Credit Card Processing Blog

We constantly receive inquiries for e-commerce credit card processing services from applicants who are not quite certain what exactly such a service is and how their websites need to be built in order to be able to process online payments. This post will cover the basics of setting up an e-commerce website and merchant account.

An e-commerce credit card processing service does for web-based merchants what a point-of-sale (POS) solution does for brick-and-mortar businesses. The process is the same, only the tools are different. While store-front merchants use a physical POS terminal to read the credit card’s information and send a transaction authorization request to the card issuer over a phone line, their web-based counterparts use a shopping cart to collect the customer’s order and payment information, which is then encrypted and sent to the card issuer for authorization through a payment gateway.

To be able to accept credit card payments on your website, you will need the following:

• An e-commerce website. What makes an e-commerce website different from a non-e-commerce website is its ability to collect customers’ orders and then process their payments in a secure manner. It connects the merchant’s web-based store with a processing bank and, through it, with Visa, MasterCard and the banks that issue their cards, as well as with the other credit card companies. Specifically, your website will need to incorporate the following components:
  • SSL certificate. Secure Socket Layers (SSL) are services that encrypt data communicated online to provide security against unauthorized use. The SSL is identified by the “s” in the “https” at the beginning of the URL of a SSL-protected web page and often colors the URL bar.
  • E-Commerce shopping cart. Shopping cart is software that collects and organizes online customers’ list of items for purchase. Once the customer is ready to check out, the shopping cart calculates the order total and presents the customer with a payment information form to complete the transaction. All pages that contain sensitive personal information must be SSL-protected! There is a number of shopping cart providers out there, some of which offer their carts for free. The carts can also be custom-built by website developers.
  • Payment gateway. Payment gateway is a service that connects a shopping cart with the merchant’s payment processor’s system and transmits the transaction information that customers have provided. The processor then sends the information on to the card issuer for approval and the approval response is sent back to the merchant via the payment gateway. It is the e-commerce equivalent of the physical POS terminal used by store-front merchants in face-to-face transactions.
• E-Commerce merchant account. Merchant account is the service that enables merchants to accept credit and debit cards for payment. It is provided by a processing bank that is a member of Visa and MasterCard, either directly or through a third party. It links all of the above mentioned components into an inter-related system. Once a payment transaction is processed, the processing bank credits the merchant’s designated bank account for the transaction amount, after it subtracts its processing cost, as it is agreed on in the Merchant Processing Agreement. The processing bank then sends a payment request to the card issuer, who credits the processor’s account, after it subtracts its own costs. The issuer then sends a monthly statement to its cardholder to complete the cycle.

There are many merchant account providers in the U.S. and you should always request proposals from at least several of them, before deciding on whom to sign up with. Make sure that you evaluate the whole proposals in their entirety and do not make your decision based on the single rate or fee that usually gets advertised on the providers’ websites.

Merchants are often unclear on what payment gateways do and why they need them. There is often confusion concerning the gateway’s functionality and how it differs from an e-commerce shopping cart. Just as often, merchants tend to equate payment gateways with merchant accounts. In this article we will try to clear the confusion and put the gateway in its proper place in the e-commerce credit card processing cycle.

What is a payment gateway? Payment gateway is a web-based service that integrates into an e-commerce website’s shopping cart and collects payment information provided by customers at the check-out. The gateway then encrypts the data and transmits it to the card issuing bank for authorization. The authorization response is then sent to the merchant and is displayed to the cardholder. In essence, the payment gateway serves for web-based merchants the same purpose that a point-of-sale (POS) terminal does for brick-and-mortar businesses. We have previously written in greater detail about the e-commerce authorization process and the gateway’s place in it and you can review the article here.

