How does a payment gateway work?

A payment gateway uses the Internet to send and receive information. It is a specially designed application that facilitates purchase transactions.

it accurate and immediate authorization of payment. Internet connection is required, since most of the time a payment gateway makes use of the communications channel available over the Internet.

1. The customer makes a purchase. This can be via a Web site.
2. The Internet browser being used by the customer uses Secure Socket Layer (SSL) encryption to “scramble” the information being sent.
3. The Web site takes the details and forwards to the payment gateway. The payment gateway is separately hosted.
4. The payment gateway collect all information and sends it to the bank used by the business.
5. The bank sends the request to the card association. In the case of American Express or Discover, the card association is the same as the bank, and a response can then be issued. If the card used has a MasterCard or Visa logo, additional steps occur.
6. With Visa or MasterCard, the card association forwards the information to the bank that issued the card. This is the customer’s bank.
7. The customer’s bank assesses whether or not there are sufficient funds to process the transaction.
8. The issuing bank then sends an authorization code. This code will tell the payment processor card association whether or not to allow the transaction to go through. The authorization code corresponds to the reason for a decline if there is one, or simply includes the code that allows the transaction to take place.
9. The payment processor sends the authorization code to the payment gateway.
10. The payment gateway then sends the code on to the business. If the transaction is declined, the sale is terminated. If the transaction is approved, the sale goes through and the money is placed on “hold” from the customer’s account.
11. The business collect all the authorization codes from that day into a “batch” at the end of business. These codes are submitted to the bank where the business has its merchant account.
12. The business’s bank takes the approved funds and puts them into the proper account.
13. In some cases, this account may be with a different bank. It is whatever the merchant designates.
14. This is known as settlement funding. It takes about three days from the time of purchase for a business to actually receive usable funds.

Payment Gateway Terminology

Approval: A positive reply from a transaction authorization request.

Arbitration: Process used by Acquirers to resolve a chargeback related dispute with an Issuer.

Authorization: The approval or guarantee of funds given by the Card Issuer to the Acquirer.

API (Application Programming Interface): APIs provide users with pre-existing interfaces to program against which allows rapid and standardized application development.

Card Present Transaction: Card is present at the POS (Point of Sale) and swiped through an electronic device that reads the magnetic stripe on the card.

Card Not Present (CNP) Transaction: Type of transaction where the card is not presented at the POS (Point of Sale) and no magnetic stripe is read. These are usually considered higher risk transactions.

CVV (Card Verification Value): Term for 3-digit code in signature panel to verify that the card is in the cardholder's possession.

Decline: Negative issuer response to an authorization request on card payment. Merchant must request a different form of payment.

Encryption: Way of scrambling data to protect personal information.

Financial Institution: Any organization that supplies financial services such as commercial banks, thrifts, savings banks and credit unions.

Financial Transaction: A transaction from the Acquirer to the Issuer containing all the necessary data elements for authorization, posting and reconciliation. 

Issuer/Issuing Bank: Member of MasterCard and/or Visa that issues payment cards.

Merchant: Seller of products or services.

Merchant Agreement: Contract between a Merchant and Acquirer that outlines payment processing rights and responsibilities.

Recurring or Periodic Payment: A pre-authorized recurring transaction charged to a cardholders account (i.e. phone bill, memberships).

Retrieval Request: Request by an Issuer for a copy of the original sales ticket from the Acquirer.

Reversal: A transaction from the Acquirer to the Issuer informing the card issuer that the previously initiated transaction cannot be processed as instructed (i.e. is undeliverable, unprocessed or cancelled by the receiver).

Settlement: A transfer of funds to complete one or more prior transactions made, subject to final accounting.

Smart Card: A payment card with a built in chip to store information.

SSL (Secure Sockets Layer): This is a technological method used to transmit information which is submitted via a website securely in order to prevent unauthorized users gaining access to that information. Typically, when a user accesses a website which secured with SSL, a symbol displays in their browser windows to indicate that the site is secure. When information is transmitted using SSL, it is encrypted prior to transmission using a special certificate key.  It is then decrypted with another key after transmission.

TID (Terminal Identification Number): Number that identifies a merchant to the front-end network. A unique number is assigned to each POS terminal.

Transaction: Transfer of goods or services between a customer and merchant that results in payment.

Transaction Date: Actual date transaction was made.

Transaction Fee: The amount a merchant pays per transaction for processing.

Notification: A message where the sender notifies the receiver of an activity taken, requiring no approval or response.