Payment gateways play a crucial role in the payment process. They encrypt and then securely transmit a customer’s transaction data to the acquiring bank’s payment processor. If you run a business that accepts card payments, then understanding this is essential. This is how you setup a payment gateway.
What is a payment gateway?
A payment gateway is a technology that allows merchants to authenticate and facilitate customer payments. Payment gateways collect and encrypt sensitive customer payment information (e.g. credit card or digital wallet details), then securely transmit it to the payment processor.
Step 1: Understand how a payment gateway works and what the benefits are.
In this step, it is important to understand:
Who the main parties involved are in the payment gateway process
How the payment gateway works
Benefits of a payment gateway.
Let’s work through each of these now.
Who is involved in the payment gateway experience?
Customer – This is the buyer and could be a person or a business
Issuing bank – Also known as the customer’s bank, this is the financial institution that issued the customer’s debit or credit card
Merchant – This is the seller and could be a person or a business
Acquiring bank – Also known as the merchant’s bank, this is the financial institution where the merchant holds an account and receives card payments
Business bank account - This is different from the merchant account. The merchant account deposits receipts from your card sales into your business bank account. The business bank account holds all your company funds, including cash and card sales. It is also used to pay your business’s costs, such as payroll and bills
Payment gateway – A service that encrypts and then securely transmits the transaction data to the acquiring bank’s payment processor.
Payment processor - Technology that receives the customer payment data from the payment gateway, authenticates it and initiates the transfer of funds from the customer’s issuing bank to the merchant’s acquiring bank.
How it works online
When the customer is at an online checkout, they will be asked to enter their card details. The payment gateway encrypts the card details and sends the card data securely to the payment processor, which authenticates it and performs fraud checks before sending the data to the customer’s issuing bank.
The issuing bank then verifies the cardholder’s details, checks their account balance to ensure they have the funds to pay and redirects the customer to the issuing bank’s authorisation page for security purposes.
The issuing bank settles the payment with the payment gateway, which then settles the payment with the merchant account.
Once the payment process is complete, the customer will receive confirmation that the order has been placed.
How it works at bricks and mortar stores
Let’s compare the online payment experience with the in-store experience.
The customer is presented with a Point-of-Sale (POS) terminal at a store checkout.
They will then choose whether to present a physical card or pay through their smartphone and, depending upon the transaction amount and payment method, may be asked to enter a unique four-digit Personal Identification Number (PIN) number.
The POS encrypts the card details and sends the card data securely to the payment processor, completing the fraud check and verification process before confirming whether the transaction has been placed.
As you can see, the point-of-sale system triggers the payment gateway experience, passing the sale and payment details to the payment processor.
Benefits of a payment gateway.
The payment gateway performs an invaluable role, which, when done well, is a seamless process that goes largely unnoticed by the customer and is:
Secure – Thanks to the PCI DSS standards and 3-D Secure
Speedy – Quick to authorise and settle payments
Scalable – Designed to handle high volumes of transactions
Informative – Creating important transaction data and reporting insights
Convenient – Accepting a variety of payment methods
Constantly evolving - In the pursuit of a seamless customer experience, payment technology has continued to evolve at a rapid rate
Easy to integrate – Easy to set up. With hassle-free integration
Global – Accepting international transactions and providing a global reach.
Step 2: Decide on the type of payment gateway that you need.
Payment gateways are essential for any business taking credit or debit card payments from their customers. When it comes to hosting a payment gateway, there are three methods to choose from: self-hosted (on-site method), hosted (off-site method), or non-hosted (API method).
Self-hosted. The on-site method
Self-hosted payment gateways, also known as the ‘on-site method’, is when the customer enters their card details on your website. The data is gathered and then sent to the URL of the payment gateway.
This is particularly popular with merchants that process large online sales. And it comes with some innate advantages. Because the checkout experience and payment processing all work through the merchant’s system, the customer journey is uninterrupted and a seamless experience that the merchant can completely control. It’s quicker, reducing the likelihood of cart abandonment. And it will look and feel like the rest of the website.
Such advantages come at a cost. Bespoke integration requires complex development. It can be expensive. And it will be time-consuming. You’ll need to figure out how your team will receive technical support when things go wrong. And you’ll need to ensure the payment gateway is fully secure and PCI-compliant.
Hosted. The off-site method.
Hosted payment gateways, also known as the ‘off-site method’, is when the customer clicks on the payment link and is taken to a payment processor’s page to enter their card details. The customer is returned to your website after they have made the payment. A popular option for off-site payments is a re-direct, which occurs when your online customer is directed away to a specialist gateway provider such as PayPal.
By taking the customer off your site, you are throwing in another customer experience. It will look and feel different. You may be able to add your name or logo to the card details page and possibly choose the colour background, but that’s about all the customisation you’re likely to get. And you won’t be able to control the process flow. Cart abandonment is a risk. That said, installing is simple, and you are delegating all security responsibility to a third party who should be experienced at ensuring full PCI compliance.
