A payment gateway is integral to processing online and in-store payments. In essence, it enables customers to enter their payment information and safely sends this to key parties, responsible for authenticating and authorising the transaction.
Global retail eCommerce is projected to reach US $8.1 trillion by 2026, up from US $5.2 trillion in 2021. While this has allowed businesses to expand and reach new markets, it has also presented new opportunities for fraudsters to scam consumers and negatively impact the growth of businesses. Online payment fraud is projected to cost merchants over US $362 billion globally between 2023 and 2028, according to Juniper Research.
As more businesses look at expanding operations online, a secure and seamless payment gateway is vital for safeguarding customer information as well as protecting businesses against payment fraud.
In this article, we’ll explore how payment gateways work, the benefits they provide and how to choose the right solution for your business. Keep reading to find out why your business needs a payment gateway, if it doesn’t already have one.
What is a payment gateway and why do you need it?
A payment gateway is the technology responsible for authenticating and securely transmitting payment data between different parties involved in the payment process (more to come on this).
A payment gateway will usually also incorporate various security measures like encryption, tokenisation and fraud management solutions. Further to this, gateways must follow a strict set of procedures as per the PCI DSS compliance standard. This includes annual audits and recertifications to ensure the standard’s validity.
How do online payments work with a payment gateway?
While from a customer’s perspective they complete a few steps prior to paying, there’s actually a lot more happening behind the scenes than they realise. Namely, there are various key players involved in different aspects of the payment process. Let’s take a look at who these parties are and what they do:
- Payment service provider, or the payment processor – is a third-party company that provides the payment processing services to merchants, such as the payment gateway, card issuing, risk and fraud management solutions, acquiring and global payment methods, among other things.
- Merchant – this is any party who sells goods and services, through an online and/or in-store shop.
- Customer, or cardholder – the individual who initiates the purchase of a merchant’s good or service.
- Issuer, issuing bank or card issuer – a bank or other financial institution that issues or helps issue payment cards to customers on behalf of the card schemes. When a customer makes a payment, the issuer transfers the funds through the card schemes to the acquirer. Essentially, they verify that the cardholder has sufficient funds to cover the transaction and that the account is valid (among other security checks).
- Acquirer, acquiring bank or acquiring member – the financial institution that processes card payments on behalf of merchants. One of their main roles is to securely route the card payment data on to the card schemes (more on this below) for authorisation by the issuer.
- Payment gateway – the technology used by merchants to authenticate and securely transfer payment data between the acquirer, issuer and card schemes. Once the payment has been authorised and approved by the acquirer, the payment gateway sends a verification message back to the merchant.
- Card schemes – the party linking the acquirer to the issuer, so that card transaction information can be passed between the two as part of the authorisation step (we’ll touch on this later). Well-known card schemes include Mastercard, Visa, American Express, Discover and UnionPay.
How does a payment gateway work?
Now that you’re familiar with what a payment gateway is, let’s take a look at how it fits into the card payment process. We’ll cover each stage of the payment journey, from initiation to settlement.
- The customer initiates a purchase by entering their card details on the payment page, which typically includes the cardholder’s name, card number, card expiration date and card verification value (CVV) code. This information is then safely passed on to the payment gateway, depending on the merchant’s preferred integration (e.g. hosted payment page, server-to-server integration or client-side encryption).
- The payment gateway encrypts the card details and performs fraud checks, before sending the card data to the acquirer.
- The acquirer securely sends the information to the card schemes, which carry out another layer of fraud checks. After this, the schemes transmit the payment data to the issuer for authorisation.
- The issuer authorises the transaction once the necessary fraud screening measures are completed. Namely, it validates the transaction information, ensures the cardholder has adequate funds for the purchase and that the bank account is valid. The issuer will send an approved or declined message from the card schemes to the acquirer.
- The acquirer passes the message back to the payment gateway to the merchant. Depending on the message, the customer will be directed to a payment confirmation page or asked to provide another payment method.
- After the payment has been approved, the settlement process can begin. For this, the acquirer collects the payment amount from the issuing bank and puts the funds ‘on hold’ into the merchant account (more on the merchant account below). When the actual settlement will happen depends on the agreement the merchant has with their payment service provider.
