Payment gateway

From Wikipedia, the free encyclopedia

A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payment processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.[1] The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.

A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank.

Payment gateways are a service that helps merchants initiate e-commerce, in-app, and point of sale payments for a broad variety of payment methods. The gateway is not directly involved in the money flow; typically it is a web server to which a merchant's website or POS system is connected. A payment gateway often connects several acquiring banks and payment methods under one system.

Typical transaction processes[edit]

When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transaction.[2][failed verification]

  1. The order is placed.
  2. The payment gateway may allow transaction data to be sent directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces the merchant's PCI DSS compliance obligations without redirecting the customer away from the website.[original research?]
  3. The merchant forwards the transaction details to their payment gateway.
  4. The payment gateway converts the message from XML to ISO 8583 or a variant message format (format understood by EFT Switches) and then forwards the transaction information to the payment processor used by the merchant's acquiring bank.
  5. The payment processor forwards the transaction information to the card association (e.g. Visa, Mastercard), which may act as the issuing bank or route the transaction to the correct card issuing bank.
  6. The issuing bank validates the request and sends a response back to the payment processor with a response code to indicate whether the request was approved or denied, along with the reason why the transaction failed if applicable. Meanwhile, the credit card issuer holds an authorization associated with that merchant and consumer for the approved amount.
  7. The payment processor forwards the response to the payment gateway, who forwards it to the website.
  8. The entire process typically takes 2–3 seconds.[3]
  9. The merchant then fulfills the order and the above process can be repeated but this time to "clear" the authorization by consummating (e.g. fulfilling) the transaction. This results in the issuing bank "clearing" the "auth" (i.e. moves auth-hold to a debit) and prepares them to settle with the merchant acquiring bank.
  10. The merchant submits all their approved authorizations, in a "batch" at the end of the day, to their acquiring bank for settlement via its processor. This typically reduces or "clears" the corresponding "auth" if it has not been explicitly "cleared".
  11. The acquiring bank makes the batch settlement request of the credit card issuer.
  12. The credit card issuer makes a settlement payment to the acquiring bank (the next day in most cases).
  13. The acquiring bank subsequently deposits the total of the approved funds into the merchant's nominated account (the same day or next day). This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.
  14. The entire process from authorization to settlement to funding typically takes 3 days.

Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation, velocity pattern analysis, OFAC list lookups, 'deny-list' lookups, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.

White label payment gateway[edit]

Some payment gateways offer white label services, which allow payment service providers, e-commerce platforms, ISOs, resellers, or acquiring banks to fully brand the payment gateway’s technology as their own.[4] This means PSPs or other third parties can own the end-to-end user experience without bringing payments operations—and additional risk management and compliance responsibility—in house, although the party offering the white labelled solution to its customers might still be responsible for some regulatory requirements such as Know your customer.[5]

See also[edit]


  1. ^ "eCommerce: Payment Gateways". Archived from the original on 18 November 2012. Retrieved 20 November 2012.
  2. ^ Gulati, Ved Prakash. "The Empowered Internet Payment Gateway" (PDF). Computer Society of India. Archived from the original (PDF) on 10 August 2013. Retrieved 22 May 2013.
  3. ^ "eCommerce: Choosing your payment methods". Archived from the original on 23 January 2013. Retrieved 19 November 2012.
  4. ^ Investopedia Staff (2008-05-21). "White Label Product". Investopedia. Retrieved 2017-07-20.
  5. ^ "Acquirer Services - White Label Payment Processing - MasterCard Payment Gateway Services". Retrieved 2017-07-20.