the merchant’s business bank.
Acquiring Bank – Organizations that are responsible for processing transactions on behalf of credit card associations like Visa, MasterCard, Discover etc. The acquiring bank in each transaction will be determined by the type of card used by the customer.
PCI DSS Compliance – Set of requirements developed by an association representing the major US credit cards with the goal of protecting cardholder data. Visit the official PCI website for more details and to access a self-assessment questionnaire.
Encryption – Method of securing data by scrambling the card information from the point of entry until the data reaches a secure decryption environment, where a key is required to make the data readable. If the data is stolen as it travels from the point of entry to the secure destination, it cannot be abused.
Tokenization – Method of securing card information by replacing sensitive data with a unique, meaningless token on a company’s internal networks while the real card data is stored securely offsite.
Following is an example of a typical e-commerce transaction and the multiple steps that occur in between the customer placing an order and the merchant bank receiving the funds.
USA Decor Inc. is an online retailer of American flags. John would like to purchase a flag using his Visa.
Step 1 – John enters his credit card information and clicks to submit his order on USA Decor’s website.
Step 2 – The USA Decor’s online store connects to the payment gateway and sends John’s credit card details to the payment gateway.
Step 3 – If the payment gateway is able to match the card information submitted with the information that Visa has on file for John’s account, the transaction will be “Authorized” for payment. At this point, USA Décor will be notified that the transaction is authorized and they will process his order for shipment knowing that the payment details are legitimate.
Step 4 – The payment gateway will process payment by transferring money from John’s Visa (via the acquiring bank) to USA Decor’s merchant account.
Step 5 – John’s payment will be held by the merchant account for a pre-determined number of days.
Step 6 – The merchant account will release funds related to John’s purchase to USA Decor’s bank account less any fees associated with processing the transaction.
Many online sales will follow this exact process. One common exception is that some companies act as both the payment gateway and the merchant account provider.
The sheer number of payment service providers can be dizzying. With so many options available, it can be difficult to choose the right service for your business. Based on our clients’ experiences, Equation Technologies recommends that you consider the following questions when choosing a payment gateway:
Do you actually need a payment gateway?
If all credit card transactions are made in person using a physical payment terminal or POS system, a payment gateway is not necessary as the POS system itself will act to authorize the transaction. However, if you process transactions where the card is not physically present, the gateway is a necessary step in the payment process.
What gateways are supported by your e-commerce platform?
Businesses wanting to accept credit cards on their webstore should check to see which gateways are supported by their e-commerce platform as it will be easiest to integrate with an existing plugin.
Popular platforms like Shopify or Magento will have more options to choose from and typically more than one provider available. Most e-commerce platforms will also support PayPal, which acts as its own payment gateway and merchant account and can be offered in conjunction with other methods of payment.
What are your compliance requirements?
As discussed earlier in the article, merchants accepting credit cards from any one of the 5 major credit card associations are responsible for maintaining compliance with PCI-DSS. One of the biggest challenges for companies that process any kind of recurring billing is ensuring the secure storage of cardholder information over time.
Having a photocopy of a credit card in a customer file, saving card information to your hard drive, receiving card details via email, or saving them on the customer’s record in your ERP system would all be considered a security risk and render your organization’s practices non-compliant. Likewise, ensuring that customers can safely enter card data on a website can present a number of challenges due to the vulnerability of information sent over the web.
Luckily, many services provide built-in tokenization and encryption and by using an approved service, you can simplify the process of maintaining compliance by shifting much of the burden back on the third party.
You can check to see whether a particular provider has been validated by the PCI here: https://www.pcisecuritystandards.org/assessors_and_solutions/payment_applications
What is your volume of transactions?
As discussed earlier in the article, some gateways also act as a merchant account. While these combined services may be more straightforward to setup and maintain, the tradeoff usually occurs with higher per-transaction fees. If your business is just starting to accept credit card payments or has a low volume of transactions, the convenience of a two-in-one provider may be worth the higher fees.
Are you looking for a solution that is also integrated with your ERP system?
Businesses with a high volume of transactions will benefit greatly from choosing a service integrated with their ERP system. Payment information flows directly to Accounts Receivable eliminating time-consuming, error-prone re-keying of data and facilitating real time reporting using the most up-to-date information available. In addition, the bank reconciliation process is simplified with an integrated service as transactions generally appear in the system in the same batch or grouping that they will post to the bank.
By contrast, transactions entered manually may need to be added or separated at the end of each period in order to match the amounts showing on a bank statement. Additionally, if your business does not ship products or provide services until payment has been received, an integrated system will ensure that the fulfillment process is not delayed due to a lag in data entry.
Does the gateway accept your customers’ preferred method of payment?
Not all payment gateways will accept all types of credit cards. In addition, some may not process e-checks or newly emerging payment methods like Apple Pay or Visa Checkout.
While Visa and MasterCard are almost guaranteed to be available, American Express, Discover or other credit cards commonly used outside of the US may not be supported. It’s important to consider all of the possible ways in which your customers will want to pay to avoid losing sales over an unsupported method of payment.
Also, some payment gateways will not accept international payments so depending on your target market, this may be an important consideration.
The Sage Payments module comes bundled standard with Sage 300 and allows easy pre-authorizations, charges, refunds and voids from within Order Entry or Accounts Receivable Screens.
Sage Exchange is the secure payment-processing application that integrates/connects Sage 300 with the Sage Payment Solutions’ combined gateway and merchant account services.
Credit card information can be saved to the Sage 300 customer record where it will be stored securely in an online vault system without ever residing on your server. Sage Payment Solutions supports multiple currencies, banks, and merchant accounts within the same company database giving you greater flexibility through a single application. Additionally, Sage 300 Payment Processing is approved as a PCI-compliant provider and meets PA-DSS standards for processing transactions and storing card details.
Authorize.net offers a combined merchant account and gateway product as well as a “gateway only” service for those who already have a merchant account or want the flexibility to choose their own provider.
Authorize.net supports online, telephone, retail and mobile payments and offers value-added services like their Customer Information Manager that tokenizes and stores customer payment information or Automated Recurring Billing at no additional charge.
Authorize.net is also supported by many of the most popular e-commerce platforms including Shopify, Magento and Bigcommerce.
Like Sage Payments, InstaPay offers a pre-built payment processing interface that can be accessed from within Sage 300 in addition to providing a “gateway only” service. Their gateway accepts all major credit cards and supports e-checks and recurring billing.
The integrated InstaPay ERP solution allows credit card processing from Order Entry and Accounts Receivable screens as well as within Sage CRM. InstaPay ERP also includes the gateway and merchant account services to provide all three components necessary for completing a credit card transaction.
Highlights of the combined offering include navigation buttons that overlay onto existing 300 screens, alerts when credit cards are about to expire, and a simplified bank reconciliation process using InstaPay’s monthly transaction reports.
Still Have Questions?
Click below to get in touch and schedule a quick call. One of our credit card processing experts can answer your questions and help guide you through the process of choosing the right payment gateway for your needs.