Payment gateway

Last updated

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payment processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. [1] The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.

Contents

A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank.

Payment gateways are a service that helps merchants initiate e-commerce, in-app, and point of sale payments for a broad variety of payment methods. The gateway is not directly involved in the money flow; typically it is a web server to which a merchant's website or POS system is connected. A payment gateway often connects several acquiring banks and payment methods under one system.

Typical transaction processes

When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction. [2] [ failed verification ]

  1. The order is placed.
  2. The payment gateway may allow transaction data to be sent directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces the merchant's PCI DSS compliance obligations without redirecting the customer away from the website.[ original research? ]
  3. The merchant forwards the transaction details to their payment gateway.
  4. The payment gateway converts the message from XML to ISO 8583 or a variant message format (format understood by EFT Switches) and then forwards the transaction information to the payment processor used by the merchant's acquiring bank.
  5. The payment processor forwards the transaction information to the card association (e.g. Visa, Mastercard), which may act as the issuing bank or route the transaction to the correct card issuing bank.
  6. The issuing bank validates the request and sends a response back to the payment processor with a response code to indicate whether the request was approved or denied, along with the reason why the transaction failed if applicable. Meanwhile, the credit card issuer holds an authorization associated with that merchant and consumer for the approved amount.
  7. The payment processor forwards the response to the payment gateway, who forwards it to the website.
  8. The entire process typically takes 2–3 seconds. [3]
  9. The merchant then fulfills the order and the above process can be repeated but this time to "clear" the authorization by consummating (e.g. fulfilling) the transaction. This results in the issuing bank "clearing" the "auth" (i.e. moves auth-hold to a debit) and prepares them to settle with the merchant acquiring bank.
  10. The merchant submits all their approved authorizations, in a "batch" at the end of the day, to their acquiring bank for settlement via its processor. This typically reduces or "clears" the corresponding "auth" if it has not been explicitly "cleared".
  11. The acquiring bank makes the batch settlement request of the credit card issuer.
  12. The credit card issuer makes a settlement payment to the acquiring bank (the next day in most cases).
  13. The acquiring bank subsequently deposits the total of the approved funds into the merchant's nominated account (the same day or next day). This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.
  14. The entire process from authorization to settlement to funding typically takes 3 days.

Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation, velocity pattern analysis, OFAC list lookups, 'deny-list' lookups, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.

White label payment gateway

Some payment gateways offer white label services, which allow payment service providers, e-commerce platforms, ISOs, resellers, or acquiring banks to fully brand the payment gateway’s technology as their own. [4] This means PSPs or other third parties can own the end-to-end user experience without bringing payments operations—and additional risk management and compliance responsibility—in house, although the party offering the white labelled solution to its customers might still be responsible for some regulatory requirements such as Know your customer. [5]

See also

Related Research Articles

<span class="mw-page-title-main">Debit card</span> Card used for financial transactions, usually without a credit line

A debit card, also known as a check card or bank card, is a payment card that can be used in place of cash to make purchases. The card usually consists of the bank's name, a card number, the cardholder's name, and an expiration date, on either the front or the back. Many new cards now have a chip on them, which allows people to use their card by touch (contactless), or by inserting the card and keying in a PIN as with swiping the magnetic stripe. Debit cards are similar to a credit card, but the money for the purchase must be in the cardholder's bank account at the time of the purchase and is immediately transferred directly from that account to the merchant's account to pay for the purchase.

<span class="mw-page-title-main">Mastercard</span> American multinational financial services corporation

Mastercard Inc. is an American multinational payment card services corporation headquartered in Purchase, New York. It offers a range of payment transaction processing and other related-payment services. Throughout the world, its principal business is to process payments between the banks of merchants and the card-issuing banks or credit unions of the purchasers who use the Mastercard-brand debit, credit and prepaid cards to make purchases. Mastercard has been publicly traded since 2006.

<span class="mw-page-title-main">EMV</span> Smart payment card standard

EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay, Mastercard, and Visa", the three companies that created the standard.

Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over networks, specifically, the Internet. SET was not itself a payment system, but rather a set of security protocols and formats that enabled users to employ the existing credit card payment infrastructure on an open network in a secure fashion. However, it failed to gain attraction in the market. Visa now promotes the 3-D Secure scheme.

An e-commerce payment system facilitates the acceptance of electronic payment for offline transfer, also known as a subcomponent of electronic data interchange (EDI), e-commerce payment systems have become increasingly popular due to the widespread use of the internet-based shopping and banking.

<span class="mw-page-title-main">Dynamic currency conversion</span> Foreign exchange process

Dynamic currency conversion (DCC) or cardholder preferred currency (CPC) is a process whereby the amount of a credit card transaction is converted at the point of sale, ATM or internet to the currency of the card's country of issue. DCC is generally provided by third party operators in association with the merchant, and not by a card issuer. Card issuers permit DCC operators to offer DCC in accordance with the card issuers' processing rules. However, using DCC, the customer is usually charged an amount in excess of the transaction amount converted at the normal exchange rate, though this may not be obviously disclosed to the customer at the time. The merchant, the merchant's bank or ATM operator usually impose a markup on the transaction, in addition to the exchange rate that would normally apply, sometimes by as much as 18%.

