When a customer enters their payment card details on an online shop’s checkout page, it seems the payment happens in an instant. In that instant, numerous procedural steps happen behind the scenes - the online payment process.
Two key elements in the online payment process are the payment gateway and the payment processor.
Payment Gateway vs. Payment Processor: What Do They Do and What’s the Difference?
Payment gateway and payment processor are often used interchangeably, but they are two different things.
- A payment gateway is software that encrypts and sends the customers' personal and bank details to the payment processor.
- A payment processor is a payment service that transfers encrypted card information to appropriate financial institutions, which complete the transaction.
To understand how they work, let’s consider significant payment gateway and payment processor details.
What Is a Payment Gateway?
A payment gateway is a software service that every ecommerce website needs in order to accept credit or debit card payments.
The customer interacts with a payment gateway when they enter their payment card information on the checkout page. When they proceed to pay, the gateway encrypts the customer’s personal and bank information so that hackers can’t steal and misuse it.
A payment gateway sends the encrypted information to the payment processor and waits for approval or rejection from the customer’s bank via the payment processor. The gateway then displays this information to the customer.
Do I Need a Payment Gateway?
If you have an online shop, you need a payment gateway to accept card-not-present transactions.
Payment gateways function as a POS terminal for online shops. It reads the customer’s card information and encrypts it. Payment gateways transfer data in the authorization process, both sending customer data to a payment processor and sending a message back to the customers letting them now if the payment was successful.
Types of Payment Gateways
There are two ways to integrate a payment gateway with your ecommerce store:
Hosted payment gateways are easy third-party solutions where the customer is taken from your website to an external checkout page to enter their card details. This is the preferred method for small to medium-sized ecommerce businesses, because hosted payment gateways include all the necessary security certifications which can be expensive and difficult to acquire.
Self-hosted or custom payment gateways allow customers to stay on your website when making a purchase. This solution allows you to have full control over the transactions. However, custom gateways are expensive, and the certification process can take a long time. It makes sense for big merchants with large sale volumes to self-host a payment gateway to avoid depending on a third-party provider.
When you choose your payment gateway, make sure it works with the payment methods you want to offer on your site.
Are Payment Gateways Secure?
Payment gateways provide modern security mechanisms. Each payment gateway is PCI DSS-compliant and secured with an SSL certificate. These certificates ensure a webpage adheres to rigorous security standards mandated by credit card networks, banks, and other financial institutions.
Payment gateways additionally encrypt transaction details by replacing real data with randomly generated strings of characters (tokenization) that cannot be deciphered by potential hackers.
Follow the link to learn what's a payment gateway without a chargeback option. That's a particularly useful option for high risk businesses.
What Is a Payment Processor?
A payment processor is a financial institution that works in the background of each payment card transaction. The role of the payment processor is to transmit sensitive customer information in the following way:
- Payment gateway sends encrypted customer details to the payment processor.
- Payment processor sends the customer’s data to the merchant account bank.
- The merchant account bank sends a request to the customer’s card issuing bank to verify the identity of the card holder and the validity of the transaction.
- The customer’s card issuing bank sends a rejection or approval message to the payment processor which directs it back to the payment gateway.
- Payment gateway notifies the customer whether the transaction has been approved.
- If the transaction is approved, the customer continues with the checkout process to finalize the transaction.
Sometimes the payment processor is the same institution as the merchant account issuer, so data is sent directly to the customer’s card issuing bank.
After the transaction is finalized, the processor sends information to the card issuing bank to transfer funds to the merchant account.
Every merchant needs a merchant account to accept money from credit or debit cards. It is a temporary account that stores money until a transaction is cleared. After 2-3 days, the money from the merchant account is transferred to the merchant’s business bank account.
Learn more about payment processors in our post What Is a Payment Processor?
Also, learn about the differences between a merchant account and payment gateway.
Do I Need a Payment Processor?
Every online vendor who wants to accept payment cards as a payment method needs an online payment processor.
A payment processor is the key element in relaying transaction information from the payment gateway to all financial institutions that need to verify the transaction.
How Do I Choose a Payment Processor?
Some questions to ask when choosing a payment processor are:
- How much does it cost, including all potential fees (setup fee, transaction fees, cancellation fee)?
- Which cards can you accept with this payment processor? (Visa and MasterCard are the most important options.)
- Which currencies are supported and can I sell products globally?
- How frequently does it deposit your funds?
- Does it provide high-quality customer service?
- What fraud prevention services does it include?
- How long will it take to set up?
If possible, get one provider for all three payment services - payment processor, payment gateway, and merchant account. That way you know who to contact if any payment issues arise.
Are Payment Processors Secure?
All participants in the payment process adhere to strict security standards, including the payment processor.
Just like payment gateways, payment processors comply with PCI DSS regulations, and encrypt sensitive card information. Most processors also offer fraud prevention services.
Learn more about how online payment processing works.
Does It Cost Money to Work with Payment Gateways and Processors?
Both payment gateways and payment processor services cost. The exact price varies depending on whether:
- The payment gateway and payment processing are provided by the same company.
- You integrate a hosted or a custom payment gateway.
- Additional fees are charged (initial setup, cancellation, membership, refund, and other fees).
Carefully study each payment provider’s costs and how difficult it is to switch to a different company.
Take into consideration the technical support they provide, supported payment methods, features like mobile-friendly payment forms, out-of-the-box integrations with shopping carts, customer support options, and global billing availability.
Ecommerce businesses shouldn’t choose between a payment gateway and a payment processor. They need both payment services to process online payments.
Though complex, the payment process is designed with the utmost security of both consumers and merchants in mind.