Payment Gateway 101: The Key To Secure Ecommerce Transactions

Payment gateways online have never been so convenient.

They’ve also never been such an important target for hackers and scammers.

Companies relying on online payment processors may get hit the hardest.

A 2018 Thales Data Security Report revealed that 75% of U.S. retailers have suffered at least one cybersecurity failure with their online stores.

In fact, Shape Security reported in 2018 that some 90% of total login attempts to online retailers’ websites were illegitimate hacking attempts.

That’s the highest percentage for any sector.

That’s why it’s important to understand that the quality of your ecommerce payment gateways helps you fend off these attacks in real-time, providing a buffer of encryption between buyer and seller.

High-quality payment gateways also help you reduce load time.

Additionally, abandonment surveys report that some of the top reasons for abandoning a shopping cart can be addressed in the quality of your gateway:

With all this in mind, maybe you’re wondering: how do you select a payment gateway that will maximize convenience, minimize risk, and ensure the security of your customers’ information?

Follow up question: what’s important to know about payment gateways so that you can ensure the best and most secure payments for your customers?

Let’s get into those answers and more.

What is A Payment Gateway?

A payment gateway as a merchant service that processes credit card payments for ecommerce sites and traditional brick and mortar stores. Popular payment gateways include PayPal/Braintree, Stripe, and Square.

Think of the gateway as the metaphorical cash register in an electronic transaction.

Like any cash register, it needs to be both secure and convenient to use.

Most payment gateways accomplish that in a few seconds with these steps:

The payment gateway also serves a few other functions including screening orders, calculating tax costs, and using geolocation for location-specific actions.

Payment Gateways vs. Payment Processors: What’s the Difference?

You may hear payment “gateways” and “processors” used interchangeably.

But there are some important distinctions:

A payment processor analyzes and transmits transaction data. That includes transmitting relevant information to an issuing bank, such as the credit card or debit card number that links to a bank account.

This is distinct from the payment gateway, which does the work listed above but also authorizes the transfer of funds between buyer and seller.

The difference can seem subtle at first but think of the gateway as the overall system at the point of purchase: the metaphorical cash register.

The processor is the step in the process that “swipes” the card and runs the information by the issuing bank.

Like a payment gateway, a processor can include both a digital and hardware component — or it can handle the processing solely through software.

3 Types of Payment Gateways

There are generally three types of payment gateways:

1. Redirects

Redirects might include an option for a PayPal payment, for example.

When the gateway takes a customer to a PayPal payment page to handle the complete transaction (i.e. processing and paying) it becomes a “Redirect.”

This has the advantage of simplicity for the retailer. A small business can use a Redirect gateway to incorporate the convenience and security of a major platform like PayPal, but the process also means less control for the merchant — and a second step for customers.

2. Checkout on site, payment off-site.

Consider Stripe’s payment gateway: the front-end checkout will occur on your site, but the payment processing happens through Stripe’s back end.

“Always use established payment gateways such as PayPal and Stripe, and ensure that customer’s credit card data is collected directly on the third party site so that your own site is never handling sensitive payment information. Use SSL on your own site so that the connection between your site and the payment gateways is encrypted at all times.” — Katie Keith, Co-Founder, Barn2

Like redirected payment gateways, there are some advantages to handling your payments this way, including simplicity.

But as is the case above, you won’t be able to control the user’s entire experience through the payment gateway.

You’ll be at the mercy of the quality of the offsite gateway and its quirks.

3. On-site payments.

Large-scale businesses tend to use on-site payments completely handled on their own servers. The checkout and payment processing on behalf of the customer all work through your system.

Now the advantages are flipped: you’ll have more control, but also more responsibility.

If you handle payments on-site, every variable counts.

Because retail has a cart abandonment rate of about 75%, any improvement you can make to the shopping experience can create dramatic changes in your bottom line.

This is especially true for any retailer working with a high volume of sales. When you handle your payments on-site, it’s essential that you understand your options as well as your responsibilities.

Examples of Top Payment Gateways

If you’re curious about some of the more common payment gateway service providers to consider, here are seven of the most frequently used options.

PayPal.

