Payment gateways are an e-commerce application that authorizes payment of online businesses. There are numerous gateways and service providers each having their own pro’s and cons. Gateways are the equivalent of a physical point of sale terminal located in most retail outlets. Payment gateways are required to protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor.

Payment gateways are the transfer mechanism for information from a payment portal, such as a website, mobile phone or IVR service to the front end payment processor or acquiring bank. Gateways perform a multitude of tasks that all starts when a customer submits a transaction request through one of the previously mentioned payment portals. Below a sample process is outlined, you can also refer to our Gateway Flow Page under the Flowcharts and Graphs section.

• Customers place an order on a website by hitting the purchase, submit or equivalent. Or if by phone the customers enters their details via an automatic phone answering service.
• For e-Commerce transactions the information is then encrypted and sent from the browser to the merchants webserver.
• The transaction details are then forwarded on to the payment gateway. This connection between the server and the gateway is again encrypted to protect the data and is forwarded off to the server hosted by the payment gateway.
• The payment gateway forwards the transaction information to the payment processor or acquiring bank where the merchant holds a merchant account.
• From there the transaction is sent off to the card association. (I.e. Visa, MasterCard)
• The correct card association will then route the transaction to the correct issuing bank.
• Once the issuing bank receives the request, the transaction will be reviewed and based on a wide set of criteria will determine if the transaction is approved or denied. In either care a response will be sent back in the same order that it initially came through.
  • For Discover and AMEX cards the processor acts as the issuing bank and will directly provide an approval or denial response to the payment gateway.
• Once the processor sends the response back to the gateway it will be forwarded back to the website or other interface used to complete the transaction where the response code is interpreted and relayed to the card holder and merchant.

While the transaction has a long way to travel the amount of time that transpires is very quick and should be no more than a couple seconds (2-3).

Gateways have two different areas of security. First is the actual data security and encryption capabilities that are required as both personal and credit card information is sent through the gateway. Review our PCI and Security 101 page for information on data security.

The other part of gateway security is the built in fraud prevention tools that most come standard with most gateways. From geolocation, velocity pattern analysis, delivery address verification, computer finger printing technology, to identity morphing detection, having basic fraud prevention is critical in online commerce. For more information on fraud prevention take a look at the educational documents we have in the Fraud Prevention 101 section.