October 7,2021
How an Ecommerce Payment Gateway Works
There are thousands of orders placed online everyday, but many people don’t know what one is or realise the steps and protocols that the payment gateways have to go through, to be able to securely transfer money from one account to another. If you have ever bought something online or have a website that takes payments online, this is what it is and how it works.
A payment gateway at it’s most basic is a service merchant’s use to securely and automatically authorise credit card details on transactions, accepting or declining the transaction based on the details given and funds available.
If you have an ecommerce website or take payments online, having a payment gateway makes taking payments much easier, allowing for payments to be made directly on your site, and is much quicker and more secure processing method than traditional means.
To know how it works, let’s take a look back when I was recently placing and order on an ecommerce site, for a box of pirate party treasure plates and cups, buried treasure party games, buried treasure goodies and treasure prizes (important bit those prizes) and a rather splendid pirate ship centrepiece, all in a good cause of course, for a party of 5 and 6 year olds. And with my mind drifting slightly toward the cupcakes and other edibles I will need to make for the small persons I pressed pay and entered my card number, this is the process the Payment Gateway went through to verify everything was ok.
Once you’ve entered your card details and pressed send, the web browser you are using (such as Google Chrome, Firefox, Safari etc.) encrypts the important personal information you are sending so it cannot be read or used by anyone else, this is done via SSL – Secure Socket Layer encryption.
Then the ‘merchant’ (but let’s stick with the name ‘payment gateway’ which you are using) forwards the encrypted transaction details to something called a payment processor used by the payment gateway’s bank. The payment processor forwards the encrypted details to the correct card association – such as Visa or Mastercard, American Express etc. (You’re getting dizzy now aren’t you I know, this is worse than a decathlon).
This means that the bank who originally issued the credit or debit card that you used for the transaction now receives an authorisation request, the bank checks the information and sends a response code back to the payment processor – this code basically translates to – transaction approved or denied or insufficient funds – (which is much more polite than saying ‘you must be joking, you’re overdrawn).
During this time the issuer of your debit or credit card earmarks the approved payment amount in your account as if it has already gone out of your account, in effect, reducing your available credit in readiness for the payment. The payment processor now forwards this response code back to the payment gateway and passes it on to the supplier you are ordering from where it is correctly interpreted and is then passed back again to the payment gateway and also you to advise payment has been authorised! Yipee, and guess what – this entire process takes seconds! But come on wake up, are you still there, we haven’t finished yet.
The payment gateway then completes the order request for you and repeats the above process but this time to actually ‘clear’ the authorisation which will usually only happen after the order has been shipped. Now the bank who issued your debit or credit card will change the authorisation approval from ‘hold’ status to a ‘debit’ status and settle up with the payment gateway supplier’s bank. Usually, banks settle these transactions in batches on a daily basis. The process in its entirety can take around 3 days but you see none of this process of checking, asking, confirming, approving, authorising, transferring and settling. Amazing stuff eh.
It makes you think about how secure you need to feel when ordering online, and how a website supplier you purchase from, needs to make you feel confident and secure both before and during the transaction. The moral of the tale is for anyone with an ecommerce website you should always use a globally approved payment gateway, make sure it is secure and up to date and that you can confidently tell your customers their transactions will be safe.
The guys here at isev are old hands at building payment gateways into websites and making sure you get the right type gateway for your business. Why not give us a call and we can chat this through or offer advice and hands-on help. After all, if your customers are happy with your products and confident about payment security they will keep coming back.