A Guide to Payment Gateways and Online Payment Systems

Although the process by which a customer makes a debit or credit card payment to you looks at first glance to be seamless, there are a lot of working parts that hold it together. And at the centre of all of this is the payment gateway. This gateway is a messenger through which everything else passes, the technology used by merchants to authenticate and securely transfer payment data between the various parties involved in the transaction process. And selecting the right one for the way that you do business is critical if you want that process to be as seamless and secure as possible.

Key Components of Payment Gateways

Customers value security above all other considerations when making payments, and one of the guaranteed ways in which you can lose the confidence of your customers is security issues with their payment.

What Are the Key Features to Look for in a Payment Gateway?

Fraud Prevention Systems

All payment gateways should have fraud prevention systems, including tokenisation, which involves replacing sensitive data with random alphanumeric tokens. This means that even if hackers successfully attack a payment gateway, no private information can be stolen.

PCI DSS Compliance

Payment Card Industry Data Security Standards (PCI DSS) are an internationally agreed set of standards to which all organisations which accept card payments must comply.

Recurring Payments

Recurring payments (also sometimes known as automatic payments) enable online payments to be made at regular intervals for an ongoing product or service. This billing method is most commonly used by subscription businesses or companies that are collecting membership or access fees.

Seamless Integration

A payment gateway should integrate with a range of payment processors, offering a range of different payment methods to the customer.

Scalability

Another particular bugbear of customers is delays in processing transactions. Your payment gateway should be robust enough to be able to handle spikes in payment volume at particular times of the year and to grow as your business grows.

Dispute Resolution Facilities

It is a fact of business life that disputes over payment can arise, and a good payment gateway should have solid processes for dealing with these which is fair to all sides of the equation.

Customer Service

Increasingly, companies do their business outside of the normal 9-5, and it will be expected that there is some degree of customer service available, 24 hours a day, seven days a week.

What is the Difference Between a Payment Gateway and a Merchant Account?

The payment gateway acts as an intermediary between the customer and the business, securely transmitting payment information and authorising transactions. The merchant account is a specialised bank account that enables businesses to accept electronic payments, process transactions, and settle funds.

Types of Payment Gateways

Payment gateways come in four main types, and each has its own benefits and drawbacks. It’s important that you consider your business needs when you’re selecting which one to use.

Hosted Payment Gateway

Hosted payment gateways require the least amount of effort from merchants, as they are “hosted” by a third-party provider. Customers who “check out” on a merchant’s website are immediately transported to a third-party website or portal to complete their payment.

Pros: Hosted payment gateways benefit from strong security protocols, protecting your customer’s sensitive data and reducing the likelihood of chargebacks. A hosted payment gateway will ensure your business’s payments are PCI compliant. Hosted gateway solutions are also built for a streamlined setup process, making secured digital payment infrastructures accessible for businesses of any size.

Cons: All this convenience comes at a cost; per-transaction fees are higher than other types of payment processors. In addition to this, customers are taken away from your storefront, which may give you less opportunity for upselling or conversion.

API-hosted Payment Gateway

An application programming interface (API) allows your business to develop a custom payment gateway that is fully integrated into your website. All front-end payment elements are conducted on your site within an interface that is customisable to your desired branding and checkout experience.

Pros: API-hosted payment gateways offer complete flexibility in terms of branding and checkout experience, and versatility means that they can be used in a variety of different ways, across a wide range of different applications.

Cons: The responsibility for all security and regulatory compliance, including PCI DSS, falls entirely on your shoulders.

Self-hosted Payment Gateway

Self-hosted payment gateways collect payment information directly on the merchant’s website. Once a customer inputs their payment details, the collected data is encrypted, the credit card is authenticated, and the transaction information is transmitted to the payment processor.

Pros: The payment process occurs on-site, eliminating the step of redirecting cardholders to a third-party payment portal, giving the customer a completely seamless experience. You’ll also have complete control over the checkout experience, allowing you to tailor it to your customer’s needs.

Cons: Again, responsibility for all security and regulatory compliance is with you. In addition to this, you’ll have less - if any - access to dedicated customer support should you run into technical issues, and this could affect the reputation of your business further down the line.

Local Bank Integration Gateway

With local bank integration, customers are automatically transferred to a local bank’s website to submit their payment. Once complete, the gateway redirects the customer back to the merchant’s website.

Pros: Local bank integration gateways offer quick and affordable access to credit card payments.

Cons: This type of gateway is neither seamless nor customisable, as the customer is redirected to a third-party website to complete the payments. They also tend to be non-scalable, meaning that they may not be suitable for businesses that are planning to grow or expand.

Is It Necessary to Have a Secure Payment Gateway for an Online Store?

Payment gateways are required to accept and process customer credit card payments. If you want to be able to take card payments via your online store, you need an e-commerce payment gateway.

E-commerce Payment Gateway Best Practices

First and foremost, you have to pick the right gateway for your business. Not all gateways are created equal, and some are better for some types of business than others. Every business has different needs, and it’s important to partner with a provider that understands your unique challenges. If you have a physical site, then an integrated solution is fundamental to streamlined operations. Distributed, on-the-go teams, meanwhile, require mobile payment methods and centralised management and reporting tools.

