E-Commerce

Email this article Printer friendly page

All About Shopping Carts. Part 3. Payment Gateways Dr. Ralph F. Wilson , Web Marketing Today - Oct 13, 2009

---

When someone makes a purchase through your shopping cart, the typical payment transaction process has three steps:

1. Customer offers credit card information.
2. This information is verified in real time.
3. The transaction is accepted and the customer sees the "thank you for your order" screen.

This article will explain step 2 of this process -- verifying credit card information in real time -- which requires the use of what is called a "payment gateway," that is, a secure Internet connection to your merchant credit card payment processor.

Manual Entry

Of course, you can set up your shopping cart to allow for manual approval of credit cards. For example, if you have a credit card authorization system in your brick-and-mortar store, you can take the credit card information from your online store and then check it manually. But this creates several problems:

• Entry errors occur often when you manually enter numbers.
• Efficiency is reduced when you do something manually that can be done automatically.
• Merchant credit card accounts secured for brick-and-mortar purchases sometimes don't allow Internet purchases, which are charged at a different discount rate.

So nearly all online merchants set up a way to get credit card approval online in real-time, automatically.

What Is a Payment Gateway?

As mentioned above, a payment gateway is a secure, Internet interface with a payment processor, the company that makes sure that transaction is okay. The payment gateway has two functions:

• To transmit the credit card information securely to the payment processor
• To transmit the approval code and any confirmation details back to your shopping cart program.

What Does a Payment Processor Do?

The payment processor is usually a third-party company that is under contract to the merchant's bank to provide authorization and settlement services for any credit card transactions at the merchant's store. In the US, most transactions are handled by these three processors:

• First Data Merchant Services (FDMS), Nashville and Omaha Platforms
• Elavon Global Payment Solutions (formerly Nova Network)
• Chase Paymentech

Typically, when an order is initiated, the credit card information is transmitted to the payment processor. The processor then checks to see if:

• The credit card number, expiration date, and security code information are correct and up-to-date.
• There is sufficient credit available in the purchaser's account.
• The card has not been reported stolen.

Then the processor either authorizes the transaction or declines the transaction based on what it finds.

For an additional fee, it can check the numbers in address and ZIP code fields to see if they conform to those on file for the customer's credit card, then report back to the merchant. This is called AVS (Address Verification Service).

All this information is transmitted back to your shopping cart within a few seconds using the payment gateway.

At the end of the day, the payment processor will "settle" the funds, that is, withdraw funds from the purchaser's credit card account and deposit funds into the bank account designated by the merchant credit card account contract. (To learn more, read my recent article on "How to Shop for a Merchant Credit Card Account," Web Marketing Today, September 15, 2009).

Security Level

Payment gateways use very secure means of transmitting sensitive information over the Internet so long as they are installed properly. I've never heard of a problem where a hackers have been breaking into the secure payment gateway connection. Hackers look for low-hanging fruit, not heavily encrypted messages that take massive resources and time to decrypt.

Shopping Carts Can Take Only Certain Payment Gateways

Each payment gateway has its own proprietary method of connecting and passing data. Thus it takes special programming and testing to set up a shopping cart for a particular payment gateway. As a result, each shopping cart will offer only a limited number of payment gateway choices for which this programming is built-in. Be sure to check your shopping cart to make sure your preferred payment gateway is available.

Popular Payment Gateways

The availability of payment gateways is determined by your country or region. Most US payment gateways are not available for UK residents, for example, and vice versa. There's been a great deal of consolidation in this industry over the last few years. Many first generation payment gateways have been purchased either by larger payment gateway companies or by credit card processors themselves. Some popular US payment gateways include:

• ACH Direct PaymentsGateway
• Authorize.Net (owned by CyberSource)
• CHASE Paymentech Orbital Gateway
• ClearCommerce (now owned by Fidelity National Information Services)
• CyberSource Advanced (for medium and large stores)
• First Data Global Gateway (formerly LinkPoint and YourPay)
• NetBanx (UK)
• Optimal Payments (US, Canada, UK)
• PayPal PayFlow Pro and Link (formerly owned by VeriSign)
• PayPal Website Payments Pro
• PSiGate (Payment Services Interactive Gateway)
• RBS WorldPay (UK-based, available in many countries)
• Sage Pay (formerly Protx)

Of these, the most popular small business payment gateway is Authorize.net, owned by CyberSource. I once heard a merchant credit card salesman claim that Authorize.net was the "best" payment gateway available. It's not. However, all the major shopping carts and most of the minor ones offer Authorize.net. Bundled with a merchant credit card account, it usually costs $10 per month -- $20 per month and a set-up fee if not bundled -- plus a transaction fee.

Reasons to Look Beyond Cost

Why would you spend more? While inexpensive payment gateways will meet the needs of most small online merchants, you may need to spend more in order to get:

• Greater programming flexibility for custom ordering system applications.
• Fraud monitoring risk management systems that cut losses for stores selling products or services with high amounts of credit card fraud.
• Specialized payment method availability, such as e-checks, bill later, recurring billing, etc.
• High volume pricing.
• Canadian processing.
• International payments.

Fraud Detection

Most payment gateways these days currently offer some degree of fraud detection and risk management for an extra fee. Risk management systems often work on a point system, assigning points for such warning signs as:

• Suspect customer IP addresses
• High ticket purchases made in the middle of the night
• Less than perfect AVS matching (address verification)
• Customer computer IP address locations that don't correspond to the shipping address given
• Mistakes in entering credit card information
• Different shipping address from billing address

The more points a transaction accumulates, the higher the chance it is fraudulent. According to the rules that you designate, high risk transactions aren't approved immediately, but flagged for manual approval. Among others, CyberSource has developed an excellent reputation for Internet credit card fraud detection.

Built-in Payment Gateways

What I've described above are payment gateways that are separate from your merchant credit card account. However, there are payment gateways built into several popular alternate payment methods. Some of these are:

• PayPal Website Payments Standard
• PayPal Express Checkout
• Google Checkout
• Amazon Simple Pay and Checkout By Amazon

Sequence of Decisions

If you're starting an online store from scratch, I recommend the following sequence of decisions:

1. Shopping cart selection. You most important choice is a shopping cart designed to meet your needs. It shouldn't be an after-thought.
2. Payment gateway selection. Once you've selected shopping cart software, then see what payment gateways are available to you. But don't secure the payment gateway yet.
3. Merchant credit card account selection. Finally, shop for a merchant credit card account that offers good terms and bundles with it a payment gateway compatible with your shopping cart. Order your payment gateway along with the merchant account. Your bundled price is typically a full 50% less for the payment gateway that the price advertised on the payment gateway's website.

The Bottom Line

As you're trying to decide on a shopping cart and payment transaction system, remember the payment gateway. I recently cancelled a high quality, high priced payment gateway in favor of a transaction system with a built-in payment gateway. What convinced me? Calculating the total costs with each system and weighing those against advantages and disadvantages. What is best for one business won't necessarily be best for another.

Hopefully this article will have armed you with enough information so that you can find the payment gateway that's right for your online commerce application.

Dr. Ralph F. Wilson is an e-commerce expert. He has built stores for dozens of clients (including a prominent Internet Retailer 100 company) and has written extensively on e-commerce. He is the author of The Shopping Cart Report (Second Edition, 2004). He is the founding editor of Web Marketing Today.