The Complete Guide to Online Credit Card Processing With a Payment Gateway
It’s no exaggeration to say that the internet and eCommerce have radically transformed the way we shop for and buy things more than any other development since mail order and telephone ordering became available over 100 years ago. Today, we can buy things online from the comfort of our own homes, and using credit cards to pay for those things is both convenient and secure. Of all the numerous software applications that make this possible, none is more important than the payment gateway.
What is a payment gateway? At its simplest, a payment gateway is a software application that acts as a conduit between an eCommerce merchant’s website and the bank that will authorize (or decline) a customer’s credit card payment. Payment gateways can also process direct transactions using payment methods such as eCheck (ACH) payments or bank-issued debit cards. Regardless of the payment method used, the primary function of the payment gateway is to securely transmit sensitive credit/debit card or bank account information from the customer to the customer’s issuing bank and all other parties that are involved in the transaction.
Table of Contents
How a Payment Gateway Works
Although it’s a rather complex process, it’s important to understand how a payment gateway works. To a customer, it’s pretty simple: click on a “Buy” button, enter your payment information, confirm your order, and then sit back and wait for a package of goodies to arrive in the mail. Behind the scenes, there’s a lot more going on. Let’s start with a visual representation of how a payment gateway processes a transaction:
Here’s how the sausage is made: In step 1, the customer places an order and provides a payment method. For this example, let’s assume that the customer has placed the order through your eCommerce website, and that they’re using a Visa credit card issued by Bank of America as their payment method. As a merchant, all you have is the customer’s name, billing address, credit card number, expiration date, and possibly a credit card verification (CCV) number. There’s no magstripe to swipe or EMV chip to dip. Because of this, the credit card transaction will be processed as a “card-not-present” transaction, and the processing rate will be higher due to the increased risk associated with not being able to physically verify the credit card or the customer’s identity. The customer’s information is uploaded to the payment gateway, which encrypts it and sends it on its way.
The first stop is the merchant’s processor (step 2). Note that this is the company that actually processes the transaction, and not necessarily your merchant account provider. If your account provider uses a backend processor (commonly First Data or TSYS), that’s where the information will go. Some of the larger merchant account providers are direct processors, meaning there’s no middle man.
In step 3, the processor then routes the transaction data to the credit card association (in this case, Visa). Although the most popular credit card associations (i.e., Mastercard and Visa) can’t approve or decline a transaction, they need to know about it because they’re going to charge a small fee (known as the interchange) for every approved transaction. Your processor will pay this fee and pass it on to you when they process your transaction. Other credit card associations, such as American Express and Discover, function as the issuing bank and can approve or decline the transaction themselves.
For Visa and Mastercard transactions, step 4 is the most critical step of this entire process. This is where the transaction is either approved or declined. Is the credit card valid? Is the customer an authorized user of the card? Are there sufficient funds available that the transaction won’t exceed the card’s credit limit? Are there no other holds or freezes on the card? If the answer to all the above is yes, then the transaction will be approved. If not, it will be declined and the bank will transmit a code identifying the reason why it was declined.
While all of this seems convoluted, these first four steps occur within a few seconds of the customer placing an order. This is because the processes involved are all completely automated these days, so you don’t have to wait for a human to review any of the information being transmitted.
If the transaction is approved, step 5 is where the transaction information starts to flow back in the other direction. Once it has authorized the transaction, the issuing bank must transmit that authorization back to all affected parties in the payment processing network, starting with the credit card association. The authorization then passes to the processor (step 6) and then back to the merchant’s business (in this example, your eCommerce website) via the payment gateway in steps 7 and 8.
With a valid authorization, the sale is complete and you can ship the customer’s order. At this point, the customer will see a “temporary authorization” on his or her online credit card account. The transaction “clears” when the issuing bank releases the necessary funds to cover the customer’s order and pay all the other parties to the transaction.
Step 9 is, naturally, the merchant’s favorite step – it’s where you (finally) get paid. Once your processor receives the appropriate funds from the customer’s issuing bank, they process the transaction. The processor, credit card association, and issuing bank all get a cut of the processing fee. What’s left gets deposited in your bank account. Although everything up to step 8 can take place in a matter of seconds thanks to automation, step 9 takes a little longer. Merchants usually receive their funds within 48 hours of receiving an authorization. This time frame can be shorter or longer, depending on several factors. Some processors can get your money to you in about 24 hours. At the same time, if the transaction is flagged as possibly being fraudulent, your funds might be held for several days or longer while the processor investigates the matter.
