A Payment Gateway is service provided by an e-commerce application service provider which facilitates the authorization process between the merchant, processor, and issuing bank. The payment gateway is essentially like an in-store physical POS – or point of sale – terminal located in most retail businesses all over the world. Payment gateways encrypt very special information like credit card numbers and personal identification, to ensure that such information is transferred with the utmost security between the customer credit cardholder and the merchant conducting business.
A payment gateway makes it easier for the transfer of information between a front end processor or acquiring bank and a payment portal, such as a website or interactive voice response service and the front end processor or acquiring bank. When an online customer orders a product or service from a payment gateway enabled merchant, the payment gateway performs a great number and diversity of tasks in order to process the entire transaction.
Several payment gateways provide basic tools to automatically screen sales orders for fraud and also calculate sales tax in real time just before the authorization request is sent to the processor. Many tools to detect sales fraud include velocity pattern analysis, identity morphing detection, delivery address verification, geolocation, finger printing technology and fundamental AVS checks.
The complete process from authorization to settlement and later to final funding usually takes three days. The initial process takes only two or three seconds.
An online customer places an order on a company website by pressing an order button after selecting their purchases or services. They may alternatively provide their credit card details by using an automatic phone answering service.
When online, customer’s web browser encrypts all of the information, which will be sent between the browser and the web server of the merchant. This is done through a device known as an SSL or Secure Socket Layer encryption.
The merchant proceeds to forward the transaction details to their own payment gateway, which is also an SSL encrypted.
The payment gateway, in turn, forwards all of the transaction information to the processor used by the merchant’s acquiring banking institution.
All of the transaction information is sent to either MasterCard or Visa.
If an American Express or Discover Card was used in the course of the sales transaction, then the processor acts as the acquiring bank and directly provides a response of approved or declined to the payment gateway. The credit card association then routes the transaction to the correct card-issuing bank.
A credit card issuing bank receives the authorization request and sends a response directly back to the processor with a unique response code. In addition to determining whether the payment is approved or declined, the response code defines the reason why the transaction failed.
Next, the processor sends this response directly to the payment gateway. The payment gateway receives the response, and, in turn sends it to the website where the payment was processed and where it is interpreted, and a relevant response is relayed back to the credit cardholder and the business.
Before the business is allowed to request settlement, it must mail the product or provide the service sold the online customer.
At the end of the day or series of sessions, the merchant submits all their approved authorizations in what is known as a “batch” to their acquiring bank for settlement.
Finally, the acquiring bank deposits the approved funds in to the merchant’s account.