Four benefits of a payment gateway
Payment gateways have a number of benefits that include, but are not limited to:
Enhanced security
As mentioned earlier, there are a number of checks that take place during the payment process to ensure the person making the purchase is indeed the cardholder. Payment gateways must also be PCI DSS compliant, which means they have to follow specific security standards to safeguard cardholder data, adding another layer of protection against fraud. Further to this, payment gateways usually support additional features like tokenisation, Address Verification Service and risk management solutions (e.g. velocity checks, transaction counts, amount thresholds, device fingerprinting, negative database data, etc.)
Improved payment experience
Having a payment gateway means your customers can make purchases anytime and anywhere. Alongside this, customers can also choose to securely save their payment information for future purchases from a merchant via tokenisation. By creating a seamless payment experience for your customers, you can cultivate brand loyalty and encourage repeat purchases.
Expand into new markets
Many payment gateways support multiple currencies and have the option to integrate with local and global payment methods, letting your customers choose how they pay. For example, emerchantpay currently offers over 60 global payment methods like Apple Pay, Google Pay™, PayPal, SEPA payment schemes and paysafecard, among others. Furthermore, you can expand your business globally and tailor your payment gateway to cater to specific customer payment preferences.
Customisable checkout options
Payment gateways can be integrated with your existing website or shopping cart platform. emerchantpay currently offers many payment integration methods like a hosted payment page, server-to-server integration, client-side encryption and connections with popular eCommerce platforms and shopping cart plugins (learn more by reading our FAQs below). Based on your payment setup, the payment flow can be customised to suit the needs of your business.
What’s the role of a merchant account? How does this differ from a business bank account?
While both the merchant account and business bank account are associated with the settlement of funds to the merchant, they each serve different purposes.
A merchant account is a specific bank account that allows merchants to accept and process electronic payments from customers quickly and securely. During the settlement process, the acquirer moves funds from the merchant account to the business bank account.
A business bank account, on the other hand, is what merchants use for everyday expenditures. This is where funds are deposited after settlement takes place. Depending on the agreement with your payment service provider, the acquirer will transfer funds from your merchant account into your business bank account either periodically in bulk or as individual payments.
The important thing to note is that businesses must have a merchant account set up by an acquirer in order to process transactions online, using a payment gateway.
Accept more payments with our payment gateway solutions
With over 20 years of experience in making payments easy for businesses, we can provide you and your customers with a hassle-free, streamlined payment experience. We’re PCI Level 1 compliant, with an all-in-one payment platform that includes an in-house payment gateway, global acquiring, alternative payment methods (APMs), card issuing and in-house risk and fraud management services.
We want to help your business grow, which is why you’ll also have a dedicated Account Manager and Risk Analyst by your side, helping you every step of the way. With us, you’ll be well placed to provide frictionless and safe checkout experiences for your customers for maximised revenue.
Ready to boost your profit margins with our robust payment solutions? Talk to our payment experts and start accepting online payments today.
Your burning questions answered!
We understand how stressful it can be to navigate the payments realm. That’s why we’ve put together some answers to commonly asked questions, which includes types of integrations we support, costs and settlement timeframes, as well as other things. If you have a question that’s not covered by the below, please feel free to reach out to one of our payments experts here.
What is the cost of your payment gateway?
It’s hard to put a price tag on what we offer because this varies based on the needs of your business and the industry you operate in, as well as other factors.
We provide a range of payment solutions, covering online, in-app, in-store and over the phone transactions. In addition to being PCI compliant, our solutions come with top-tier fraud-mitigating solutions like address verification service and real-time risk monitoring. You’ll also have your own Risk Analyst and Account Manager, both dedicated to helping your business grow and succeed. Alongside this, we also offer 24/7 technical support.
We also offer interchange ++ pricing, which is the most transparent way of pricing in the industry. You’ll be able to see a detailed breakdown of the processing costs involved in our solutions, so you don’t have to worry about any hidden fees or charges.
Does your payment gateway process subscription payments?
Yes, our payment gateway provides an easy and hassle-free way for your business to set up and accept subscription payments. Our system will securely store and encrypt customer information and process payments based on your chosen billing cycle. With recurring payments, your business will benefit from increased customer loyalty and it also makes repeat billings easy to manage.
How long does it take to settle funds?
While a payment can be authorised almost instantly, the actual settlement of funds can vary in time and is based on a number of factors like your settlement agreement with us (e.g. T+1, T+2 or longer), merchant industry and type of payment (e.g. cross-border payments versus domestic payments), to name a few things.
What type of payment gateway integrations do you provide? How do you add it to your website?
