Reading time: 14 minutes

Whether you are an eCommerce platform possessor or just maintaining your online presence, you want to offering your customers a condom, quick, and easy-to-apply payment system. The called payment solution has to satisfy both the needs of your customers and your business organization. And so, it has to be protected from fraud, back up a multifariousness of payment methods, be convenient to use, and uniform with your platform.

To accept electronic payments and be able to procedure credit or debit cards, a merchant uses a payment gateway. Choosing the correct payment gateway determines the currencies you tin accept, the transaction fee, how fast coin gets in your merchant business relationship, and the payment methods you'll offer.

According to Invespcro.com, over 23 percent of customers abandon their shopping carts because of a complex checkout (11 percent) system or also much data required to consummate information technology (12 percentage). These statistics confirm that choosing the right payment solution provider is as important every bit other aspects of a skillful eCommerce website. Simply, in lodge to choose a payment solution, first, we need to understand what is a payment gateway and how it works.

What is a payment gateway?

A payment gateway is a service that authorizes and processes payments in online and brick-and-mortar stores. A gateway serves as a portal to facilitate transaction menstruation betwixt customers and merchants. It uses security protocols and encryption to pass the transaction data safely. The information is transferred from websites/application/mobile devices to payment processors/banks and dorsum.

Payment gateways can execute the following transaction types:

Authority – a type of transaction used to bank check if a customer has plenty funds to pay. It doesn't include the actual coin transfer. Instead, during authorization, a merchant ensures that a cardholder is capable of paying for an ordered particular. An authorization transaction is used for orders that have fourth dimension to ship/manufacture.

Capture – the actual processing of a previously authorized payment resulting in funds being sent to the merchant'southward account.

Sale – a combination of authorization and capture transactions. A cardholder is first authorized. Then funds may or may not be captured. Information technology's a regular payment for immediate purchases, like a subscription purchase, or e-tickets.

Refund – the result of a canceled order for which a merchant will have to apply a refund payment processing to return the coin.

Void – similar to refund only can be done if funds were not yet captured.

Payment processing flow

The infrastructure of online payment processing is a little bit more complicated than you might imagine. For the customer, it's represented by a pocket-size window, or a dissever website, where they have to pass through the checkout. But actually, processing involves several financial institutions, or tools, verifying the transaction data on both ends, allowing the customer to complete the purchase in a few seconds.

When a customer checks out – passing the menu number, expiration date, and CVV – a payment gateway has to perform several tasks, which take about three-4 seconds:

  1. Customer. A customer presses a "Purchase" button and fills in the necessary fields to pass the transaction data. The information is encrypted and sent to the merchant's web server via an SSL connection.
  2. Merchant and payment gateway. After the transaction data is received, a merchant passes it to the payment gateway via another encrypted SSL aqueduct. If any of data is stored past a payment gateway, it is settled in a specific type of secured storage. Usually, gateways don't store bodily credit card numbers, but rather save tokens.
  3. Payment processor. The data goes to payment processors. These are the companies that provide payment processing services as third-party players. Payment processors are continued both with a merchant's account and a payment gateway, transferring data back and forth. At that stage, a payment processor is passing the transaction to a card network (Visa, Mastercard, American Express, etc.).
  4. Visa/Mastercard/American Express/Discover. The part of a card network is to verify the transaction data and pass it to the issuer bank (the depository financial institution that produced the cardholder's credit/debit card).
  5. Issuer depository financial institution. The issuer banking concern also accepts or denies the authorisation request. In response, a depository financial institution sends a code back to the payment processor, which contains the transaction condition or error details.
  6. Payment gateway. Transaction status is returned to the payment gateway, then passed to the website.
  7. Customer and issuing bank. A client receives a message with the transaction status (accepted or denied) via a payment system interface.
  8. Issuer banking company. Inside a couple of days (mostly the side by side day), the funds are transferred to the merchant's account. The transaction is performed by the issuing bank to the acquiring bank.

payment processing

Payment processing scheme.