What does a payment gateway do? Just as their POS counterparts, payment gateways support the full range of processing services: authorization only, authorization and capture, refunds and voids. Every major gateway offers a virtual terminal option which enables merchants to enter in a browser the payment information as they are completing a transaction over the phone or have received a payment over the mail. Moreover, the virtual terminal allows you to create and save customer profiles within the gateway, which you can access later for a speedier payment processing. Additionally, you can use the virtual terminal to set up installment or recurring payment plans, as well as process deferred payments. All major payment gateways now support AVS and CVV2 / CVC 2 verification services.

How does a payment gateway interact with a shopping cart? Payment gateways and shopping carts enter the transaction cycle at different stages. Shopping carts enable customers to select items for purchase and calculate the total cost of the order, including shipping and handling charges and taxes, if applicable. Once that is done and the customer places the order, the customer is taken to the check-out where he or she is asked to provide the payment information, which is then collected and managed by the gateway as described above.

Payment gateway vs. merchant account. It is important to understand that payment gateways, just as POS terminals, are tools for handling payment information. Just as the POS terminal is a part of each retail merchant account, the payment gateway is an essential part of every e-commerce merchant account. Yet, the merchant account service goes beyond handling the information provided by the cardholder. It enables a merchant to accept credit and debit cards, as well as other payment methods, by connecting the merchant’s physical and / or virtual check-out tools with a processing bank that “acquires” the transactions and funds the merchant’s account the transaction amount, after subtracting the transaction’s processing costs. This whole process, from the capturing of the information at the point of sale (whether physical or virtual), to the settlement of the funds is what a merchant account service provides.

Here is a detailed description of the e-commerce transaction process:

1. The cardholder fills out a payment information form to pay for a purchase at an e-commerce website’s check-out.
2. The gateway collects the payment information and sends it, securely encrypted, to the processing bank for authorization.
3. The processing bank sends the request, through Visa’s or MasterCard’s payment networks, on to the card issuer. Be advised that Discover and American Express act as both card issuers and processors, so the authorization process is much simpler.
4. The card issuer approves or declines the transaction and sends its response, through Visa or MasterCard, to the processing bank.
5. The processing bank forwards the response, through the gateway, to the merchant who completes the transaction accordingly.
6. In the case of an approved transaction, the merchant deposits the receipt with its processing bank, requesting payment.
7. The processor then credits the merchant’s account and submits the transaction to Visa or MasterCard for a settlement.
8. Visa or MasterCard then pays the processing bank, while simultaneously debiting the card issuer’s account.
9. The card issuer then posts the transaction to the cardholder’s account and requests payment with a monthly statement.

It is always amusing and often instructive to look at the credit card processing industry through the eyes of an outsider. Inc.com’s Christine Lagorio is the latest one to give it a shot in a recent article. She directs her attention to the online payment processing segment of the industry.

The author begins with an advice on how to select a payment processing service provider and mentions several names. She then goes on to review the part payment gateways play in the process and here is where it gets confusing. The article doesn’t explain what a gateway does, while it seems to be suggesting that it is all you need to accept payments online. This is a common misconception and we’ve had to separate the facts from the fiction in many conversations with our clients.

Payment gateway is a service that connects an e-commerce website’s shopping cart with the merchant’s processing bank and transmits transaction information between them. Once a customer places an order, the gateway encrypts the information, routes it to the processing bank and then relays the authorization response (approved, declined, etc.) back to the customer. It serves, for e-commerce stores, the same purpose that a physical point of sale (POS) terminal does for brick-and-mortar businesses.

The payment gateway, however, is just a component (although a vital one) of each e-commerce merchant account, just as the POS terminal is a part of a retail merchant account. Both services facilitate the capture and transmission of transaction information from the merchant to its payment processor. The secure transmission of transaction data is the principal use of a payment gateway. Once the information is sent to the processing bank, the transaction has to be authorized, cleared and settled, in order to be completed. This whole process, from the capturing of information, to the settlement and funding is what a merchant account service provides.

Lagorio also provides pricing information for several major gateways and correctly notes that payment processors use gateways as portals. What she has not mentioned is that processors also typically offer much lower gateway set-up and per-transaction costs than the gateway provider. For example, while Authorize.Net would set up an account for $99 and would charge $0.10 per transaction, a processor may set up an Authorize.Net account for $50 (or less) and charge less than $0.10 per transaction.