Hosted payment page (pre-built UI)
This integration is suitable for SMEs looking to decrease their PCI DSS requirements and development work. This integration allows the payment page of your online store to be hosted on our secure server, with the option to customise its look and feel.
Server-to-server integration (custom UI)
If you want full control over the transaction flow and website design, our server-to-server integration is your go-to option. In effect, the customer completes the payment on your website, so the customer journey is uninterrupted and native to your website. This is possible through a direct connection between your server and our payment gateway via an API.
Client-side encryption (CSE)
Also referred to as “encryption at source”, this integration method involves embedding our client-side encryption library on your payment page. After the customer completes their payment, this information is securely processed and authenticated via our payment gateway. This option is suitable for merchants looking to manage the design of their payments page, while limiting their PCI compliance requirements.
Platform integration
Another option is platform integrations via plugins and modules, which offer merchants a way to connect to a payment gateway and easily accept payments using their eCommerce platform. emerchantpay’s payment gateway can be integrated with leading platforms like WooCommerce and Umbraco, among others.
Virtual terminal
Our payment gateway also gives you access to our virtual terminal, allowing you to provide payment options like Pay by Link transactions and Mail Order or Telephone Order (MOTO). Pay by Link allows merchants to securely and easily accept payments without a storefront by sending customers a payment link via email or SMS, with a pre-defined transaction value. Once a customer clicks on this link, they’re directed to a secure payment page, where they can fill in their payment details to complete the purchase. With a virtual terminal, you can accept remote purchases easily and securely using your phone, laptop or tablet via our payment gateway.
Does your payment gateway support international payments?
Yes, we offer multi-currency pricing, helping you achieve a smooth online payment experience globally. You can accept payments in more than 150 currencies and have funds settled in over 25 currencies. Alongside this, you’ll get valuable insights through our comprehensive dashboard reports, covering key transaction metrics like transaction volume, transaction statuses and more.
What’s the difference between a payment gateway and payment processor?
While both are involved in the payment process, they’re each responsible for different components. As defined previously, a payment gateway is the technology used to authenticate and securely transmit payment data between various entities involved in the payment process.
While a payment processor, otherwise known as a payment service provider, is the entity that provides the payment processing services to the merchant, including the payment gateway and merchant account. They may also provide additional services like tokenisation, risk and fraud management and reporting. Furthermore, emerchantpay is a payment processor that provides a payment gateway solution, which securely transfers transaction data between all key parties involved in the purchase process.
What’s PCI compliance?
PCI Compliance, otherwise known as the Payment Card Industry Data Security Standard, is a mandatory set of requirements established by card schemes for managing online payments. This covers the storage, transference and processing of cardholder data. It requires various security measures to be carried out by a payment gateway like 3DS2, point-to-point encryption and SSL certificates. The purpose of this protocol is to protect consumers and banks against fraudulent activities.
It’s a necessity for all payment gateways to be PCI compliant and can lead to significant ramifications, if you or your payment service provider is found to breach this standard like fines and payment processing suspensions. emerchantpay’s solutions are all PCI compliant and include additional security measures on top of this like tokenisation, Address Verification Service and fraud management solutions to help protect your business against fraudulent attacks.
How to change your payment service provider?
Looking to change your current payment provider? Here’s how you can get started with emerchantpay in just five steps:
- Review your current contract: Prior to making the switch, you’ll first need to view the terms of your existing contract. Important things to look out for include the contract end date, early termination fees and notice periods. Inform your provider about your decision, so your contract is not automatically renewed. If you have processing equipment, confirm if this will continue operating when you start with emerchantpay. Otherwise, we can set you up with new processing hardware and software.
- Set up your new account: As part of this, we’ll need to grab some standard information like your personal and business details, alongside the services you require. We’ll also identify a new payment solution based on your business’ and customer’s needs.
- Installation: Once a setup and transfer date has been agreed upon, we’ll set up a merchant account and install your chosen payment solution, which includes setting up a secure payment gateway.
- Onboarding and training: To help you navigate our products and solutions, we’ll conduct a training session and send detailed guides to show you the ropes. Plus, you’ll receive regular emails notifying you about important features and updates.
- Reporting and ongoing support: Once you’re up and running with us, you’ll receive detailed reports, covering key payment metrics like transaction volume, transaction statuses and more! You’ll also have access to your very own Account Manager, Risk Analyst and 24/7 technical support.