Most modern business owners and operators at some point have to deal with e-commerce transactions for their business.
In the process of setting up an over-the-web payment process, chances are you’ve heard of the terms “payment gateway” and “payment processor.” At a glance, the two phrases seem synonymous. They are not. In fact, the payment gateway and the payment processor are two entirely different things.
In order to optimize your on-the-internet payment process for security and customer experience while reducing costs, it’s important to understand exactly what these two distinct services are and what they mean for your business’ web presence.
This is a closer look at the role that they play in accepting customer payments and moving the transaction balance to your account.
The four key players
Before understanding the specific role of a payment gateway and a payment processor, it’s important to clarify the four parties that are involved in any transaction your business performs.
- The merchant (you)
- The customer
- The issuing bank
- The acquiring bank
The two most obvious players are you, the merchant, and the customer. These are the two parties that start the transaction: you offer a service or product that the customer is willing and able to pay for. With an over-the-web purchase, the customer initiates the transaction by specifying what products or services she’s paying for and entering payment information.
The two additional major parties involved in the transaction are the banks and bank accounts of the customer and the merchant. The customer’s bank account is hosted by the issuing bank. The merchant’s bank account is called the merchant account and its host bank is called the acquiring bank.
The payment processor is a service that communicates transaction information between the merchant, the issuing bank, and the acquiring bank.
With traditional retail purchases where the customer presents a physical payment card to the merchant, the payment processor is all that’s needed to complete the transaction.
In a brick-and-mortar business, the payment processor service usually provides a point of payment or point of sale (POS) interface for the merchant. This interface is commonly referred to as a credit card processing terminal.
The terminal is responsible for validating the authenticity of the physical payment card that is presented by the customer. Modern credit cards utilize EMV chip technology that uses cryptographic encoding to guarantee the authenticity of the card. An authentic, bank-issued EMV chip card along with a proof of identification that matches the customer to the card is enough to authenticate the payment card.
A modern credit card processing terminal must be able to read EMV chips to suffice as a point of authentication for the payment processor.
Once the customer’s payment card has been authenticated and the customer has approved the transaction, the payment terminal sends the transaction details to the issuing bank. The issuing bank will almost immediately approve or decline the transaction. Once the issuing bank approves the transaction, the payment processor sends the information to both the acquiring bank and to the payment terminal to inform all parties of the successful transaction.
If the issuing bank declines the transaction, the payment processor sends this information to the payment terminal and prompts the merchant to reject the payment card.
A payment gateway is very similar to a payment processor in that it is a tool that transmits payments between the customer’s bank and yours. The main difference, however, is that it is primarily used as a tool for e-commerce or card-not-present transactions. In other words, it is essentially a point of sale terminal for online transactions.
Use discretion when choosing a payment gateway
When a customer wants to initiate a transaction on the internet, it must be handled differently because they do not present a physical card to the merchant. This important distinction is what makes a payment gateway necessary.
In much the same way that the payment terminal authenticates a physical payment card, the payment gateway authenticates a customer’s digital credentials before forwarding information about the transaction to the payment processor.
Without the customer and a card physically present, authenticating the transaction virtually is a more sensitive process. Customers expect to be able to make purchases over the web and be approved instantly; payment gateways, therefore, have a tough job to do: authenticate the customer’s credentials, against the high possibility of attempted bank card fraud, in a matter of seconds.
The critical role of SSL encryption
Fortunately, payment gateway technology has enabled an impressive rate of success at the speed that customers expect.
Doing this job securely – or, without exposing the customer’s personal information to potentially malicious third parties – involves a specific type of encryption called secure socket layer (SSL) encryption. That means that the customer’s sensitive data is undecipherable as the payment gateway forwards it from the customer’s computer to the issuing bank.
Once the data arrives at the issuing bank, the payment gateway decodes the encrypted data and presents it to the bank in a usable format. The issuing bank then authenticates or declines the information as entered by the customer. Other information, such as the physical location of the requesting computer and recent activity of that particular customer is sometimes considered by the bank before authenticating the customer and payment card.
Once the issuing bank has confirmed the authenticity of the customer’s request, the payment gateway uses SSL encryption to securely deliver the transaction details to the payment processor, which then completes the transaction in the same way as described above.
The important takeaway from this is that the payment processor does not deal directly with authentication; that’s the role of the payment terminal (in a transaction where the customer physically presents a card), or the payment gateway (when a customer pays remotely on the internet.)
Thus, choosing the right payment gateway means finding a service that is reliable and protects the customer’s identity and sensitive data. A good payment processor should be efficient, accurate, and affordable.
We are Tidal Commerce and we offer both payment processing and payment gateway services. Learn more about how we can work together to provide your customers with an excellent experience and save you money!