Now nosotros are moving closer to payment gateways in their multifariousness. To integrate a payment system into your website, you will have to follow multiple steps.

Payment gateway integration

More often than not, there are four chief methods to integrate a payment gateway. All of them differ by ii major factors:

  • whether you must be in compliance with whatsoever financial regulation (PCI DSS), and
  • the degree of user experience concerning the checkout and payment procedure.

And then let's observe what the options are here and which integration methods suit your needs.

What is PCI DSS compliance and when practise yous need it?

In instance y'all but need a payment gateway solution and don't plan to store or process credit card data, you may skip this section, because all the processing and regulatory burden volition exist carried out by your gateway or payment service provider.

Only in case you're going to deal with sensitive financial information, you'll demand to comply with some industry regulations. Payment Carte du jour Industry Data Security Standard (PCI DSS) is a necessary element for processing carte du jour payments. This security standard was created in 2004 past the 4 biggest card associations: Visa, MasterCard, American Express, and Observe.

To become PCI compliant, you will have to complete 5 steps:

  1. Define your compliance level. There are four levels of compliance that are determined by the number of prophylactic transactions your business has finished. Transactions count if they were done via MasterCard, Visa, American Express, or Discover cards, and in that location was a sure number of successful transactions.
  2. Study the PCI Self-Assessment Questionnaire (SAQ). SAQ is a set of requirements and sub-requirements. The latest version has 12 requirements.
  3. Complete the Attestation of Compliance (AOC). AOC is a kind of exam you take after reading the requirements. At that place are 9 types of AOC for different businesses. The 1 required for retailers is chosen AOC SAQ D – Merchants.
  4. Conduct an External Vulnerability Scan by the Approved Scanning Vendor (ASV). The list of ASVs can be found here.
  5. Submit your documents to the acquirer banking concern and card associations. The documents include the ASV scan report and your filled-in SAQ and AOC.

Given this data, we're going to look at the existing integration options and explicate the pros and cons of each. Nosotros'll besides focus on whether you must comply with PCI DSS in each instance as nosotros explicate what integration methods adapt different types of businesses.

Hosted gateway

A hosted payment gateway acts as a third party. And so it requires your customers to leave your website to complete a purchase. Basically, that'due south the case when a client is redirected to a payment gateway web page to blazon in their credit card number. When the transaction data is sent, the client is redirected back to the merchant's page. Hither they finalize the checkout where transaction approval is shown.

hosted payment gateway

Hosted payment gateway work scheme

The pros of a hosted payment gateway are that all payment processing is taken by the service provider. Client card data is too stored by the vendor. So using a hosted gateway requires no PCI compliance and offers pretty easy integration.

The cons are that there is a lack of control over a hosted gateway. Customers may not trust third-political party payment systems. Besides that, redirecting them abroad from your website lowers conversion charge per unit and doesn't assistance your branding either.

How to integrate: Integration guides are generally open on the vendor's websites and the connection happens through an API. For example, PayPal Checkout suggests integration in the form of a Smart Payment Button. Basically, it'due south a piece of HTML code that implements a PayPal button on your checkout folio. It invokes the PayPal Residuum API calls to validate, collect, and send payment information through a gateway, whenever a user triggers the button.

Best fit for: minor or local businesses that are more comfortable using an external payment processor.

Direct Post method

Direct Mail service is an integration method that allows a customer to shop without leaving your website, every bit you don't accept to obtain PCI compliance. Direct Post assumes that the transaction's data will be posted to the payment gateway after a customer clicks a "buy" button. The data instantly gets to the gateway and processor without being stored on your own server.

The pros of this method are equal to an integrated payment gateway. You get the customization options and branding capabilities, without PCI DSS compliance. The user performs all the necessary activity on one page.

The con is that a Direct Post method isn't completely secure.

How to integrate: A vendor would fix up the API connexion between your shopping cart and its payment gateway to postal service the card data.

Best fit for: can be used by businesses of all sizes.