PayPal is popular as a redirect payment gateway because so many customers trust it — and there are multiple options to consider around it.

PayPal’s Payflow gateway includes two options: a $0/month checkout payment gateway hosted by PayPal, or a $25/month option with more checkout customization features.

With both services, PayPal adds fraud protection security without an additional charge.

This gives you additional assurance that your payment gateway is safe — or at least capable of handling threats as they arise.

PayPal’s processing fees are currently 2.9% with an additional $0.30 per transaction.

Square.

Square is a credit card processor and payment gateway provider famous for physical credit card swipers that attach to your phone.

Square is popular enough that it posted nearly $23 billion in gross payment volume in the fourth quarter of 2018.

Square’s solutions tend to be for small businesses that need a method of credit card processing, particularly for in-person transactions. They also charge a premium for transactions you enter manually:

are currently 2.75% for swiped transactions and 3.5% + $0.15 per manually-entered transactions.

Stripe.

Stripe is a popular payment gateway provider with a broad focus on mobile ecommerce, SaaS, non-profits, and platform-based payments.

Stripe is also capable of handling companies with a large volume of transactions.

Lyft, for example, uses Stripe to power its mobile fleet of over 700,000 drivers.

are currently 2.9% and $0.30 per transaction.

Apple Pay.

Apple’s payment gateway solution is aimed at a mobile payment structure, enabling merchants to handle payments with customers using Face ID and Touch ID.

Much of its focus is on consumers who want to maintain an electronic “wallet” to handle their payments.

As with PayPal, many other of the payment gateways on this list allow retailers to accept Apple Pay payments.

With these services, retailers can accept payments from some 383 million iPhones worldwide, with an estimated 43% of all iPhone users utilizing Apple Pay.

Apple Pay’s processing fees default at 3% with .

Amazon Pay.

We’ve detailed companies that struck it big with using Amazon payments. Amazon’s 300+ million customer accounts worldwide make it very attractive as a payment gateway option.

Amazon Pay comes with a number of plugins, including some for use with BigCommerce.

2.9% on domestic transactions with an additional $0.30 per transaction. International fees escalate to 3.9%.

Authorize.net.

Authorize.net makes it possible to accept payments through a wide variety of processors, which in turn gives retailers the ability to accept PayPal payments, Apple Pay, and most major credit cards.

Authorize.net 2.9% on transactions with an additional $0.30 per transaction for their “all-in-one” payment provider option.

Adyen.

Adyen is built for both point-of-sale and online purchases, accepting a broad range of payments from major credit cards and providers like Apple Pay.

Adyen has proven its ability to handle large volumes of transactions with partnerships with brands like Uber, LinkedIn, and Microsoft.

Adyen’s vary widely depending on the specific type of payment method.

Want more insights like this?

We’re on a mission to provide businesses like yours marketing and sales tips, tricks and industry leading knowledge to build the next house-hold name brand. Don’t miss a post. Sign up for our weekly newsletter.

Limitations of Payment Gateways

You may have noticed in browsing the top payment gateways above that they’re not all created equal.

Choosing a payment gateway means you’ll have to understand and accept some limitations — many of which are inherent to the payment gateway infrastructure.

Let’s look at a few of the main limitations to payment gateways in more detail.

1. Gateways rarely accept all types of cards/payments.

Although many payment gateway providers like to advertise the universality of their gateways, they won’t highlight when they can’t accept payments from specific card issuers and processing portals.

For example, Adyen points out what payment types it’s capable of accepting across specific regions like North America and Europe, but doesn’t talk much about what’s not accepted (and where.)

Before you select a payment gateway, make sure that you understand what your customers need to use, where the limitations lie, and what’s excluded.

For example, PayPal has an annual payment volume of over half a trillion dollars. If you can’t accept PayPal payments, there’s something wrong with your choice of gateways.

2. International shoppers may not have a payment option.

Consider that in China, Alipay is much more popular than payment options that might be familiar to customers in the US.

Merchants looking to capture a broad international audience need to make sure their payment gateway can handle it.

International shoppers may also run into higher prices.