The biggest gap in Lagorio’s review, however, is perhaps the failure to explain what gateway authorization fees are and how they differ from the other per-transaction fees that merchants are charged. The $0.10 per transaction fee mentioned above is a gateway authorization fee. Authorization fees are charged solely for the use of a gateway or a POS terminal. For each bank card transaction, you will be charged an additional fixed fee, which is totally separate from the authorization fee. In her report Lagorio cites several examples, ranging from $0.21 – $0.25. It is important to add that you would be paying these fees, regardless of whether your provider is Authorize.Net, First Data or UniBul Merchant Services. These additional per-transaction fees are a component of the “discount fee” that processors charge for processing the merchant’s transactions. The other component of the discount fee is represented as a percentage of the transaction amount. So a typical e-commerce discount rate would be 2.19% + $0.25 per transaction. Discount fees are divided among three participants: the processing bank, the card issuing bank and the card association (Visa or MasterCard). The lion’s share of the discount fees, estimated at about 75% of the total processing fees U.S. merchants paid in 2008, is called interchange fee. It is published bi-annually by Visa and MasterCard and is collected by the card issuer. The association gets a fraction of one percent (about 0.1%), and the rest is collected by the processor.

Payment gateway is a web-based service that transmits transaction information between an e-commerce website and the merchant’s processing bank. It is the e-commerce equivalent of the physical point-of-sale (POS) terminal used by brick-and-mortar merchants in card-present transactions. To protect sensitive account information, the data that the gateway collects from the website is SSL-encrypted before transmittal.

The payment gateway integrates with the website’s shopping cart and activates once a customer places an order. The card-not-present transaction process goes through the following stages:

• A customer places an order on an e-commerce website and provides his or her card information for payment.
• The payment information is SSL-encrypted and sent to the merchant’s hosting server.
• The payment gateway then gathers the submitted data and, after another SSL encryption, transmits it to the processing bank’s server.
• The processing bank then sends the payment details to Visa or MasterCard.
• If the cardholder used a Discover or an American Express card, the processing bank serves as an acquiring bank and makes a decision on whether or not to authorize the transaction; then forwards the response to the merchant.
• Visa or MasterCard forward the transaction to the card issuer.
• The card issuer either authorizes or declines the transaction and sends a response (approval or decline) back to the processing bank. The responses for declined transactions provide details for the reason the transaction did not get approved.
• The processing bank then sends the response to the payment gateway.
• The payment gateway sends the response on to the merchant’s website and it is presented to the cardholder.
• The whole process, from submitting the payment information to receiving the response, takes seconds.
• At the end of the business day, all authorized transactions (also called a “batch”) are submitted to the processing bank for settlement.
• The processing bank then deposits the total transaction amount, minus the interchange fees and processing costs, into the designated merchant’s bank account.
• The entire process, from authorization to settlement, takes approximately 2-3 business days.

Processing banks typically provide payment gateways as part of their processing services. They charge a monthly fee for the service ($10 – $25) and may charge a fee for the set up as well. Every major gateway supports the latest fraud prevention solutions, including the Address Verification (AVS) and card security code (CVC 2, CVV2, and CID) validation services.

Payment gateways provide merchants with other ways to process card-not-present payments too. The gateway’s virtual terminal offers merchants the processing capabilities of a POS terminal through an internet browser. It is typically used by direct marketing (mail order and telephone order) merchants to process payments they receive over the phone or in the mail. The customer’s payment information is entered into a web interface and the payment gateway then handles it in the way described above.

Many virtual terminals offer managed billing and customer profile management services. The latter is used to store customers’ payment information on the server hosted by the payment gateway to give merchants a convenient access to it for completing transactions faster. The managed billing solution enables merchants to use the stored customer profiles for setting up recurring and installment billing plans and to process deferred payments automatically.