Non-hosted (integrated) method

An integrated payment gateway basically means there are no 3rd parties involved at the payment checkout phase of. Companies using integrated gateways obtain PCI DSS compliance, which means they're in charge of storing, securing, and conducting initial verification for each transaction. This is done by installing a payment gateway solution available on the merchant's website.

In some cases, companies can use a white label payment gateway as a not-hosted solution. This is basically a prebuilt gateway that can be customized and branded as your own. Here are some well-known white label solutions designed for merchants:

  • PayXpert
  • Akurateco
  • Hips
  • PayPipes
  • MasterCard

An integrated gateway tin be a dedicated source of revenue, equally merchants that obtain all the necessary compliance become payment service providers themselves. This means your business organisation can process payments for other merchants for a fee. But, besides the regulatory aspect, being a payment gateway provider brings a technological brunt, considering you lot demand an infrastructure to safely shop transaction data, credit card tokens, etc.

The pros are that you lot have full control over the transactions at your website. Y'all tin can customize your payment organization equally you lot wish, and tailor it to your business concern needs. In case of a white-label solution, the payment gateway is your branded technology.

The cons generally are all about maintaining the infrastructure of your payment system and the related expenses. To use an integrated gateway, you have to be PCI compliant starting time of all, because you will have to store all clients' credit card data on your own servers. Besides, integrating the gateway can exist tricky if you desire to add together custom functionality.

How to integrate: Non-hosted payment gateways are integrated via APIs to your server. Consequently, it will require an engineering team to perform the integration. Near vendors have well-documented integration guides, API references, or developer portals.

Best fit for: for medium and large businesses that rely heavily on branding and user experience.

Choosing a payment gateway provider

At present, yous tin cull a payment solution for your business considering all factors, your business specifics, and your customers. Here are some things to consider prior to deciding on a provider.

Study the pricing

Payment processing is complex, as it includes several financial institutions or organizations. Like any service, a payment gateway requires a fee for using tertiary-party tools to process and authorize the transaction. Every party that participates in payment verification/authorisation or processing charges fees. Transactions unremarkably are billed according to the amount, location (across a certain country or international), and type of a production (concrete or digital).

Every payment solution provider has its ain terms of utilise and fees. Usually, you will take the following fee types:

  • gateway setup fee,
  • monthly gateway fee,
  • merchant account setup, and
  • a fee for each transaction candy.

Read all the pricing documentation to avert subconscious fees or boosted expenses.

Check transaction limits for a given provider

While fees and installation charges are inevitable, there is one matter that may determine whether you lot tin can work with a certain provider. Gateway providers set transaction limits as a minimum and maximum amount. Both values are of interest for merchants and their business, every bit you desire to utilize a single gateway for all the available products.

Then, let's accept for example Stripe as ane of the biggest players. Their transaction limit minimum is $0.50 and $999,999.99 is their maximum. The maximum amount will probably suit the majority of businesses that don't trade bonds or existent estate online. But if your business is selling, say, stock music tracks for a price equally depression every bit $0.ten, this may touch your selection fifty-fifty though making a $0.10 purchase is extremely rare.

The 2d matter you should pay attention to is daily or monthly transaction limits. These occur pretty rarely, but also play a huge part for gateway provider choice.

Examine merchant account options

A merchant account is an agreement between a merchant and an acquiring banking concern, past which a merchant allows a banking company to process their transactions. Additionally, a merchant agrees to follow the operational regulations of credit card processing established by credit card companies.

A merchant account can be opened through banks or payment gateway providers, that offering merchant accounts as a part of a service. This includes payment processors. If you already have a merchant account, consider what that provider offers. Otherwise, information technology'south amend to choose a provider that offers a merchant account from the start.

Make sure the gateway supports necessary payment methods and credit cards

As of 2019, the most pop payment methods remain credit cards, varying from 82 to 69 per centum of all shoppers in different regions co-ordinate to Statista. Second place is occupied past various electronic payment methods like PayPal, Union Pay, and Alipay, ranging betwixt 51 and lxxx percent of all shoppers.

In terms of credit cards as a major payment method, you have to make certain a payment gateway accepts all the required credit card networks.

