A payment gateway is a third-party service that facilitates the authorization of customer payment information for a merchant. Gateways perform procedures to encrypt the payment information and provide a secure transaction. They also serve as an intermediary between the merchant and the payment processor.
When searching for a payment gateway, businesses should keep the following information in mind to find a productive and regulation-compliant provider.
Features and Integration
Payment gateway services can include a variety of extra features to meet a particular merchant’s needs. Common examples include:
• Automated deposits: Processed payments are automatically deposited to the merchant’s bank accounts.
• Real-time reporting: Compliance and information reports are compiled in real-time.
• Re-billing services: Secured customer payment information is retained for a set period to allow for additional billing concerns.
• Chargebacks and refunds: The payment gateway coordinates these procedures.
• Fraud detection: Transactions are automatically screened for fraud indicators.
• Systems integration: Payment procedures are integrated with merchant systems like webpages and other online systems, same-page checkout, and phone systems.
• Brand matching: Visual designs and other features are integrated with the merchant’s existing brand specifications.
• Card support: Various packages may be used to provide support for different types of credit and/or debit cards.
Security and Compliance
Businesses should make sure that their chosen payment gateway provider maintains compliance with these standards along with appropriate documentation and record keeping.
Any business accepting credit card payments must comply with regulations laid out in the Payment Card Industry Data Security Standard (PCI-DSS). A gateway provider assumes responsibility for some of those standards for the merchant and ensures a compliant transaction. This is particularly important for the merchant, as PCI-DSS violations can lead to sanctions or fines. Notably, credit card providers can initiate fines of $5,000 to $100,000 per month for violations.
One of the methods that payment gateways use to encrypt payment information is by using tokenization, a process in which each transaction is assigned an anonymous identifier to keep the customer’s data secure. Additionally, there is hosted tokenization, where the actual payment data is only held in the payment gateway’s secured systems. The merchant retains the anonymized token, but the data can only be decrypted by the gateway.
Payment gateways also work to comply with the Statement on Standards for Attestation Engagements (SSAE), which were written by the American Institute of Certified Public Accountants (AICPA). These standards specify requirements for describing and reporting on all merchant procedures that affect the customer, including payment processing. This reporting is typically used when merchants engage in auditor reviews or other government-mandated oversight.
Pricing and Fees
Payment gateway arrangements typically operate on a per-transaction pricing model, at around $.20 to $.75 per payment. Flat fees or other options are available, usually between $50 and $100 per month for small merchants, but can often lack additional features and access to future system upgrades. Gateway providers may unbundle certain additional costs and charge for them separately. Common examples include setup fees and system maintenance costs.
Merchants should seek a fair fee arrangement, while remembering that a bare-bones pricing model usually comes with a minimal service package that only provides basic payment processing, with no additional features or services. When it comes to gateway packages, the old adage “you get what you pay for” is truer than ever.
Features like automated deposits and re-billing services can result in significant savings when compared to the manpower costs if a merchant were to handle those tasks itself. Additionally, security and compliance concerns represent a large hidden cost that would arise if the merchant’s own procedures led to a fine.
Merchants should always make sure that their chosen payment gateway provider has a clearly specified and adequate system for providing merchant support. Response and resolution times when a problem arises are crucial, because any delays can have a direct financial impact on the merchant.
Different providers offer different procedures for maintenance and support communication, and a busy merchant can quickly run into trouble if those procedures aren’t able to keep up with its business requirements. Many merchants require 24/7 phone or email support, guaranteed response times, or guaranteed procedures for liability and resolution of customer complaints.
Keeping these concerns in mind when looking for a payment gateway provider will allow a merchant to protect its interests and rest assured that its payment procedures satisfy all legal requirements.