And for smaller businesses, there is a wonderful convenience about delegating something so technical to a specialist supplier.
Non-hosted. The API method
Non-hosted payment gateways, or the ‘API method’, is when the customer completes transactions directly on your website without being redirected to a third-party payment page. Theoretically, it offers you and your customers the best payment gateway experience.
Unlike hosted payment gateways, you’re responsible for handling all payment data and ensuring it is sent securely. So, your developers will need to be thorough. Expect conversations about fraud protection systems, tokenisation, SSL encryption and many other technical areas that ensure your customer’s payment data is kept private.
What’s wonderful about the API method is that you completely control the payment process and customer experience. Because it is done on your site, the checkout experience should be speedy and seamless. Expect reduced cart abandonment. And enjoy full customisation, keeping you in total control of the user’s experience. All of this should add up to a better customer experience.
Because non-hosted gateways allow you to track your customer data more accurately, you can link each purchase with your customer’s account, monitor their buying habits and integrate this insight into targeted customer marketing campaigns, creating a more personalised customer experience.
Step 3: Identify the payment gateway features which are most important to you.
Payment gateways can offer a wide variety of features. And you must identify the ones that matter most to your business.
Being PCI DSS compliant is non-negotiable. But you must ensure that the payment methods your customers like to use are supported. Payment gateway fees are usually broken down into three separate costs: setup, monthly, and transaction fees. What you end up paying will vary by provider, who may skew their pricing to attract their target customer, so shop around and forecast your likely spend with each one.
Customer demand for partial payments is on the rise, with ‘buy now, pay later’ options at the customer checkout, so depending upon the nature of your business, this may be something to consider.
Other considerations include the bank settlement time each provider offers and the customer checkout experience.
Step 4: Decide whether you would like to self-build your payment gateway or use a third party.
If your business processes a low number of transaction volumes, the most convenient and cost-effective route for you will be choosing a third-party gateway. The payment gateway market has never been more competitive, and there are plenty of software providers to choose from. So be curious and check them out.
If your business handles a substantial volume of transactions or operates in a niche sector, you could consider building your payment gateway. Built well, you can create high security, flexibility, and scalability with a seamless, on-brand payment experience. There are some intrinsic advantages to taking the self-build route, including:
Lower fees - Your payment service fees will be reduced because you will bypass third-party payment processors. However, you will still incur expenses such as access fees and interchange fees
More profit - If your business handles substantial transactions, you could enjoy significant long-term cost savings
Control - You will have more control over the transaction process
Tailored experience - If your business is niche or under-served, self-build allows you to offer your payment solution tailored to your customer’s specific needs, providing a better user experience and useful competitive advantage
Custom functionality – White-labelled solutions often have limited functionality; however, you won’t have such restrictions. Facilities to support recurring payments, tailored marketing campaigns, or even enabling cryptocurrency transactions are all possible with a custom-built payment gateway
On-brand experience – White labelled options will limit the branding you can do. With a customer-build, you can brand it how you like. With no limits!
The most significant disadvantage to taking the self-build route is cost. However, you will also have to find developers capable of building this to PCI DSS, and you’ll need to be comfortable with managing your customer’s financial data.
Step 5: Choose a payment gateway provider or self-build partner
If you are choosing a payment gateway provider, they will need to visit you to install the payment gateway. They’ll send a consultant who will want to see documentation such as your business bank account, merchant account, VAT number, and business registration number. Ensure you have the following: POS, internet connection and computer.
After installing the gateway, you will need to perform some tests. Once you are up and running, your gateway provider should be on hand to provide support. They often have online resources to support troubleshooting.
If you have decided to head down the self-build route, then that probably means you have done the technical due diligence and have a development path in mind. Should you require any additional insight or advice, then you will find plenty of online resources as well as experienced developers available to work with you.
Summary
We hope this guide has helped explain how to set up a payment gateway. The world of payments can appear complex. We have tried to keep it simple. If you are unsure, then here is our summary of how to set up a payment gateway:
Step 1: Understand how a payment gateway works, who the key players are (customer, payment processor, issuing bank, merchant and acquiring bank) and what the benefits are.
Step 2: Decide on the type of payment gateway that you need. Self-hosted is popular with merchants that process a lot of sales. Hosted is popular with smaller merchants and the non-hosted (the API method) can offer your customers the best payment gateway experience, but it comes at a price.
Step 3: Identify the payment gateway features which are most important to you, because that will help dictate what type of payment gateway you choose and what features your preferred supplier will need to offer.
Step 4: Decide whether you would like to self-build your payment gateway or use a third party.
Step 5: Choose a payment gateway provider or self-build partner. By this point, if you are leaning towards the self-build route, then you are probably ready for the development road ahead and aware of online resources and technical experts who can support you. And if you are going to use a third party, then you should have a good idea of what a suitable payment gateway service would look and feel like for your business.