You should also ensure that PCI DSS compliance is at the top of your list of priorities. A failure to do so could prove to be very expensive indeed. Building and maintaining trust with your customers is the most important thing that your gateway should offer. It’s this marriage with convenience that is at the heart of successful integration. Make sure that your staff are properly trained in how to use it, and make sure that you regularly monitor and analyse payment data, so that you can identify trends, track sales performance, and detect potential issues.

Choosing the Right Payment Gateway for Your Website

The decision over what the right payment gateway is for you will depend entirely on the specifics of how you do business. But there are certain factors which you should take into consideration when making your decision.

Cost

No business wants to run up unnecessary costs, and these can soon start to mount up with payment gateways. There are three types of costs involved with gateways; initial or set-up fees, monthly fees, and per-transaction fees. You should think not only about the start-up costs but also about your trading volume and average transaction value.

Payment Types

You need to ensure that the range of payment types that you offer matches your customers’ expectations. The most commonly used credit cards are Visa, MasterCard, and American Express. All of these card types are accepted by most payment gateways, but if your customers usually pay by other means, you’ll need to make sure that your payment gateways support them as well.

Payment Processing Times

Even though payments are usually approved almost immediately from a customer’s perspective, payments made are held for a few days before being settled to your account to allow for the handling of refunds and chargebacks. These holding periods can vary from 1 to 7 days depending on the payment service provider. You can choose to wait or get paid immediately, but getting paid immediately normally comes at a cost.

Multiple Currency Support

If you do business internationally, you need to make sure that your payment gateway can handle payments in different currencies and from different countries. If you need this facility, check for the fees involved in foreign currency transactions.

Recurring Payments

If you offer subscription services or recurring payments of any kind, make sure that your payment gateway can support these.

Hosted or Non-Hosted

A payment gateway can either be hosted off-site (the customer is taken to the payment processor’s website for them to enter their details) or non-hosted (the customer will be able to enter the details without leaving your website). Each of these different modes of hosting payment gateways has its pros and cons. One benefit of using hosted gateways is that they reduce the risk of storing sensitive information on your site.

Although this is a huge advantage to you, the downside is that redirecting your customers to another site adds another step to the payment process, making it longer than usual. If customers go through this lengthy process and the transaction fails due to a glitch or other error, they may become frustrated and not try again. For this reason, businesses with high transaction values prefer to have non-hosted payment gateways integrated with their storefronts.

The Importance of Prioritising Data Security

Payment security is vital for your business success. A customer data breach can cause untold damage to your reputation, so be sure that the payment gateway offers full PCI DSS compliance, encryption, and fraud detection. You may need to ask yourself some tough questions on this subject. If you choose a non-hosted service, for example, would you be able to protect your website from hacking and fraud?

Ideally, choose a payment gateway that offers 24/7 customer support and has a reputation for timely, effective service. Some payment gateways offer built-in tools to detect and prevent fraudulent transactions, which can help protect your business from potential losses and chargebacks. It should go without saying that customers will want the bells and whistles when it comes to security. As such, visible security marks matter.

How Can I Integrate a Payment Gateway Into My Website?

1. Choose your payment gateway.

2. Set up a merchant account, should you need to. A merchant account enables businesses to accept electronic payments, process transactions, and settle funds, but not all payment gateways require you to have one.

3. Obtain the API keys. These are the unique identifiers used to connect an online business's website or application to the payment gateway's services, and which allow your website to interact with the gateway's server.

4. Integrate the payment gateway into your website. This step can vary significantly depending on the payment gateway and your website's platform. Some e-commerce platforms, such as Shopify or WooCommerce, offer plugins and extensions that make integration straightforward. Otherwise, you might need to manually add code to your website to integrate the gateway.

5. Test your payment gateway. You must test it in a safe environment before you let it loose on your customers! Most gateways offer a facility for you to be able to do this.

6. Go live. Once you’ve completed your testing and ensured that everything is working as intended, you should be okay to get it up and running. Make sure that any staff whose positions intersect with it are fully trained in how it works.

Can I Use Multiple Payment Gateways on My Website?

Yes, you can! If you run an online business, it can be immensely beneficial to integrate multiple payment gateways into your platform. By using multiple gateways, you can accept payments from a wide variety of customers and offer them multiple payment methods.

Are There Any Regulatory Requirements for Using Payment Gateways in the UK?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of guidelines which all businesses that take payments need to comply with. These regulations help to keep payment information safe and reduce the possibility of online fraud as much as possible.

As we move towards an increasingly cashless society, having the capability of taking card payments online has never been more important. And while there are a lot of moving parts to the process of being able to accept them, the ultimate aim is a balancing act, in which convenience and ease of use for both businesses and customers are weighed against security, cost and complexity. But with an ever-growing range of options available to merchants, there’s no reason why your business shouldn’t be able to cash in this growth and perhaps even completely new markets.