Payment gateways enable merchants to accept credit card payments online and in their physical store, but finding a provider that’s both convenient and minimises the risk of hackers accessing your customer’s sensitive banking information can feel overwhelming.
With so many options, which payment gateway provider is the best fit for your retail business?
In this article, we’re going to teach you how payment gateways work, payments gateway security standards and how to pick a payment gateway provider that offers merchants and consumers maximum convenience and minimal risk.
Let’s get started!
Drive your business forward with an advanced ePOS solution
Find out how Lightspeed can set your business up for longevity
What is a payment gateway?
A payment gateway is a technology that a merchant uses to accept debit or credit card purchases from its customers. Payment gateways include the physical card-reading devices and payment terminals found in-store as well as the payment processing portals used for online transactions. Brick-and-mortar payment gateways have also started accepting payments through digital payment distribution services like Apple Pay, GooglePay and Samsung Pay thanks to near field communication (NFC) technology.
Payment gateways vs. payment providers
A payment processor (like PayPal) facilitates a transaction, whereas a payment gateway (like Payflow) either approves or declines transactions between a merchant and their customers.
How does a payment gateway work?
A payment gateway helps authorise and process transactions between retail merchants and their customers, online and in-store.
Payment gateways encrypt sensitive information (like the credit card number) related to payment. It guarantees that the information is transferred securely between the customer and the merchant. Here’s a breakdown of how payment gateways work:
- Step 1: A customer either places an order online or completes a transaction at a merchant’s physical store or restaurant.
- Step 2: The payment gateway then securely transfers the transaction information to the acquiring bank (either the merchant bank or the acquirer).
- Step 3: The payment gateway determines which credit card provider (Visa, Mastercard, American Express, etc) issued the buyer’s card.
- Step 4: The payment gateway routes transaction information (credit card and banking information, the transaction amount, etc) to the correct payment switch.
- Step 5: The payment switch then sends the transaction request to the issuing bank and sends the transaction information to the credit card’s network.
- Step 6: The issuing bank runs the transaction through its fraud detection procedure to see whether or not the transaction is legitimate. They also confirm whether or not the buyer has enough available credit to make the purchase.
- Step 7: The issuing bank either approves or declines the transaction, and sends that information back through the credit card network to the merchant bank and payment gateway.
Payment gateway security standards
There are several security standards that payment gateways must adhere to, most notably around data encryption and PCI compliance.
Payment gateways encrypt data using a secure sockets layer (SSL) to protect the buyer’s sensitive banking information prior to sending the transaction through the credit card’s network. This encryption assures that the buyer’s credit card information is coded, making it difficult for malicious agents, fraudsters and hackers to access it while it’s transferred between different agents throughout the payment process.
PCI compliance is a set of security standards created by the Payment Card Industry Data Security Standard (PCI DSS) to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment to protect both the consumer and the merchant.
In many cases, retail merchants build their payment processing systems using solutions from several different companies. They may use one company’s payment terminals, payment gateways from another and a point of sale system yet another.
While each of those three solutions may individually be PCI compliant, that doesn’t guarantee that, when all three are used in tandem, the merchant is PCI compliant. That’s because PCI compliance also includes how merchants connect all of their payment processing systems together and how they manage their customers’ data.
Scale your business with integrated payments
Before you sign up with a third-party payment processing or gateway provider, do your homework. Find out if there are any hidden fees and make sure how their solution fits in with your retail point of sale system. For example, if you’re using an online payment gateway for your online store and a physical payment gateway for your physical store, you want both third-party systems to send transaction data to your point of sale system to simplify your bookkeeping.
Whether you’re growing your retail business, opening a new location or just exploring credit card payments for the first time, you’ll benefit from having a crystal clear understanding of the different combinations of payment processors, merchant accounts, point of sale systems and payment gateway providers before you sign on the dotted line.