What is a Payment Gateway and How Does it Work?

Payment gateways are an important technology used by every single merchant that accepts credit or debit card transactions, both online and off. But many merchants don’t understand what payment gateways are or how they work, and, as a result, they may be using a payment gateway system that doesn’t properly meet their needs or costs more than it has to. With that in mind, the following is a primer on what payment gateways are, how they interact with the greater payments ecosystem, and how to select the right one for the job. 

What Happens When You Make an Electronic Payment?

Paying with a credit or debit card is such a fast process that most of the time we give no thought to what’s going on behind the scenes to make it happen. But while electronic payments may be lightning fast, they aren’t simple.

When you tap your card or enter your pin and press submit, the key transaction data  — your name, the card number, the expiration date, the amount of the purchase, etc. — is encrypted for security and sent to the merchant’s payment processor. 

The payment processor then checks the data for signs of fraud, and if everything looks good, sends the encrypted data to the customer’s bank — known as the issuing bank — to tell them that a purchase is being made.

The issuing bank checks to ensure their own fraud filters haven’t been triggered and that the customer has the necessary funds available to make the purchase. If the funds are there and the transaction is clean, the issuing bank sends an approval message back to the payment processor, who then forwards it to the merchant telling them the payment has gone through and they can release the goods or services being purchased. If the funds aren’t there or fraud is detected anywhere along the way, a decline message will be sent back. 

It’s a lot, considering it all happens in a matter of a second or two, and the payment gateway is one of the most critical cogs in the system that allows electronic transactions to be processed so rapidly and conveniently. 

Where Does the Payment Gateway Fit In?

In the process described above, the payment gateway acts as the interface between the customer and the rest of the steps in a payment approval. Whether online or in-store, if the customer is performing an action or receiving a message, they’re interacting with the payment gateway. 

Online, the payment gateway is integrated directly with the shopping cart and checkout. When a customer gets to the last step of checkout and enters their payment information, they’re effectively entering it into the payment gateway. When they receive a confirmation that their purchase was a success, it’s being delivered by the gateway. 

In-store, the gateway software is contained within the payment terminal. When a customer taps or swipes their card and enters their pin, the process is effectively the same as it is for online purchases, except the payment data is entered into the gateway automatically through either the card’s chip or the information contained in the magstripe. 

With the payment entered, the payment gateway is also responsible for the initial encryption of the customer’s sensitive data. That encryption can be done prior to the information being sent to the processor, or, in more secure payment gateway systems known as P2PE or end-to-end systems, the card information is encrypted the second it hits the terminal, ensuring that the data is safe even if a bad actor has compromised the terminal itself. 

Finally, once a transaction has been approved, the payment gateway is responsible for interacting with the merchant’s other systems, instructing them to release the goods or services associated with the sale and update inventory as necessary. 

What Else Can Payment Gateways Do?

Outside of their core functions, many payment gateway providers also offer value-added services to extend the utility gateways offer to merchants. While each payment gateway vendor has its own list of value-added services, the following are some of the most common. 

Tokenization

Encryption is good, but anything encrypted can also be decrypted, and that means transaction data is theoretically still vulnerable to the most advanced threats. Tokenization is an advanced security system offered by some payment gateway providers that replaces encryption entirely by transmitting a string of characters completely unrelated to the raw data. Since the token sent was never attached to the sensitive payment data in any way, even if it was to be intercepted by a bad actor, reversing the tokenization process to get back to the raw data is impossible, since the two things are entirely unconnected. 

Recurring Billing

Some payment gateway providers offer extensions that make it easier for customers to manage recurring billing, automating invoicing and payment processing to allow for purchases to go through in pre-set intervals without any manual input from the merchant or customer. Recurring billing services are especially important for subscription businesses — a rapidly growing segment in retail. 

Advanced Fraud Detection

Many payment gateway providers offer advanced fraud detection services that utilize third-party tools to run a more stringent set of checks on each transaction before allowing them to be submitted or approved. Advanced fraud tools check the various data points involved in transactions against dozens of pre-set filters, enormous databases of known fraudulent transactions, and can even use machine learning and AI to identify high-risk payments. 

Customer Data Storage

Merchants that store customer data, either for recurring payments or to make the checkout process faster and easier, take on a lot of risk. If a data breach occurs and customer payment data is exposed, the merchant could be on the hook for massive fines and the costs involved with investigations and remediation. Some payment gateways allow merchants to purchase a service that stores all saved customer data on the payment gateway provider’s servers, shifting the liability for any data breaches away from the merchant and to the provider. 

Selecting the Right Payment Gateway

There are dozens of gateway solutions available on the market today, with some of the biggest names including Authorize.Net, NMI, USAePay, and more. With so many options, choosing the right payment gateway and the right add-on services can be an intimidating prospect for many merchants. Luckily, merchants can turn to their payment processing partners to act as trusted advisors in the gateway selection process, and many processors even offer payment gateway services that can be bundled directly with a merchant account. 

BAMS is a leading merchant services provider that offers a wide variety of gateway services from some of the top providers in the industry. BAMS merchants get access to our team of expert payment processing specialists with unmatched experience in helping merchants get set up with the ideal payment gateway solutions. BAMS merchants also get access to guaranteed low transaction fees thanks to our industry-best interchange-plus pricing model. 

To find out more about how BAMS can help your business access the ideal payment software and hardware and save money on your monthly merchant statements, click here to start your free five-point price comparison.