An address verification service (AVS) is a service provided by major credit card processors to enable merchants to authenticate ownership of a credit or debit card used by a customer. AVS is done as part of the merchant's request for authorization in a non-face-to-face credit card transaction. The credit card company or issuing bank automatically checks the billing address provided by the customer to the merchant against the billing address in its records, and reports back to the merchant who has the ultimate responsibility to determine whether or not to go ahead with a transaction. AVS can be used in addition to other security features of a credit card, such as the CVV2 number.

A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions. In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations. A high-risk merchant account is a business account or merchant account that allows the business to accept online payments though they are considered to be of high-risk nature by the banks and credit card processors. The industries that possess this account are adult industry, travel, Forex trading business, multilevel marketing business. "High-Risk" is the term that is used by the acquiring banks to signify industries or merchants that are involved with the higher financial risk.

A payment service provider (PSP) is a third-party company that allows businesses to accept electronic payments, such as credit card and debit card payments. PSPs act as intermediaries between those who make payments, i.e. consumers, and those who accept them, i.e. retailers.

3-D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the "three domains" which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain.

An acquiring bank is a bank or financial institution that processes credit or debit card payments on behalf of a merchant. The acquirer allows merchants to accept credit card payments from the card-issuing banks within a card association, such as Visa, MasterCard, Discover, China UnionPay, American Express.

Authorization hold is a service offered by credit and debit card providers whereby the provider puts a hold of the amount approved by the cardholder, reducing the balance of available funds until the merchant clears the transaction, after the transaction is completed or aborted, or because the hold expires.

Merchant services is a broad category of financial services intended for use by businesses. In its most specific use, it usually refers to merchant processing services that enables a business to accept a transaction payment through a secure (encrypted) channel using the customer's credit card or debit card or NFC/RFID enabled device. More generally, the term may include:

<span class="mw-page-title-main">Interchange fee</span> Fee paid between banks for card-based transactions

Interchange fee is a term used in the payment card industry to describe a fee paid between banks for the acceptance of card-based transactions. Usually for sales/services transactions it is a fee that a merchant's bank pays a customer's bank.

<span class="mw-page-title-main">Credit card</span> Card for financial transactions from a line of credit

A credit card is a payment card, usually issued by a bank, allowing its users to purchase goods or services or withdraw cash on credit. Using the card thus accrues debt that has to be repaid later. Credit cards are one of the most widely used forms of payment across the world.

A payment processor is a system that enables financial transactions, commonly employed by a merchant, to handle transactions with customers from various channels such as credit cards and debit cards or bank accounts. They are usually broken down into two types: front-end and back-end.

Card schemes are payment networks linked to payment cards, such as debit or credit cards, of which a bank or any other eligible financial institution can become a member. By becoming a member of the scheme, the member then gets the possibility to issue cards or acquire merchants operating on the network of that card scheme. UnionPay, Visa and MasterCard are three of the largest global brands, known as card schemes, or card brands. In recent years domestic card schemes such as AfriGo(Nigeria), Cartes Bancaires(France), Dankort(Denmark) and RuPay(India) have emerged, competing with the global brands. Billions of transactions go through their cards on a yearly basis.

<span class="mw-page-title-main">Rede S.A.</span>

Rede known as Redecard is a Brazilian multi-brand acquirer with 25 brands in its portfolio, for credit, debit and benefit cards. Its activities include merchant acquiring, capturing, transmission, processing and settlement of credit and debit card transactions, prepayment of receivables to merchants, rental of POS terminals, check verification through POS terminals, credit card machine and the capture and transmission of transactions using benefit-voucher, private-label cards and loyalty programs such as Multiplus. The company is the first largest in its sector. The company was traded in BM&F Bovespa and disclosed in September 24, 2012.

<span class="mw-page-title-main">Card security code</span> Security feature on payment cards

A card security code is a series of numbers that, in addition to the bank card number, is printed on a credit or debit card. The CSC is used as a security feature for card not present transactions, where a personal identification number (PIN) cannot be manually entered by the cardholder. It was instituted to reduce the incidence of credit card fraud. Unlike the card number, the CSC is deliberately not embossed, so that it is not read when using a mechanical credit card imprinter which will only pick up embossed numbers.

The Four Corners model, often referred to as the Four Party Scheme is the most used card scheme in card payment systems worldwide. This model was introduced in the 1990s. It is a user-friendly card payment system based on an interbank clearing system and economic model established on multilateral interchange fees (MIF) paid between banks or other payment institutions.

References

  1. "eCommerce: Payment Gateways". digitalbusiness.gov.au. Archived from the original on 18 November 2012. Retrieved 20 November 2012.
  2. Gulati, Ved Prakash. "The Empowered Internet Payment Gateway" (PDF). Computer Society of India. Archived from the original (PDF) on 10 August 2013. Retrieved 22 May 2013.
  3. "eCommerce: Choosing your payment methods". digitalbusiness.gov.au. Archived from the original on 23 January 2013. Retrieved 19 November 2012.
  4. Investopedia Staff (2008-05-21). "White Label Product". Investopedia. Retrieved 2017-07-20.
  5. "Acquirer Services - White Label Payment Processing - MasterCard Payment Gateway Services". www.mastercard.com. Retrieved 2017-07-20.