What is a Credit Card Payment Gateway and Why Should Merchants Care?
We’ve been spending most of our year living in a hacker’s paradise. Security breaches were pervasive in 2019, with everyone from Macy’s to WhatsApp falling prey. Ironically, due to consumers growing expectations for easy payments and a customized shopping experience, it’s also never been more important for retailers to earn consumer’s trust when it comes to their personal and payment data.
The business sector alone accounted for 67% of data breaches and 84.6% of exposed record in the first half of 2019. One data breach can destroy your business’s credibility. It’s important to know about the platforms involved in keeping customer information secure, so that you can ensure your business is shielded from those who would do it harm.
Credit card payment gateways are one of your first lines of defense against hackers. Let’s take a look at what payment gateways are, what they do, and what you should know about them.
What is a credit card payment gateway?
Payment gateways are virtual platforms that interface between your business, your customer’s bank, and their credit card company.
Gateways keep your customer’s payment information secure as it is sent between financial entities for verification. You may not have heard a lot about payment gateways before this, since they are often just built into payment processor’s offerings. In fact, you might be using one already without knowing it.
But every payment gateway provider isn’t compatible with every payment processor company, so in some cases you may find yourself seeking an outside payment gateway provider to fulfill your payment processing needs.
You can work with a third-party payment gateway provider if your existing gateway isn’t compatible with your existing processor. But this can also result in additional fees, like a set-up fee, a monthly fee to use the gateway, an additional fee for chargebacks, an additional percentage taken from each transaction, and more.
Why would merchants need one?
Credit card payment gateways authenticate customers’ credit card information and provide payment security throughout the process. Some type of payment gateway is necessary for you to process customer transactions in the first place.
However, payment gateways differ in their reliability, compatibility, pricing, and security. For instance, some hybrid payment processing/payment gateway providers will actually help your business to become PCI compliant (and non PCI compliance can result in fines of up to $5000 to $100,000 a month, so it’s not something you want to hold off on).
Two additional security services offered by certain payment gateway providers are encryption and tokenization. Encryption means that each customer’s data is protected by a password and algorithm as it bounces from your payment gateway to the customer’s card-issuing bank for approval that they have the funds (or credit limit) necessary to process the transaction. Encrypted data can’t be hacked without the password.
And if you see the term “point-to-point encryption” in payment gateway credit card processing, this just means that your customer’s data is password protected from the minute they swipe their card until their info returns to the payment processor.
Tokenization isn’t all that different from encryption, except that it replaces sensitive customer payment data with symbols––instead of password protecting it––to provide security as it bounces from the gateway, to the bank, to the payment processor.
Certain payment gateway solution providers offer tokenization as part of their value proposition, turning customer data into alphanumeric characters before it makes its journey to the customer’s bank for approval.
How does a credit card payment gateway work?
A credit card payment gateway first makes an appearance in the purchasing process right before the customer chooses their payment method for the transaction. The payment gateway needs to authenticate the retailer’s (your) online store before the customer even clicks the “buy” button. When customers pay with a credit card, the payment gateway sends the encrypted payment data to your customer’s bank for authentication, and then it receives a code in return that tells you whether the transaction was authenticated or declined, and the reason behind it.
Payment gateways vs. merchant service providers
Alright, so here’s the million-dollar question: how do payment gateways stack up against merchant service providers? Think of your credit card payment gateway as the virtual connection point between your business and your customer’s bank. Authorize.net, Square, Stripe, and Braintree are some of the leading payment gateway providers on the market. But keep in mind that many merchant service providers offer integrated payment gateways as part of their value proposition.
Most merchant service providers offer a lot more than just a virtual payment gateway. They offer a combination of physical and virtual offerings, which may include features such as––online shopping carts, POS systems, mobile swipe card readers, and API integrations with additional service providers (like CRM, customer data, and ecommerce hosting sites, among others).
You may have to mix and match your merchant service provider and payment gateway if they aren’t compatible with one another or your existing tech. However, its more cost-effective and less complicated to get all of your payment processing needs met in one place whenever possible––so look for an integrated payment gateway (as opposed to a non-integrated gateway) to save yourself time and money.
Types of credit card payment gateways
All credit card payment gateways aren’t created equally. Your choice of payment gateway (and that gateway’s API integrations) can mean the difference between making a sale or angering a prospective customer when you have to turn down the payment method they have on hand. While we already talked about the difference between integrated and non-integrated gateways, there are two credit card payment gateway options to consider in this comparison:
Hosted Payment Gateway
These sites that lead customers to a separate page to enter their payment information. This isn’t ideal since takes time for the additional page to load… time in which your customers may reconsider their purchase. But if you don’t have the technical acumen or support necessary to self-host your own payment gateway, this may be the most reliable option.
Self-hosted Payment Gateway
These let customers enter their payment information without leaving your checkout page––thus removing a major friction point along their path-to-purchase. Self-hosted gateways are the new gold standard, and even social media sites like Instagram are now allowing customers to checkout without ever leaving the app. However, with self-hosted payment gateways you may be responsible for PCI compliance and resolving any tech issues that arise, so talk to your solution provider to ensure you have a plan of action to fall back on in times of crisis.
Payment processing is complicated and, if done incorrectly, it can present major obstacles to your business’s ability to function effectively. A payment gateway crash can send your online customers running to your competitor’s site in droves. So, you want to be sure to align yourself with a merchant services provider that offers an integrated, self-hosted payment gateway with on-call technological support.
Payment Depot has an award-winning in-house customer service team ready to help ensure that your online checkout stays up-and-running without a hitch, so your online store never misses out on a single customer transaction… or the potential to make a profit.