How do online payment gateways work?

June 28, 2019

How do online payment gateways work?

Online payment gateways 101 – All you need to know
EDI, HTTPS, VBV – shesh, payment gateways sure do love their acronyms (and if you need a little help with payment gateway jargon, start here). For now, let’s do away with the jargon to explain how payment gateways really work. Here’s our (simplified) guide.

Payment gateways – In a nutshell
The last time you paid by card in a bricks and mortar store you slotted your card into a terminal. A payment gateway can be thought of as a virtual online terminal which authorize electronic credit card and Automated Clearing House (ACH) payments. For businesses, they offer a streamlined payment solution, while their shoppers enjoy a seamless experience (or at least they should, if everything goes to plan).
As well as our good selves – Cardstream, other payment gateways include PayPal/Braintree, Stripe, and Square.

Five steps – From clicking ‘check out now’ to your bank paying up
1. The customer pops their items into their shopping bag and completes the checkout steps.
2. The merchant securely sends the information to the payment gateway, then one of two things happen…
a. The transaction routes to the ‘issuing bank’ (e.g. Natwest) for authorisation.
b. A 3D secure page pops up in front of the customer asking for verification.
3. The transaction will then be either authorised or declined (which one depends on enough funds being available in the customer’s account).
4. The payment gateway then notifies the merchant as to the outcome, with the merchant’s website then notifying the customer of their successful purchase.
5. In the case of successful transactions, the bank will then ‘settle’ the money with the payment gateway, after which the payment gateway forwards the money to the merchant.

All of which happens within just a few seconds – within which time the payment gateway has also processed numerous checks on the transaction.

Diving into the technicalities of fighting fraud
As ecommerce websites involve sensitive customer data the personal details of customers, data should be sent using HTTPS – which is simply a securer ‘line’ of communication between your shopper and your website, as it encrypts the data that is sent back and forth. This is now more of a necessity, as even bog-standard non-commerce websites are being flagged as insecure for using only HTTTP (not to mention it also potentially impacting Google Rankings).
Running behind the scenes of the ecommerce store/payment gateway interaction are a multitude of technologies that aim to protect against fraud. Just a few of the fraud detection tools that are used include:
• Delivery address verification
• AVS checks
• Computer finger printing technology
• Velocity pattern analysis
• Identity morphing detection
• Geolocation
Cardstream pro tip: If you’re in the midst of choosing a payment gateway provider, start by checking that they’re PCI DSS-Level 1 compliant. Not only is this a legal requirement, it also provides peace of mind that your payment gateway won’t be penetrated. All of which has never been more important than today, with GDPR in full force – legislation that could land your company with hefty fines should a data breach occur.

So that’s the basics of standard payment gateways. Now discover why our Cardstream solution is anything but business as usual…
Why Cardstream?