Payment gateways are software and servers that transmit transaction information to acquiring banks and responses from issuing banks (such as whether a transaction is approved or declined). Essentially, payment gateways facilitate communication within banks.
Security is an integral component of all payment gateways, as sensitive data such as credit card numbers need to be protected from any fraudulent parties. The card associations have created a set of rules and security standards which must be followed by anyone with access to card information including gateways. This set of rules and security standards is called the Payment Card Industry Data Security Standard (PCI-DSS or PCI).
Submitting an order is usually completed using HTTPS protocol, which securely communicates personal information through the parties involved in the transaction. Many payment providers, such as 2Checkout, enable merchants with added options when a cardholder purchases a service or product. Aside from providing the ability for real-time transactions, these providers can help to translate currencies between two parties in different countries, as well as bridge language and payment methods. Payment gateways usually charge those who use them a per transaction fee.
How payment gateways work
When a customer places an order from an online store, the payment gateway performs several tasks to finalize the transaction:
- Encryption: The web browser encrypts the data to be sent between it and the vendor’s web server. The gateway then sends the transaction data to the payment processor utilized by the vendor’s acquiring bank.
- Authorization Request: The payment processor sends the transaction data to a card association. The credit card’s issuing bank views the authorization request and “approves” or “denies.”
- Filling the Order: The processor then forwards an authorization pertaining to the merchant and consumer to the payment gateway. Once the gateway obtains this response, it transmits it to the website/interface to process the payment. Here, it is interpreted and an appropriate response is generated. This seemingly complicated and lengthy process typically takes only a few seconds at most. At this point, the merchant fills the order.
The steps outlined above are repeated in an effort to “clear” the authorization via a consummation of the transaction. However, the clearing is only triggered once the merchant has actually completed the transaction (shipping the order). The issuing bank changes the “auth-hold” to a debit, allowing a “settlement” with the vendor’s acquiring bank. The processor is then relied upon to settle all of the vendor’s approved authorizations with the acquiring bank at the end of the day.
Other Payment Gateway Functions
Payment gateways also screen orders with a myriad of helpful tools. This screening process filters out as much fraud as possible. Examples of gateway fraud detection tools include:
- Delivery address verification
- AVS checks
- Computer finger printing technology,
- Velocity pattern analysis
- Identity morphing detection