Money Matters

Choosing a payment gateway and accepting online payments

Are you considering accepting online payments but aren’t sure how?

Allowing your customers to pay online greatly expands your customer base. This is because 57% of shoppers say that buying online is the most convenient way of shopping.

While online payments are a great opportunity, they also pose some risk. Payment gateways for small and medium-sized enterprises (SMEs) are sometimes a target for cyber-hackers, simply because SMEs do not have the budget for advanced security tools.

Having basic knowledge of what’s happening in the background of a payment gateway as the transactions are processed can help to highlight any problems the system might have. This knowledge will also assist you in making an informed decision when choosing a payments provider. Decide what security measures you want in place, to keep sensitive customer data safe while providing a quick and convenient payment method.

What is a payment gateway?

A payment gateway serves as the bridge between your business and your customer’s bank account. Transactional data is securely transmitted, either approving or declining the customer’s payment method.

It breaks the payment process down into three stages, which happen in seconds:

  1. Authorisation: The customer’s bank confirms that the cardholder information is valid, and that there are sufficient funds available for the purchase.
  2. Settlement: The transaction funds are transferred from the customer’s account to the merchant’s account.
  3. Reporting: Recording and detailing all transactions, including chargebacks, declines, and refunds.

How does it work?

A customer places an order online. Once they enter their card information, they set into motion a series of actions to verify, complete, and finalise the purchase:

Step one

The web browser encrypts the payment data required for the transaction. This security feature protects the data by masking it within a code that can’t be easily hacked by cybercriminals. 

Step two

The payment processor then sends the data to a card association, like Visa, Mastercard, or American Express.

The customer’s bank then checks the authorisation request and either approves or declines it, once it has validated the account and checked for funds.

Step three

The results are sent back to the merchant. If approved, the bank sends the funds through the payment gateway, which in turn sends the money to the merchant.

If denied, the decline communication is sent to the merchant, and a notification pops up on-screen for the customer. The customer can try again or use another payment method.

Choosing the best payment gateway for your business

First, you’ll need to choose a payment gateway provider that can integrate with your current payment system, build your online shopping cart, and process your customers’ payments much like they are processed in store.

Keep the following in mind when researching providers:

The customer’s experience

Offering your customers multiple ways to pay creates a better customer experience. This in turn leads to repeat, loyal customers who will refer people to your business, which will eventually result in increased profits.

Functionality and technology

Your gateway provider should support the type of functionality – such as reporting and emailed receipts – that you need for your business, and appeals to your customers. It’s essential that the solution can be easily integrated and that your gateway provider offers you the flexibility to do business today and in future. Providers that persistently develop new ways to improve the user experience should top your list.

Business location and incorporation

The location of your business and that of your provider can affect how you incorporate your business, which is something most gateway providers require. There are a different set of incorporation rules for a South African business requesting a processing service from a gateway provider based in the UK, and vice versa. In order to get yourself online quicker, make sure you know these details before you choose your provider.

Your business model, products, and services

Some payment processors do not support what they consider to be ‘high-risk’ businesses and services. Make sure that your provider does not put your business in that category.

High-risk industries include:

  • Gaming
  • Dating
  • Travelling
  • Adult entertainment
  • Gambling

Fees, pricing, and service value

Knowing what kind of profit you make on a single sale, and what your average margin is, will help when you’re negotiating payment processing fees. The lowest fees don’t always deliver the best value, and could affect how customers feel about your brand. The best value for money is a transparent fee structure with no nasty surprises in the fine print, a good conversion rate, and value-added services.

Technical and customer support

If your gateway is riddled with technical glitches, or you are unable to accept payments because you’re unsure about how your gateway processor works, you are bound to lose sales. When choosing your online payment processor, select one that offers 24/7 support, or has a dedicated account manager. While you might never need it, it’s best to have it in place.


If customers don’t feel safe shopping online with you, no amount of product or customer service will make up for it.

Common vulnerabilities include:

  • Price manipulation. This is where a hacker can change the price to whatever they want, in any currency they choose. They use a web application proxy to change the price of the selected goods in a hidden HTML, when the information is passed from the user’s web browser to the server.
  • SQL injections. This is the insertion of a single quotation mark into the merchant’s back-end database. If the system has this kind of vulnerability, hackers can access restricted areas of the site.
  • Weak authentication and authorisation. These kinds of attacks happen to authentication mechanisms that do not prohibit multiple failed login attempts. If the site uses HTTP basic authentication or doesn’t pass session IDs over Secure Sockets Layer (SSL), hackers are able to trace traffic and find users’ authentication credentials.

Gateway providers must meet at least the following minimum requirements in order to address these common vulnerabilities:

  • Payment Card Industry Data Security Standard (PCI DSS) compliance.
  • Tools to ensure you remain PCI compliant in your business.
  • Maximum security for cardholder data, including tokenisation, card information storage, and verifications.

Tokenisation technology offers added security because it allows the safe storage of your customers’ card details, providing access to their original payment information, regardless of the contact point.

It’s advisable to do your research on PCI and payment security before you choose your gateway provider.

Reserve, and getting paid

Before you choose your payments provider, you’ll want to find out how your money gets to you. While many offer daily or weekly settlement options – allowing you quicker access to your funds – these services tend to come with higher transfer fees. Ask about these small details upfront to avoid being tied to a provider that doesn’t suit your needs.

As banks get to know your business, they might withhold some of your money for a period, to ensure that you are able to pay any fees that your revenue doesn’t cover. These chargebacks are an important consideration when selecting your provider.

Recommendations from associates

Who are other people using? Who do your competitors use? While not all solutions will suit everyone, you might be able to gather some tips from other business owners who have already settled on their providers.

If you’re looking to get paid quicker and spend less time chasing invoices, read this advice on how to deal with invoice delays and late payments.