Payment Gateways Part 1: An Introduction
Payment gateways are vital to today’s businesses – they securely validate a customer's payment card details, ensuring funds are available for you to get paid. In a series of articles on this crucial tool, we’ll take a look at the ins and outs of payment gateways, starting with this overview of the main considerations
Receiving prompt and secure payment for orders placed via your website is essential to any e-commerce system, but selecting and setting up the right payment gateway can often be low on the agenda when setting up a new site.
The payment gateway sits as a middleman between your customer’s bank and your bank. During this process the credit or debit card is validated, checks made to ensure funds are available, anti-fraud analysis run, and then (eventually) funds are transferred to your bank.?
Internet Merchant Account
To take payments online you will probably need an internet merchant account (IMA). Some gateways are an all-in-one solution and don’t require an IMA, such as Stripe. An Internet Merchant Account is different from your business bank account, you can’t pay in or withdraw from it – it’s just an intermediary account. The IMA enables you to start accepting online payments when used in conjunction with a payment gateway.
Internet Merchant Accounts can be obtained via your existing bank, or from some payment service providers (PSPs). The bank or the PSP will assess the risk of the business trading online, and for new companies, without a banking history, this can be a drawn-out process.
Choosing how to take payments
For taking payments a customer can either remain on your website to enter their card details (onsite transaction) or be taken to the gateway’s website to pay (offsite transaction). The former has an increased process for PCI compliance (see below).?
Within these, there is a subset of gateways, such as Apple Pay, Google Pay and PayPal, where a user has a payment method (either a card or bank details) and contact information stored in their account with the gateway. This means a customer only needs to authenticate the transaction, such as logging in to pay. Having these on your site can increase the conversion rate.
Anti-Fraud
Sadly, as with any financial transaction, taking payments online carries a risk of fraud. All payment providers will have a level of anti-fraud technology, screening cards and customer information and grading the results. Some systems will auto-block transactions with a high risk, others will flag them so you can make a decision. There is a careful balance to find between preventing fraud and not making it difficult for real customers to pay.?
3D Secure transactions, where a customer is prompted to enter a password/code to complete the transaction, are covered by a liability shift. Should a 3D Secure transaction be claimed as fraudulent, the onus moves from you to the card issuer.
PCI-DSS Compliance?
Payment Card Industry Data Security Standard is a set of worldwide requirements which aim to protect cardholder information from theft and fraud. If you take any sort of credit/debit card data (including card machines) you must comply with the standards and take steps to prove you have done so to your bank.?This is usually done via a Qualified Security Assessor (QSA), companies that will be helping you perform PCI compliance assessments.?Failure to be PCI compliant can result in fines from your bank and the loss of the ability to take card payments.
If you use an offsite payment method then you should be able to complete a yearly Self Assessment Questionnaire (SAQ) to achieve compliance. If you take onsite payments this will involve a much more detailed questionnaire and a regular vulnerability security scan of your website and network. Using a virtual terminal (see below) will also increase your PCI requirements as you are directly handling customer’s card data.?
领英推荐
For more information on PCI DSS please visit?https://www.pcisecuritystandards.org/??
Extra Features
Selecting a gateway shouldn’t just be about transaction fees – also check what additional services and features are available.
Virtual Terminals
A virtual terminal allows you to process card payments over the phone or via their written instructions, typing their details into your computer. You will need to see if you require a Mail Order Telephone Order (MOTO) merchant account to take advantage of a virtual terminal. Note that virtual terminals will affect the requirements of your PCI compliance.
Reporting
Reconciliation of accounts is also vital to any business, so having clear and accurate information on tap in a useful format is a huge benefit.?
Invoicing & Link Payments
Some providers allow you to issue invoices directly from their platform to your customers. The invoices contain a link to pay directly online via card, so often get paid much quicker than traditional paper invoicing.
If you’re not after full invoicing, some platforms have the ability to send a simple link to a customer via email, which takes them to a payment page to enter card information.
Integrations
Maybe they offer direct integration to your accounts software or add-ons that allow for recurring payments, but check out add-ons or plugins that extend the functionality of the gateway. Also be aware of future requirements you may have, such as taking payments?in other currencies and check that your chosen gateway can do those.?
Final Thoughts
It’s always best to speak to your web development agency before engaging with any payment gateway, as they will have experience with a wide range of them and can help you navigate the pitfalls. They will also be familiar with what gateways your ecommerce site can work with, as some platforms are harder to integrate than others and while you may save a few pounds on your transaction fees the initial integration fees can offset that for smaller stores.?
Found this interesting? Look out for the next article in our series on payment gateways!