Another attribute is multi-currency support. If your business is international, you want your customers to be able to pay, no matter what currency they use. Pop gateway providers offer multi-currency back up processing with or without an additional fee. If you are going to utilize a hosted payment organization, there are besides localized checkouts bachelor.

Consider mobile payments

While mobile payments are acquiring money from the credit card accounts, accepting Apple Pay or Google Pay means supporting a unlike payment method. In short, mobile payments have their ain tokenization procedure, and come up every bit a split method in all payment gateway services.

Depending on the country you lot're running your business in, mobile wallets may or may non exist available. But the three major applications, Apple Pay, Google Pay, and Samsung Pay, currently support all four chief credit card networks and operate in hundreds of countries. So, you have to browse the provider's folio and detect the corresponding information on whether the gateway supports mobile wallets and which ones.

Keep in heed that there are too different transaction limits set for a given time flow, for example, PayPal.

Ensure your product type is permitted by the provider

By and large, at that place are two types of products considered by providers: digital and physical.

Some of the payment solution providers offer their services both for physical and digital products. Merely it'south non rare for only 1 blazon of product to exist bachelor in utilize of a certain system. So, before subscribing to a provider, make sure information technology permits your type of a production.

The horde of gateway providers is overwhelming, so we've picked some of the biggest, most reliable options.

payment gateway providers compared

Table of payment gateway providers features

Stripe

Stripe is an eCommerce tailored-payment solution. Stripe accepts all major payment methods, including mobile payment providers such every bit Apple tree Pay, WeChat Pay, Alipay, and Android Pay.

The service is fully loaded with its comprehensive documentation, international back up, and monitoring organisation. Information technology has a simplified PCI compliance procedure, with 135 supported currencies, and allows for integrating with other third-party platforms.

Pricing: Stripe charges no setup fees. The standard package charges 2.nine percentage + $0.30 per transaction. Additionally, there is a fee for international card processing (i percent). But Stripe also offers a customized solution and pricing package for big businesses. The chargeback amount is a fixed $15.

PayPal

PayPal is one of the most widely accustomed electronic payment methods in the world. PayPal offers scalable solutions for businesses of dissimilar sizes. Through its gateway, PayPal offers processing of all the major credit and debit cards, and PayPal payments themselves, with diverse other methods. It likewise has multiple services, which include PayPal Payments Pro, PayPal Express Checkout, and Braintree.

PayPal is often integrated as a hosted payment solution. PayPal Payments Pro is an upgrade you may obtain if you desire an integrated checkout right on your website. PayPal Express Checkout is the easiest choice, as information technology simply adds a PayPal push to your website. Braintree is a split payment solution, but it is a PayPal partition. The primary advantage of using Braintree is that information technology bills international transactions without an additional fee.

Pricing: PayPal'due south pricing model is complex, and includes different calculations for micropayments, their platform usage, and international transactions. Domestic transactions are billed at 2.9 pct + $0.30 per transaction. Exterior the US transactions are 3.9 percent + a fee based on the currency used. There is no monthly fee for the standard PayPal, just Payments Pro charges $xxx monthly for a subscription. The chargeback amount is $20, and for Braintree, with equal pricing for transactions, information technology is $xv. No setup fees are included.

Amazon Pay

Amazon Pay is an eCommerce giant with its platform designed for online retailers. Amazon Pay is integrated via API, offering a semi-integrated payment solution. It'due south bachelor across devices, with a focus on mobile use. Amazon service also supports all the major payment methods and credit cards.

Pricing: Domestic transactions are billed at 2.ix per centum + $0.30 per transaction. International is 3.9 per centum. The refund amount is $xx + taxes, if applicable. No setup or monthly fees.

Authorize.net is designed for modest- and medium-sized businesses. Their service likewise provides all the major payment method support, including PayPal payments and Apple tree Pay. Authorize.net protects users from fraudulent transactions via its Avant-garde Fraud Detection Suite. They besides support integration with mobile applications.

