How do online payment gateways work?

If you are new to merchant services or operating an online shop, then it can be a little daunting working out the best way to get your customers to pay you for your goods or services.  Sometimes the jargon and terminology in the financial and technology industries can be baffling and confusing.

This article I hope will help make it easier to understand.

Firstly, what is a payment gateway?

According to Wikipedia a payment gateway is a type of merchant service provided by payment services provider that authorises credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.[1]

A payment gateway facilitates the transfer of information between a payment portal, such as a merchants’ website and the acquiring bank. The gateway encrypts the card data so that it can be transferred securely.

It is important to remember that payment gateways, just like point of sale (POS) terminals, are tools for handling payments, but in a virtual rather than physical form. A payment gateway is essential for an ecommerce business, accept credit and debit cards, as well as other payment methods.

What does a payment gateway do?

Just like physical card terminals, payment gateways support a wide range of processing services including: authorisation only, authorisation and capture (Tokenisation – which is where your customers’ details can be stored for future use), refunds and virtual terminals (which enables merchants to enter payment details on an online payment terminal when taking an order over the phone or via mail order).

Getting a payment gateway

To get access to a payment gateway you will need to firstly apply for a merchant services account, this will allow you to take card payments from your customers.  You can do this by contacting a payment services provider like NetPay Merchant Services.

Once you have your MID (Merchant ID) your service provider will work with you to provide the best solution for your business.

Should I choose hosted or integrated?

There are a couple of options when choosing a payment gateway, you can opt to have the payment page hosted by the payment service provider (PSP), this is typically called a hosted form. By doing this you will reduce the amount of security compliance you are responsible for as a PSP will have a higher level of security in place. It will also save you time and hassle dealing with security updates or compliance issues. When your customers check out they will be re-direct to a hosted payments page to take payment.

The alternative is an integrated payment gateway or application program interface (API), this option gives you greater flexibility and control over your payment page, your shoppers will never leave your site so will have a seamless shopping experience. However, you are responsible for security compliance, which can be quite technical and costly.  Hosted is faster and simpler to implement and manage. API is more flexible but requires advanced IT skills.

Step by Step of how a payment gateway works:

  1.  A customer places an order on your website and at the checkout enters their card details and hits submit.
  2. The gateway collects the payment information and sends it encrypted through the payment gateway to the acquiring bank. This is done using an SSL certificate (Secure Sockets Layer), a protocol which creates a secure connection.
  3. The acquiring bank sends the request, through to Visa or MasterCards payment networks, on to the card issuer.
  4. The card issuing bank receives the authorisation request and sends the response back to the payment processor along with a response code. This determines whether the transaction is approved or declined and the response code will highlight the reason a transaction may fail i.e. Insufficient funds.
  5. The Payment processor and payment gateway received the response and sends it back to the merchants website where the order will either go through complete or will be declined
  6. In the case of an approved transaction, the merchant deposits the receipt with its acquiring bank requesting payment.
  7. The processor then credits the merchant’s account and submits the transaction to the card scheme for settlement.
  8. Visa or MasterCard then pays the acquiring bank, while simultaneously debiting the card issuer’s account.
  9. The card issuer then posts the transaction to the cardholder’s account and requests payment with a monthly statement.

 It may sound like a lengthy process but the actual transaction process typically takes 2–3 seconds and the entire process from authorisation to settlement of funding (getting the money into your bank account) typically takes 3 days.

What should I look for when looking for a payment gateway?

The most important thing to consider when looking for a payment gateway is compatibility with your eCommerce platform, will it work with your shopping cart?  There are many shopping carts on the market, but it would be prudent to check with your web developer before signing up with one to ensure that the payment gateway is compatible.

Things to consider:

  • Support – Does the payment gateway provider offer technical support should any problems occur
  • Security – What level of fraud protection does the payment gateway provide, is it PCI DSS compliant?
  • Reporting – Does the payment gateway offer you a dashboard and reporting facility to analyse your sales
  • Costs – It is important to know all your costs upfront, does the payment gateway charge for extra security features or for taking payments over the phone? Always read the small print!

Gateway features – Transactions should be carried out quickly and reliably without charging over the odds. The process should be


Share this: