How payment gateways work

A payment gateway facilitates the transfer of information between a payment portal (such as a website, mobile phone or IVR service) and the Front End Processor or acquiring bank. When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction:

  • A customer places order on website by pressing the ‘Submit Order’ or equivalent button, or perhaps enters their card details using an automatic phone answering service.
  • If the order is via a website, the customer’s web browser encrypts the information to be sent between the browser and the merchant’s webserver. This is done via SSL (Secure Socket Layer) encryption.
  • The merchant then forwards the transaction details to their payment gateway. This is another SSL encrypted connection to the payment server hosted by the payment gateway.
  • The payment gateway forwards the transaction information to the payment processor used by the merchant’s acquiring bank.
  • The payment processor forwards the transaction information to the card association (i.e., Visa/MasterCard)
  • If an American Express or Discover Card was used, then the processor acts as the issuing bank and directly provides a response of approved or declined to the payment gateway.
  • Otherwise, the card association routes the transaction to the correct card issuing bank.
  • The credit card issuing bank receives the authorization request and sends a response back to the processor (via the same process as the request for authorization) with a response code. In addition to determining the fate of the payment, (i.e. approved or declined) the response code is used to define the reason why the transaction failed (such as insufficient funds, or bank link not available)
  • The processor forwards the response to the payment gateway.
  • The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted as a relevant response then relayed back to the cardholder and the merchant.
  • The entire process typically takes 2–3 seconds
  • The merchant submits all their approved authorizations, in a “batch”, to their acquiring bank for settlement.
  • The acquiring bank deposits the total of the approved funds in to the merchant’s nominated account. This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.
  • The entire process from authorization to settlement to funding typically takes 3 days.

Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation, velocity pattern analysis, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.

About eagle081183

Passionate, Loyal
This entry was posted in ASP.NET MVC, Software architecture. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s