An essential part of selling via the Internet is allowing quick and easy exchange of funds. Whereas in Russia, China, and some other countries, 75% or more of the products ordered via the Internet are paid for by COD (Cash On Delivery), many countries have a sophisticated means of payment via credit card or bank debit systems.

A payment gateway connects the merchant's order form to the customer's credit card processor or bank so that the transaction can be automatically authorized in real-time in just a few seconds.

In a brick-and-mortar retail store, the merchant is hooked via modem directly to the processor over a telephone line. In a virtual store, however, the order must be transmitted over the Internet via a secure payment gateway before it is transmitted via phone line.

Typical US Payment Gateway

While systems vary some from one country to another, this is how it typically works in the US:

1. Customer fills out credit card information on the website order page and clicks on the "submit" button.
2. Credit card and sales info are transmitted from the merchant to the payment gateway provider via secure Internet connection.
3. (optional ) Credit card and sales info are transmitted to a fraud detection system via high-speed leased secure land telephone lines.
4. (optional) The fraud detection system checks massive databases to see if the card and sale match likely patterns of credit card fraud to determine if the risk is less than a pre-determined risk point total set by the merchant.
5. (optional) A positive or negative response is transmitted from the fraud detection system to the gateway provider via high-speed leased secure land telephone lines. Assuming the response is positive....
6. Credit card and sales info are transmitted from the payment gateway provider to the bank's processor via high-speed secure land telephone lines.
7. The bank's processor checks a list to see that the credit card account is not overdrafted or reported stolen and (optionally, in the US only) that the numbers in the address and ZIP code match the billing address on the customer's credit card (AVS or Address Verification Service). If the transaction passes these checks, the sales amount is deducted from the remaining credit balance available for the customer's account.
8. A transaction authorization number (or a negative response, if it doesn't pass) is transmitted from the bank's processor to payment gateway provider via high-speed secure land telephone lines.
9. A transaction authorization number (or a negative response) is transmitted from the payment gateway provider to the merchant's website ordering system via secure Internet connection.
10. The merchant's website ordering system reports to the customer's web browser either the success of the order or that the authorization failed.
11. The merchant notifies the payment gateway provider that the ordered item has been shipped and to mark the transaction as to be "settled." (For digitally delivered products, transactions are automatically settled each night.)
12. The payment gateway provider "settles" the transaction overnight with the bank's processor.
13. The bank's processor transfers the money from the customer's credit card account into the merchant credit card account, and the money is now available to the merchant.

I know this looks fairly complicated -- and it is. Getting all this to work quickly and flawlessly is no trivial task, and mistakes can be financially disastrous. The payment gateway provider is the bridge or gateway from the merchant's website to the merchant's bank.

This varies, of course. In the US, the processors are beginning to develop their own payment gateway systems, bypassing third parties (e.g. FirstData's SurePay). Banks, especially outside the US, are offering their own payment gateway systems for their merchant clients. Hosted shopping cart sites such as Yahoo! Store (http://store.yahoo.com) are offering payment gateways integrated into the online store. And merchant account providers are bundling Payment Gatways with their merchant accounts such as at Bigstep (http://www.bigstep.com). New payment gateways are springing up all the time at the same time as others are failing or being acquired. The whole industry is in a state of flux.

International Payment Transfer

While US payment gateways work pretty much as described above, other countries have different financial traditions and practices that will affect merchants doing business with customers in those countries. When credit cards are used to make a purchase on a website in another country (for example, when a Englishperson purchases an e-book on my website in the US), the sale takes place in US dollars, the amount is converted automatically by the credit card company to English Pounds Sterling, and -- including a small conversion fee -- debited from the Englishperson's credit card account. Credit cards make complex international currency exchanges quite painless for the merchant.

However, people in many countries don't commonly use or even own credit cards. They are beginning to develop other payment transfer systems.

Germany and China. In Germany, most people don't own a credit card. Instead they commonly give checking account information to merchants that directly debit their bank accounts. Thus, e-commerce in Germany uses a debit system. In China, too, credit cards are rare. Most e-commerce transactions take place by COD, though payment gateways now allow merchants to accept direct debits from multiple banks at which their customers do business.

Russia. In Russia COD is the primary mode of e-commerce, but a form of prepaid e-cash wallets is being accepted in more shops, such as PayCash.ru.

Africa and the Middle East. Outside of South Africa, Israel, and Dubai, payment gateways are only now beginning to emerge.

I sense that in many places e-commerce is still in its infancy, and banks or other financial institutions are struggling to accommodate it. We'll no doubt see a lot of changes in the next few years.

Types of Payment Gateways

As you are shopping for a payment gateway system for your business, be aware that there are four types of systems to watch for. The first two are not technically payment gateways, but since from a merchant's viewpoint they function in a similar way, I am including them here.

1. Prepaid E-cash Wallets (see notes and user feedback)

Prepaid e-cash systems are now showing up. Early in the history of e-commerce, various wallet systems were available, such as DigiCash. Some required each customer to download software for his or her PC that would create a virtual wallet and identification of the buyer. Conceptually and technically wallets are a good idea. The problem is that for a system to become widely accepted, both merchants and customers must go out of their way to adopt it.