Do I Need a Payment Gateway?
While a payment gateway is pretty handy, the process described above is almost identical to what happens when you take a customer’s credit card in person and use a credit card terminal to process the transaction. Differences include the following:
- Payment gateways transmit data only through the internet, whereas most credit card terminals (including plug-in card readers that attach to a smartphone or tablet) can send and receive data through either the internet or cellular telephone service.
- Transactions processed over a payment gateway will usually be processed as “card-not-present” transactions. Without being able to actually see the customer’s credit card or access the data on the card’s magstripe or EMV chip, the merchant has to rely on the credit card information that the customer inputs when placing an order. Because the potential for credit card fraud is much higher, card-not-present transactions are processed at a significantly higher rate than card-present transactions.
Not every business needs a payment gateway, and for this reason merchant account providers offer them as an optional, add-on service to a basic merchant account. In most cases, they’ll also charge for this “extra.” Depending on your merchant account provider, you’ll usually pay a monthly fee for a payment gateway that’s in addition to whatever monthly fee you have to pay for your basic merchant account. Setup fees for integrating the gateway into your website are also common, although not all providers charge for this service.
Obviously, if you’re running a purely eCommerce business, you’re going to need a payment gateway. There simply isn’t a way to accept credit cards through the internet without one. Likewise, businesses that include both retail and online components will also need one. But what about a strictly retail business with no online presence? If you don’t sell any goods or services over the internet, you don’t necessarily need a payment gateway. However, you might still benefit from one. How? By using a gateway to operate a virtual terminal to turn your laptop or desktop computer into a web-based version of a credit card terminal or POS system. By itself, a virtual terminal application on your computer will allow you to process keyed-in (or card-not-present) credit card transactions. Add a USB or Bluetooth-based card reader – which some virtual terminals support – and you can now swipe or dip credit cards without the need for a dedicated terminal. You will also find that some POS software requires a payment gateway to function.
Payment Gateway Vs Merchant Account
Payment gateways and merchant accounts are both somewhat fuzzy concepts, and it’s easy for people to get the two of them confused. A merchant account allows you to accept credit cards and provides an account where funds can be deposited and processing charges and fees can be deducted. If you’re just using a credit card terminal to accept credit cards, you can have a merchant account without the need for a payment gateway. This, of course, is only true for retail-only businesses.
A payment gateway, on the other hand, is simply a web service that allows credit card transactions to be processed over the internet. If you’re in eCommerce, you’ll need both a merchant account and a payment gateway to accept credit cards online. Because not all merchants need a payment gateway, they usually aren’t a standard feature of a merchant account, although some services do bundle the two together. Instead, merchant account providers will offer them as an optional feature when setting up your account. A merchant account provider might offer you their own proprietary payment gateway, or they might set you up with a third-party gateway, such as Authorize.Net.
Payment Gateway Features
In addition to their basic function of transmitting and receiving credit card transaction data via the internet, most payment gateways also come with several useful “extras”. Features you should consider in choosing a payment gateway include the following:
- Payment Information Storage: No customer wants to have to re-enter their credit card information every time they place an order. Payment information storage builds a database of customer information, so the customer can simply choose a card they’ve used before when they come back to your site. Best of all, the gateway encrypts this information and stores it separately from your website. This provides an additional layer of security and eases your PCI compliance requirements. One potential pitfall with this feature involves data portability, or rather the general lack of it. If you switch to a different gateway provider, you will often lose all your customer data and have to start over from scratch. Depending on the gateway provider, it might be possible to transfer the data to your new gateway, but this can be an expensive and time-consuming endeavor.
- Encryption: All payment gateways encrypt sensitive credit card information before they pass it along to the processing bank.
- Recurring Billing: Subscription-based pricing is more popular than ever, and a recurring billing feature can allow you to automate this process. You can also customize things like billing intervals and set up trial periods for your subscriptions.
