What is a payment gateway?

A payment gateway enables you to process digital payments. It is a means of collecting customer information for payment, and does the following:

• Validate the customer’s card details securely
• Ensure there are enough funds to complete the transaction
• Approve the transaction and transfer the amount to your account

A payment gateway (you can read more about this on our Platform Page) will do the above through encrypted gateway servers, so you don’t need to worry about holding sensitive customer data.

So, why do you need a payment gateway?

First and foremost, it provides a consistent customer experience onsite by streamlining the payment process for your business and concentrating all payment channels into a single platform. It is secure which means you don’t need to worry about storing sensitive customer data. It also gives you more control over transactions and enables you to operate with different currencies and alternative payment methods.

Payment gateways operate both for in-person payments at a store or eatery where a point of sale (POS) system is being used, and in online transactions.

In an in-person transaction, the payment gateway operates like this:

• The customer will present their card to a POS device
• The payment gateway encrypts the information received from the POS
• This information is past the acquiring bank (i.e. the bank account of the store, where funds will be deposited if the transaction is successful)
• The acquiring bank then uses a payment processor then links to the card network the customer is using (for example, Visa or Mastercard)
• The card network then sends the transaction to the issuing entity (this is the organisation that has issued the card – often a bank or building society)
• The card issuer will verify that sufficient funds are available and that the transaction is legitimate. It will then approve or decline the transaction

In an online transaction, the payment gateway works in the following way:

• The customer wants to make a purchase online and is directed to the payment page of the website.
• They select their payment method and enter their details, for example, their debit card details. This will include their name, card number, expiration date and CVC number.
• The information is passed onto the payment gateway, based on your chosen method of integration (more on that below).
• The card details are encrypted by the payment gateway.
• Fraud checks are performed before the card data is sent to the merchant acquirer.
• The acquirer securely sends the information to the card schemes. Another layer of fraud checks are carried out before the payment data is transferred to the issuing bank for payment authorisation.
• The issuing bank authorises the transaction. This approved or declined payment message is transferred to the acquirer by the card schemes.
• The merchant acquirer then sends the approval message back to the payment gateway which then transmits the message to the merchant.
• A payment confirmation page will be displayed online if the transaction is approved. If it is declined the customer may be asked to provide another payment method.

What your customers see when it comes to making their payment will be defined by your choice of payment gateway and how it is integrated into your website. The three main types include:

• On-site payments – these are handled by your server, with the checkout experience and payment processing all working through your system.
• Checkout on-site, payment off-site – the front-end checkout occurs on your site, but the payment processing is done through the payment gateway’s back end.
• Redirects – PayPal is a good example of a redirect, where the customer is taken to a PayPal payment page to complete the payment transaction.

The type of gateway you choose is really up to you. Our helpful blog post on payment gateways gives a quick overview of the key considerations, or you can take a look at how our payment gateway works.

Payment gateways have some different security capabilities and must be PCI DSS compliant. Key security features include:

• Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols – These encrypt the online connection between the browser and the server. This creates end-to-end protection for sensitive information and means customer data collected by a payment gateway can be securely transmitted.
• 3D Secure – This is a security feature that asks for an additional layer of verification with the card issuer at checkout. It could be using a username and password authentication, plus a phone or app.
• Tokenisation – Sensitive data is replaced by random numbers rendering confidential information meaningless.
• Address Verification – Once a customer enters their address as part of the payment process, this will need to be verified before the transaction can be approved.

It’s important to understand the distinction between a payment gateway and a payment processor.

The payment gateway is the means of collecting the customer information for payment. The payment processor then takes this information to contact the issuing bank (the customer’s bank) and the merchant acquirer (the merchant’s bank). It facilities each of the steps in the transaction to ensure that the merchant account is credited with the funds and that those funds are taken from the customer’s account.

The payment processor will be a technology company that has the infrastructure to authorise transactions and move them from the merchant through the card networks to a consumer’s bank and back again. The payment processor plays an integral role in the payment cycle.

As you can see from the above, a payment gateway is just one factor to get right when accepting payments for your business. You also need to consider your payment processor, payment orchestration and how you manage and use data.

At Aevi, our payment platform features an open, cloud-based payment gateway that works with any payment type, anywhere in the world. It works with whatever payment methods your customers use and enables you to manage them simply and effectively. The platform is also customisable to your exact requirements and enables you to integrate all elements of your payment process through precise payment orchestration. Learn more about the capabilities of our platform and what it can mean for your business.