If you’re in the process of setting up an online business, you will have a host of things to take into consideration when writing your business plan. In addition to sorting out your business name and structure, suppliers and distribution, funding and financial forecasts, you also need to put in place the way in which your customers are going to pay you.
The majority of people making online purchases pay by credit or debit card, and in order to facilitate that transaction you need a Payment Gateway. In simple terms, a Payment Gateway is the online equivalent of a card terminal in a physical store – it enables secure debit and credit card payments to be made.
In addition to a Payment Gateway, you will need a Merchant Account, a type of bank account that allows you to accept card payments. Banks that offer Merchant Accounts are known as Acquirers: they liaise with card issuers, handling authorised payments, returns and refunds, and also deal with fees. Think of it as a holding station: the place the money goes to before it finally ends up in your business bank account.
How a Payment Gateway Works
Step 1: The customer puts their purchase into the basket and goes to the site checkout.
Step 2: The customer is directed to the Payment Gateway (which can be either Hosted or Non-Hosted – see below) where they select their preferred payment method and enter their details. The Payment Gateway sends the details to the business’s Merchant Account provider, who in turn sends them to the card’s issuing bank for authorisation.
Step 3: The card issuer checks the card details and, if everything is OK, authorises the payment, debits the funds from the shopper’s bank account and credits them to the business’s Merchant Account. Confirmation is sent to the Payment Gateway, which lets both the customer and the business know that payment has been authorised.
Step 4: The funds are paid from the Merchant Account into the business’s bank account, less fees.
Hosted Vs. Non-Hosted Payment Gateways
Payment Gateways may be Hosted or Non-Hosted. Non-Hosted Payment Gateways process the transaction on your website, which needs to be security compliant. As well as meeting certain technical specifications, you’ll need an SSL (Secure Sockets Layer) certificate, to show you have an encrypted data transfer link in place.
A Hosted Payment Gateway, on the other hand, takes the customer from your website to a securely hosted page in order for the payment to be processed. They are then returned to your website, where their purchase is confirmed.
The Importance of PCI DSS Compliance
When it comes to the transfer of cardholder information, security is paramount. The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide standard that was set up to help businesses process card payments securely and reduce card fraud. London & Zurich’s card payment platform is compliant with Level 1 of the standards, meaning it offers the highest level of security required.
When you are setting up your online business, it pays to research and understand the basics of e-commerce. Knowing how everything fits together and understanding the jargon – and the options – will help you make the best decisions for you and your business.
If you have any questions about Payment Gateways or PCI compliance, please get in touch with our expert consultants today.