In this US, DigiCash never took off. In Russia, a land of few credit cards, this kind of system is beginning to make headway with PayCash.ru and WebMoney.ru. It is still in the early stages in Russia but has promise.

I put PayPal (www.paypal.com) in this same e-cash category though it doesn't use PC-based wallets; your account is maintained online using a web interface. PayPal has been extremely well accepted in the US, getting its start as a secure means of paying for auction items purchased on eBay. Now PayPal has a rudimentary shopping cart system that will suit some merchants. Buyers no longer have to fund a PayPal account in order to make a purchase; they can pay directly via credit card, but at the same time they become PayPal members, growing the network that much larger. Small merchants like it, since it allows them to accept credit card payments for 2.9% plus a 30¢ transaction charge, without the set-up and monthly expenses associated with a merchant account. I see PayPal fast becoming a new kind of banking phenomenon, allowing members to electronically move small sums of money internationally without wire charges. See my review of PayPal in Web Marketing Today, 7/9/01 (www.wilsonweb.com/reviews/paypal.htm).

2. Service Bureaus (see notes and user feedback)

The second type of payment gateway is what I am calling a service bureau -- they take care of the entire credit card transaction for the merchant, who then only needs to deliver the product. It used to be that factoring, which includes taking credit card payments for another merchant, was not permitted -- and it still is not permitted. But service bureaus typically act as the legal retail seller, with the merchant as their legal fulfillment agent, thus avoiding the factoring rules. An example for selling hard goods is CCNow (www.ccnow.com), about which several users gave us positive feedback. CCNow charges no set-up funds or monthly fees, but 8% to 9% for handling the transaction for the merchant. (See my review of CCNow, Web Commerce Today, #44, 3/15/01, www.wilsonweb.com/reviews/ccnow.htm) They delay payment of funds for several weeks to protect themselves from chargebacks. A newer company is OrderButton (www.orderbutton.net), which charges 7% in fees for sales of tangible goods. ClickBank (www.clickbank.com) charges 7% for electronic goods and Kagi (www.kagi.com) charges a rate of 10% down to 4%, depending on the sales price of the software. Service bureaus are being used in Europe for charitable giving and in Africa for purchasing from native artisans. Some companies, such as Beanstream in Canada (www.beanstream.com), that cater to merchants with merchant accounts also have a track for merchants without merchant accounts for a somewhat higher discount rate.

3. Form Hosted on the Gateway's site

The third type of payment gateway is a simple secure order form, not hosted on the merchant's site but on the payment gateway provider's site. It takes the purchaser's credit card information and purchase price, and then passes it onto the processor via telephone lines. This kind of service is often less expensive than having the order form hosted on the merchant's website.

However, since the credit card and address data is entered on the payment gateway provider's site rather than on the merchant's site, it is more difficult to get that data into the merchant's customer database. The merchant may never know the customer's credit card number at all, making it more difficult to track chargebacks that often come with only a credit card account number to identify the purchaser. The hosted form gateway offers few advantages over the service bureau approach in terms of website automation, except that you'll have better shipping and tax calculation abilities than you find with the typical service bureau.

4. Order System and API Hosted on the Merchant Site

The fourth, most capable -- and most expensive -- type of payment gateway is an order form hosted on the merchant's secure website that takes all the purchaser's information and then transfers the information needed by the credit card processor via a secure web connection to the payment gateway provider, which passes it on to the processor.

To make the merchant's website capable of transmitting credit card information securely, the payment gateway provider makes available an API (Application Programming Interface), a computer program that is usually installed in the merchant's website cgi-bin directory to provide a series of functions for transmitting and receiving data securely. These APIs are specific for the operating system that is hosting your website. For example, a payment gateway may provide APIs for Windows NT/2000, Linux, and FreeBSD operating systems, but not Solaris Unix or IBM AIX Unix. As you are shopping for a payment gateway, make sure that your hosting service operating system matches the APIs that are available for the payment gateway.

The good news about merchant-hosted APIs is that they are very powerful and allow you to collect all your customer's information into your own database. This allows you to offer superior customer service and have a better handle on your sales and customers.

The bad news is that merchant-hosted APIs can be notoriously difficult to install on a server. Blessed are you if the installation comes bundled with your shopping cart or your hosting service already has the API installed on the server. Otherwise, getting it installed and configured with your e-commerce program will probably require a programmer's help. I am currently in the middle of moving from an old version on one server to a new version on another server, and my programmers are groaning.

Most of the popular full-service payment gateway providers provide both a simple form hosted on their own sites AND hosting of the form on the merchant's site, depending upon a merchant's needs and budget. For example, note the subtle change in terminology for the different products. You have to watch carefully to know which type you are being offered.