Although some payment gateway providers charge static fees for domestic and international commerce, keep in mind that a service like Amazon Pay charges more for “cross-border” transactions.

Consider tools like Webinterpret that can plug into your ecommerce platform and provide a fully localized international checkout process enabling you to accept payment in 25 currencies.

3. Security flaws (limited).

More than one third of consumers hesitate to place an order online due to security concerns.

Although a high-quality payment gateway should be secure, there are some security vulnerabilities you’ll have to keep in mind:

Why You Should Consider Stacking Payment Gateways

You can reduce or even eliminate some of these weaknesses through stacking payment gateways.

The process boils down to employing multiple gateways on your ecommerce platform to maximize how many options your customers have for purchase. This practice has multiple benefits:

1. Making it easier for your customer.

Let customers choose what they want when they want it.

Using a payment gateway that allows Visa and MasterCard will cover many of your bases.

But what about customers with alternative cards like American Express? Or customers who want to make specific payments from separate accounts?

More options for credit card transactions will translate to more convenience for the customer and less friction at checkout.

2. Give everyone a second option.

It’s easier to get by without a credit card than you might think.

Although 76.9% of Americans have a credit card, this doesn’t preclude broad markets of customers without them.

Customers using PayPal, Venmo, or Apple Pay can make online purchases just as well.

As an Ecommerce retailer, your job is to accommodate these options so customers can make secure purchases any way they like.

Considerations for Choosing a Secure Payment Gateway

Once you know what to expect from a payment gateway, it helps to narrow the focus to how to select your payment gateway of choice.

You won’t have any problems finding a mainstream payment gateway that makes your shopping carts convenient, so let’s focus on security.

According to Experian, 27% of customers report abandoning a cart simply due to a lack of visible security.

To ensure that you’re working with a secure payment gateway, ask the following questions:

1. What payments do your customers use?

It’s one of the fundamental questions you need to ask: what are your customers already using to handle their payments?

If you stack your payment gateways and facilitate a payment type they can use, you’ll run into fewer problems and run fewer security risks.

2. What is the fee from the payment gateway?

The costs of ecommerce fraud can add to your bottom line.

That means that if a payment gateway’s lower costs are outweighed by the money you spend on additional security concerns and fraud detection, it might not be worth that investment.

Consider the fee of your payment gateway and how it relates to your security costs. Our list above quoted the prices of seven of the major payment gateway providers.

3. How secure is their encryption?

To be sure, you’ll want to work with PCI compliant companies.

The Payment Card Industry Data Security Standard (PCI DSS) is a system of standards put in place to uphold security provisions for the electronic world.

Before you pull the trigger on any one gateway, double-check that they maintain PCI compliance. These are standards put in place to protect customer data and payment information.

For example, if you were weighing using PayPal as your payment gateway of choice, you would discover that their solution is PCI compliant, which should give you confidence in the sophistication of their encrypting process.

4. What is their reputation?

If over a quarter of customers want to see visible security marks at the point of checkout, you’ll have to use a payment gateway that they trust.

Consider that a Verisign seal once helped BlueFountainMedia increase its form fills by more than 40%.

If you want to prevent customers from abandoning their carts, avoid sketchy payment gateways.

Instead, focus on large payment gateway providers with established reputations, such as Amazon Pay, PayPal, and Apple Pay.

This brand recognition works in your favor by highlighting your security and encouraging a customer to continue shopping.

Opening Your Payment Gateway for Business

Once you understand the importance of a payment gateway and its impact on your sales and security, it’s time to take the next steps:

“Invest in tools/partners that don’t store credit card information inside of your business, let alone even pass that data through your platform. Choose a gateway that provides a front and back-end API that sends card data directly to them and shares only secure token data back.” — Adam Grohs, Co-Founder/CEO, Particular.

With a better knowledge of price, function, and gateway security, your business will be in the position to choose the right option for your business needs and add a new level of security (and peace of mind) that customers need when making a purchase online.

Want more insights like this?

We’re on a mission to provide businesses like yours marketing and sales tips, tricks and industry leading knowledge to build the next house-hold name brand. Don’t miss a post. Sign up for our weekly newsletter.