Payment gateway is a technology for the secure processing of electronic transactions. It authorises payments and establishes contact between a customer, a merchant and their banks. But the most important function of a payment gateway is to protect sensitive customer data such as a credit card number, secret code through encryption, tokenisation and other security methods. Payment gateways were explicitly developed for e-commerce and those organisations that deal with online payments. They act as an intermediary, encrypting information that a cardholder enters during checkout, authorising the payment and transferring the details between the rest of the payment processing parties. Thus, if regular store retailers use POS terminals to accept card payments, this role is assumed by the gateway in online transactions.
Let's find out how a transaction goes from start to finish with the participation of a payment gateway.
A customer makes an order on a merchant’s website and enters their credit card details on a checkout page.
Now a payment gateway comes into play. It encrypts the received info and securely sends an authorisation request to the merchant’s acquirer.
It also sends another request to the card network serving the cardholder (Visa, Mastercard, or other) to check if the card is valid and if there’re enough funds to withdraw.
The card network sends a confirmation to the merchant’s acquiring bank via a payment gateway and informs the acquirer of the amount to be debited from the customer's bank account.
The issuer checks the balance on the customer’s card and sends the confirmation of the transaction to the card network.
The card network sends the approval both to the acquirer and to the payment gateway.
After the transaction is approved, the funds will be debited from the customer's account and credited to the merchant's bank account.
The operation of a payment gateway is always accompanied by a set of security measures that ensure the complete protection of payment information from fraud. Here are the main methods we use to protect our customers and yours.
Cardholder data is secured by using a combination of symmetric and asymmetric cryptographic algorithms. All data is managed using multiple encryption keys with split knowledge and dual control. Thus, thieves won’t be able to make use of information stolen from the base without a unique key.
Using Transport Layer Security Protocol (TLS) version 1.2 Corefy ensures the safety of payment data during the transfer, guaranteeing a secure connection between the server and the client’s browser. The TLS protocol ensures that information is transmitted in encrypted form using the HTTPS protocol, which eliminates data interception and protects against redirection to fraudulent resources.
At Corefy, we process credit card payments online without touching card details. Instead, we use tokens to process transactions so that no server intrusion will harm cards. We also don’t store raw magnetic stripes, card validation codes, or PIN block data.
There are some points to consider when selecting a reliable payment gateway.
A payment gateway must meet specific requirements not to compromise sensitive card data. That’s why the largest card networks have developed a PCI DSS standard that contains 12 clauses covering all aspects of data protection. Working with unprotected gateways can entail negative consequences in the form of data leakage and fraud. Therefore, the integration of a PCI-compliant payment gateway is crucial for the smooth running of your business.
A payment gateway’s operation also depends on the way you integrate it. Some payment gateways provide an API that can be embedded directly into your website, while others redirect visitors to third-party services, while both of them are located on the server of the payment service provider. Think about what integration type will provide the best user experience for your customers.
Naturally, integrating and configuring a payment gateway will come with a cost. Apart from this, the provider will also charge various types of fees for their services, such as transaction processing fees, chargeback fees, recurring monthly fees, currency conversion fees, etc. Check and estimate these expenses before you conclude a contract with a payment gateway.
Unfortunately, no technical system is completely stable, and there is always the possibility of failures and malfunctions. However, if your payment service provider ensures timely and competent support, such issues are resolved promptly and will not affect your customers’ overall experience with the gateway.
A payment gateway and merchant account are the backbone of any e-commerce business. If you want to accept and process online payments, you’ll definitely need both of them. While many merchants mistakenly believe that they can choose one of the two for processing transactions, this is not the case. A gateway is responsible for authorising, encrypting and transferring online payments, while a merchant account is where your funds will be deposited after the transaction is completed. After some time, after the payment is approved and fees are charged, the money will be redirected to your main bank account.
To open a merchant account, you usually need to enter into an agreement with an acquirer. But most e-commerce merchants choose a more convenient option — contracting with companies that offer all-in-one solutions for processing all types of payments in any currency and from any location. By partnering with Corefy, you’ll benefit from strong security, user-friendly interface, multicurrency and multi-payment integration, and other valuable features for your business success.