Pricing: 2.9 percent + $0.30 per transaction. There is a $25 monthly fee for a gateway and $49 for merchant account setup. Yous may sign upwardly for a payment gateway if you already have a merchant account.

2Checkout

2Checkout provides customizable options for businesses of different sizes, as well as integrated payment solutions. Its biggest reward is its scalability with packages for different product types. 2Checkout supports all the major payment methods, 87 currencies, and 15 languages localizations.

Pricing: 2Checkout includes iii packages with unlike fees. There are no setup, monthly, or recurring payments. The 2Sell fee is three.v pct + $0.35 per transaction. 2Monetize is a parcel tailored to digital production sellers, and its pricing is 6.0 percent + $0.60 per transaction.

Custom payment gateway

At that place are a lot of payment gateway providers that offer a full shopping experience to your customers and various integration methods. But if you are a big enterprise, y'all might be interested in building your own payment solution to break free of vendor restrictions.

How to build a custom gateway?

Creating a custom payment gateway requires several steps:

Payment gateway provider registration. Register as a payment gateway provider with a credit card company (or several) through your acquiring depository financial institution.

  1. Contracting with banks. Contract banks that will act equally payment processors to handle the actual processing for y'all. Multiple banks can give yous different transaction fees for international transfers, or different rates for currency exchange.
  2. API development. Develop an API for your gateway and write robust documentation equally required inside PCI DSS compliance.
  3. Tokenization solution. Whatsoever institution that stores credit menu information does it in the form of tokens. This is a security measure when we replace sensitive data with tokens as it reduces the take a chance of fraud. Tokens comprise transaction data and cardholder information, without exposing it to the 3rd parties.
  4. PCI DSS certification. Get PCI DSS compliant by implementing all the necessary security measures and integrating merchant fraud protection mechanisms on your website.
  5. Cull boosted payment methods. If yous need additional methods like PayPal, Bitcoin, or mobile wallets (due east.thousand. Apple Pay), you'll need to integrate them separately with their APIs.
  6. Management tools development. Develop a merchant administration web application, or simply an admin panel to allow your staff to command merchant operations.

You may also use open up-source payment gateway solutions. It is possible to use an open up-source payment gateway (similar OmniPay, PayU, or Agile Merchant) software that will lower the costs of the engineering. But information technology will, once more, restrict y'all in customization options.

Developing an independent custom gateway and payment processing infrastructure requires serious expenses that are billed in a range from $150,000 to $800,000. That toll includes engineering, maintenance, PCI DSS compliance certification, SSL certification, writing API documentation, and assistants expenses. Also the fiscal issues, it also requires the time to launch a fully working system and implement it into your product.

However, a custom payment solution can bring a number of benefits:

Lower transaction fees. Establishing your gateway, you avoid a gateway provider as a free-forming gene, which lowers transaction fees.

Customization. A large enterprise business may be firmly restricted past what vendors offer. Even if yous find a vendor with low transaction fees and a great number of payment methods, there are always restrictions. Developing a custom payment solution allows yous to implement any feature you want, whether those are recurring payments or multi-currency transactions.

Offer payment gateway every bit a product. With your own custom payment solution, you volition exist able to offer it to other merchants and agents.

Beingness a long-fourth dimension investment, developing a custom payment gateway is quite reasonable for a company with a large yearly revenue. For companies handling fewer than 20 k transactions per year, a customer payment solution is unnecessary. Only for merchants conducting over 1-2 million transactions, the savings quickly mount up.

Optimizing your gateway and saving costs on transaction fees are reasonable factors to consider. Pitfalls you should exist aware of are security issues, which are usually carried by the gateway providers. But, obtaining PCI compliance, and using fraud direction will assist you to go customer confidence.

Conclusion

So, whether you are choosing a payment gateway/processor provider, or planning to build your own payment portal, information technology is always a much more than profitable solution for an online merchant, unless yous are a non-turn a profit website. Websites using an inbuilt payment system are more trusted by customers. And if yous are looking for a way to meliorate client confidence, integrate a payment solution that volition inspire trust, support multiple payment methods, and exist protected from fraudulent deportment.