- Virtual Terminal: As noted above, a virtual terminal is a browser-based version of the physical credit card terminal. A virtual terminal allows you to input a customer’s credit card information and process a transaction directly through your computer’s web browser via an online web form. Virtual terminals can also be set up to run on mobile devices, including smartphones and tablets. In a retail setting, you can attach a USB-connected credit card reader and take advantage of lower, swiped (or card-present) processing rates.
- PCI Compliance: Several gateways on the market today simplify PCI compliance for eCommerce merchants. Transactions are conducted on the gateway provider’s servers, instead of the server hosting your website. Because the gateway interface is integrated into your website, the customer never needs to leave your site to complete an order. With this arrangement, you don’t need to maintain a secure network to be PCI compliant (it’s still a good idea, of course). CDGcommerce calls this Instant 1-Step PCI Payment Processing, although this feature is common among other gateway providers as well.
- API Tools and Developer Information: One of the most appealing features of payment gateways is that they’re generally “plug and play,” meaning you can set them up on your website without having to do any coding. If, on the other hand, you’re proficient at HTML and CSS (or you have access to a web developer who can do it for you), most gateway providers offer a number of APIs (application program interface) that will allow you to customize how the gateway functions on your website. Each gateway provider has their own unique set of APIs that you can access.
- QuickBooks Integration: Most major payment gateways will integrate directly with QuickBooks, potentially saving you many hours of manually transferring transaction data into the program.
Payment Gateway Integration
Payment gateway integration connects your payment gateway to a payment device, usually an eCommerce shopping cart. The integration process can be easy or difficult depending on how you’re integrating. If you’re using a popular shopping cart like Shopify or Magento, there are pre-built payment gateway modules that make integration a breeze. If the shopping cart doesn’t have a pre-built module, you’ll have to do a custom integration. This requires the talents of a knowledgeable web developer.
Popular Payment Gateways
To sign up for a payment gateway, you can either get one as an add-on to your existing merchant account, or go directly with an independent payment gateway provider. Currently, the most popular payment gateway on the market is Authorize.Net. Many merchant account providers will set you up with Authorize.Net if you need a payment gateway. You also have the option of signing up with them directly, which is a handy option if you don’t already have a merchant account.
Payment gateways directly through Authorize.Net currently cost an initial $49.00 set-up fee, then $25.00 per month to use the gateway thereafter. If you don’t have a merchant account already, Authorize.Net offers flat-pricing for transaction processing: 2.9% + $0.30 per transaction. Processing is done by a number of payment processors.
If, on the other hand, you use Authorize.Net through your merchant account provider, you can often get a discount. Many merchant account providers will waive the $49.00 set-up fee, and some will also give you a discount on the monthly gateway fee. While this is a good deal, look closely at all the other fees your merchant account provider will charge you before deciding to go with this option.
There are, of course, other options. The Quantum Gateway, offered by CDGcommerce (one of our favorite providers), is also an excellent choice. This gateway offers all the standard features described above, but the best thing about it is that it’s free to customers who have a merchant account with CDGcommerce. There’s no setup fee, no monthly gateway fee, and you won’t be charged an additional processing fee for transactions. If you prefer to use Authorize.Net, CDGcommerce now also offers this as an alternative gateway. Once again, it’s free – a significant savings over signing up directly with Authorize.Net.
While Authorize.Net and Quantum are two of the best and most popular payment gateways on the market, there are plenty of other options as well. When evaluating a payment gateway, be sure to look for the features described above. Security, fraud protection, and PCI compliance features are the most important things to look for in selecting a payment gateway.
While payment gateways can seem confusing at first, they’re really not that complicated. The rise of eCommerce has led to the development of sophisticated payment gateways that can be integrated seamlessly with your website without the need for specialized coding knowledge. Payment gateways not only perform the basic function of processing credit card transactions over the web, but also bring a host of security and fraud prevention features that protect both you and your customers. Integrations with online shopping carts and accounting software (such as QuickBooks) help to run your business more smoothly and efficiently.
If you’re an eCommerce merchant, payment gateways are not optional. You won’t be able to run an online business on your own website without one. At the same time, a payment gateway allows retail businesses to branch out and offer online sales in addition to selling goods out of a brick-and-mortar store. Even if your business doesn’t have a website, payment gateway services can still be useful as they can be combined with a virtual terminal and USB or Bluetooth credit card reader to replace a traditional credit card reader.