Considering accepting online payments but not sure how to get a payment gateway?
Accepting online payments expands your customer base and offers your customers a convenient method of payment. In today’s hyper-connected world it’s no surprise that 57% of shoppers say buying online is the most convenient way of shopping according to Statista.com.
Online payments are as much of a risk as they are an opportunity. Payment gateways for small and medium businesses are a target for cyber-hackers because smaller companies don’t have the budget for advanced security tools. With basic knowledge of what’s happening in the background of a payment gateway as transactions are processed can highlight the vulnerabilities therein. That knowledge can help you to make an informed choice when choosing a provider. You’ll know what security measures to have on your wish list to keep sensitive data safe while offering a convenient payment method to your customers.
What is a payment gateway?
A payment gateway functions as the gateway between your business and your customers’ bank accounts. It securely transmits transactional data to either approve or decline the customer’s payment method.
A payment gateway breaks down the payment process into three stages that happen in seconds:
- Authorization – confirming with the customer’s bank that the cardholder information is valid and the funds for the purchase are available in the account.
- Settlement – transferring transaction funds from the customer’s bank account to the merchant account.
- Reporting – detailing and recording all transactions including chargebacks, refunds, and declines.
How does a payment gateway work?
When a customer places an order online and enters their card information, it sets off a series of actions to verify, complete, and finalize the transaction:
First, the web browser encrypts the payment data that is needed for the transaction. This is a security measure to protect the data by hiding it within a code that can’t easily be hacked by cybercriminals.
The gateway then sends the data to the business’ payment processing vendor or their bank.
Next, the payment processor sends the transaction data to a card association (Visa, Mastercard, Amex, etc).
The customer’s bank then views the authorization request and approves or denies it once it verifies the account is valid and has the funds available for the purchase.
The results of the authorization request are then sent back to the merchant. If the request is approved, the bank sends the funds through the payment gateway, then the payment gateway sends the money to the merchant.
If the authorization isn’t approved, the decline communication is sent to the merchant and a notification message appears on-screen for the customer. The customer will be asked to try their payment method again or use another method.
Choosing a payment gateway for your business
To get started, you’ll need to select a payment gateway provider to integrate with your current payment system, build your online shopping cart, and process your customers’ online payments similarly to how payments are processed in-store. Here are some things to consider as you research payment gateway providers:
Your customers’ experience. It’s common knowledge within the industry that offering your customers more ways to pay creates a better customer experience. Great customer experiences lead to repeat customers, which often leads to customer loyalty, references, and by extension more profits. Adding an online element is a great step toward creating a positive experience in your customers’ minds.
Technology and functionality. Speaking of customer experience, you want to make sure your gateway provider can support the type of functionality (i.e., reporting, emailed receipts) that best suits your business and appeals to your customers. Easy integration is key. Your gateway provider should offer the flexibility that allows you to do business both today and as your business grows in the future. Look for a provider that is constantly developing new ways to elevate user experience and ease of use.
Your business location and incorporation. Where your business is located and where your provider is located can make a difference in how you incorporate your business, which is what most gateway providers will ask of you. This means there are a different set of incorporation rules for an American business seeking processing service from a gateway provider in the UK, and vice versa. It’s important to know those details ahead of time to get you accepting online payments quicker.
Your business model, products, and services. The type of business you have is just as important as the type of gateway provider you choose. Some payments processors don’t support businesses and services that are considered “high risk.” Before you make a selection, save yourself some time by making sure the payments processor you choose doesn’t put your business in that category. Examples of high-risk industries are:
- Adult entertainment
Pricing, fees, and service value. How much profit do you make on a single sale? What’s your average margin? Knowing your business’ numbers are key when you are negotiating payments processing fees. Keep in mind, however, that the lowest fees don’t always mean the best value for your business. Many providers will boast of lower fees to attract you, but will your site’s look and feel attract customers to you? To get the best bang for your buck, look for a transparent fee structure with no hidden fees in the fine print, a good conversion rate, and value-added services.
Technical and customer support. There’s nothing worse than losing a sale because of a technical glitch or not being able to accept payment because you’re confused about how your gateway processor works. Be sure the online payments processor you choose offers live assistance from a responsive team or account manager. Hopefully, you’ll never need it, but you want to make sure it’s there to ensure you’re always up and running.
Payments security. You may offer the best product or service possible, but if customers don’t feel safe shopping on your site, it’ll be hard for you to make a sale.
Common payment gateway vulnerabilities include:
- SQL Injections – the insertion of a single quotation (‘) into the merchant’s back-end database. If your system is vulnerable to this kind of attack, hackers could gain access to restricted areas of your site.
- Price manipulation – In the most common occurrences of this attack, attackers use a web application proxy to modify the price of purchased goods in a hidden HTML when this information is passed from the user’s web browser to the web server. The final payment price can be changed to whatever the hacker wants and in any currency.
- Weak authentication and authorization – Authentication mechanisms that do not prohibit multiple failed logins are susceptible to these kinds of attacks. If your site uses HTTP basic authentication or doesn’t pass session IDs over Secure Sockets Layer (SSL), an attacker can trace the traffic to discover user’s authentication and/or authorization credentials.
Your gateway provider should at least meet these minimum requirements to address the common vulnerabilities:
- Payment Card Industry Data Security Standard (PCI DSS) compliance on their end.
- Maximum protection of cardholder data, including card information storing, tokenization, verification from card brands, etc.
- Tools to help you meet and maintain PCI compliance for your business.
One example of technology that supports this is tokenization, which allows safe storage of your customers’ unique card details providing access to the original payment information regardless of the contact point.
If you are unsure about what any of this means, it’s best to do your research on PCI and payments security before you contact a gateway provider.
Getting paid and reserve. You’ll want to be aware of how your money gets to you before you choose a payments provider. Many offer daily or weekly settlement options, which will make a difference in how quickly you are able to access your funds. These services may come with additional transfer fees, so be sure to ask for those details upfront to eliminate any surprises.
Chargebacks are also a key consideration when choosing a payment gateway provider. Do you know that as banks get to know your business, they may withhold a portion of your funds for a period of time to account for any fees your revenue doesn’t cover? Get a clear explanation of these policies as well.
Recommendations from peers. Who are your peers using? Your competitors? It’s not one size fits all, but you may be able to pick up tips and pointers from fellow business owners who have already gone through the selection process. Consider their advice as you go through your selection process.
Are you also looking to get paid faster and spend less time dealing with late invoices? Read this advice on why invoices are delayed and how to get them paid faster.
Creating a business budget
Learn how to create and maintain the budget that will support your business as you grow.