Payment Gateway is a merchant service provided by an e-commerce application service provider that authorizes credit cards or direct payments for e-business, online retailers, bricks and clicks and traditional brick and mortar business. A payment gateway facilitates a payment transaction by the transfer of information between a payment portal and the front end processor or acquiring bank. Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the merchant. The payment gateway may be provided by a bank to its customers, but can be provided by a specialized financial service provider as a separate service, such as a Payment service provider.
Working of Payment Gateway:-
- A customer places order on website by pressing the ‘Submit Order‘ or equivalent button, or perhaps enters their card details using an automatic phone answering service.
- If the order is via a website, the customer’s web browser encrypts the information to be sent between the browser and the merchant’s web server. In between other methods, this may be done via SSL(Secure Socket Layer) encryption. The payment gateway may allow transaction data to be sent directly from the customer’s browser to the gateway, bypassing the merchant’s systems.
- The merchant then forwards the transaction details to their payment gateway. This is another (SSL) encrypted connection to the payment server hosted by the payment gateway.
- The payment gateway then forwards the transaction information to Payment processor used by the merchant’s acquiring bank.
- The payment processer forwards the transaction information to the card association(I.e.: Visa/MasterCard/American Express). If an American Express or Discover card was used, then the card association also acts as the issuing bank and directly provides a response of approved or declined to the payment gateway.
- The credit card issuing bank receives the authorization request, verifies the credit or debit available and then sends a response back to the processor with a response code (I.e.:: approved, denied). In addition to communicating the result of the authorization request, the response code is also used to define the reason why the transaction failed (I.e.: insufficient funds or bank link not available).
- The processor forwards the authorization response to the payment gateway.
- The payment gateway receives the response, and forwards it on to the website where it is interpreted as a relevant response then relayed back to the merchant and cardholder. This is known as the Authorization or “Auth”
- The entire process typically takes 2–3 seconds.
- The merchant then fulfills the order and the above process can be repeated but this time to “Clear” the authorization by consummating the transaction. Typically, the “Clear” is initiated only after the merchant has fulfilled the transaction (I.e.: shipped the order). This results in the issuing bank ‘clearing’ the ‘auth’ and prepares them to settle with the merchant acquiring bank.
- The merchant submits all their approved authorizations, in a “batch”, to their acquiring bank for settlement via its processor. This typically reduces or “Clears” the corresponding “Auth” if it has not been explicitly “Cleared”.
- The acquiring bank makes the batch settlement request of the credit card issuer.
- The credit card issuer makes a settlement payment to the acquiring bank.
- The acquiring bank subsequently deposits the total of the approved funds into the merchant’s nominated account. This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.
- The entire process from authorization to settlement to funding typically takes 3 days.
The whole working of payment gateway can be understood with the help of this diagram :