How to Shop for an E-Commerce Payment Gateway

Never shop for a payment gateway first. Here's the preferred decision order:

1. Shopping Cart. Find the store-building or shopping cart program that meets your company's needs. This is one of your most important decisions, since it can be expensive to change to another system if you made the wrong choice the first time.
2. Payment Gateway. Determine which payment gateway systems (if any) are supported by the shopping cart you have selected. Now find a compatible Gateway that fits your budget and is available in your country.
3. Web Hosting Service. Find a web hosting service that supports both your selected Shopping Cart and payment gateway.
4. Merchant Credit Card Account. Most merchant account ISOs (Independent Sale Organizations) will try to talk you into getting their package of a shopping cart, payment gateway, and merchant account, since they make a profit on each service they can sell you. I strongly recommend that you don't do this unless you know for sure it is exactly what you want. Few ISOs are really qualified to help you determine what kind of shopping cart, ordering system, and Gateway you need; too often they're better at knowing how to take your money, sometimes signing you up for an unbreakable three- or four-year lease. Beware! Get your merchant account last, with a bank whose processor is compatible with your payment gateway.

Of course, you must assess your needs carefully. My recommendation is that you buy only what you can afford and what you need. Your e-commerce site will begin slowly and (hopefully) grow gradually. Unless you have a substantial marketing budget that will bring significant traffic and sales immediately, don't overbuild.

Consider carefully what kinds of fraud protection you'll need to protect against online thieves, and whether it is available with your selected payment gateway. Whether or not you feel you need it now, make sure you have the option available. Businesses that are selling immediate access to information, services, or entertainment, and those selling high ticket items are at higher risk of credit card fraud.

Recommendations

These are my recommendations for payment gateways. The ones I recommend I have confidence in and generally positive feedback about. It doesn't mean anything negative if I omit recommending a particular service. I just recommend those I am more familiar with and have most confidence in.

I use VeriSign Payment Services PayFlow Pro (www.verisign.com/payment), and have done so for four years. I have been quite pleased with their service (with a couple of exceptions), and would recommend them to other US merchants. They tend to be more expensive than other options, so see if you can get their services bundled with a merchant account from an Internet savvy bank -- you'll save some money overall. The bundled price is often lower than the price displayed on the VeriSign website. Their service is fast, capable, and constantly improving. I don't especially recommend PayFlow Link, their less expensive service with a form hosted on their site.

I recommend Authorize.net's WebLink DirectReponse API (as compared to their WebLink HTML Form Post method). I doubt that Authroize.net's service is as robust as VeriSign's, but they will be quite sufficient for most small to medium businesses. Authorize.net has two things going for it: (1) They are supported by more shopping cart programs than any other payment gateway. (2) They are the payment gateway selected by PlanetPayment (www.planetpayment.com) which caters to merchants outside the US who find it difficult to obtain a US merchant account. Therefore, Authorize.net is widely accessible to international merchants, though their physical connection points (data centers) are all in the Western United States.

International merchants should also look closely at WorldPay (www.worldpay.com), based in the UK. WorldPay's rates are quite competitive, and they offer a number of physical connection points (data centers) around the world so that real-time authorization can be accomplished quickly from most spots on the globe.

I have difficulty recommending LinkPoint, the service used by CardService International merchants. I often hear from disgruntled CardService International customers, and I never hear recommendations for CardService International except from their ISOs who work on commission. The exception to this is Bigstep (www.bigstep.com, $9.95/month), which uses the LinkPoint Payment Gateway included at no extra charge for clients who have signed up for the $24.95/month CardService International merchant account. That's a pretty cost-effective system for a US merchant so long as BigStep's shopping cart meets your needs (See my review of Bigstep, Web Commerce Today, #37, 8/15/00, www.wilsonweb.com/reviews/bigstep.htm).

For the smallest merchants who can't afford a merchant account, I recommend PayPal, CCNow, and ClickBank -- available for merchants in many countries -- until sales get large enough to justify the expenses of a merchant account / payment gateway solution.

The lowest cost merchant credit card account / payment gateway combination I've run across is ECHOnline Payment Gateway (www.echo-inc.com/payment_gateway.html) that comes bundled with a merchant account. However, I don't have user feedback on this company, and they can serve US businesses only.

You can find out a lot about how happy users are with their payment gateways by reading the user feedback comments region by region. Unfortunately, we have user feedback only for the more popular Gateways. Here are the regions and categories for a total of 90 payment gateways:

I trust that this research and my recommendations will help you select wisely a payment gateway for your online business.

Subscribe to our free e-mail newsletter -- Web Marketing Today®, published worldwide. Just to encourage you to take this step, I'm including three free e-books that you can download and read: The Web Marketing Checklist: 32 Ways to Promote Your Website, 12 Website Design Decisions Your Business Will Need to Make, and Making & Marketing E-Books, each worth $12 -- just for subscribing. No catch. First Last E-mail Country (2-letter abbreviation) Preferred Format Plain text HTML We respect your privacy and never sell or rent our subscriber lists. Subscribing will not result in more spam! I guarantee it!

Copyright © 1995-2008 by Ralph F. Wilson, all rights reserved. Content, graphics, and HTML code are protected by US and International Copyright Laws, and may not be copied, reprinted, published, translated, hosted, or otherwise distributed by any means without explicit permission. Trademarks and terms of use.