Payment Gateways: What Merchants Need to Know

Payment Gateways: What Merchants Need to Know

Payment gateways enable merchants to accept credit card payments online and in their physical store, but finding a provider that’s both convenient and minimizes the risk of hackers accessing your customer’s sensitive banking information can feel overwhelming. 

With so many options, which payment gateway provider is the best fit for your retail business? 

In this article, we’re going to teach you how payment gateways work, payments gateway security standards and how to pick a payment gateway provider that offers merchants and consumers maximum convenience and minimal risk. 

Let’s get started! 

Get started with Lightspeed

Accept credit card payments in-store and online without third-party processors. Lightspeed is your end-to-end retail solution.

 

What is a payment gateway?

A payment gateway is a technology that a merchant uses to accept debit or credit card purchases from its customers. Payment gateways include the physical card-reading devices and payment terminals found in-store as well as the payment processing portals used for online transactions. Brick-and-mortar payment gateways have also started accepting payments through digital payment distribution services like Apple Pay, GooglePay and Samsung Pay thanks to near field communication (NFC) technology. 

Payment gateways vs. payment providers

A payment processor (like PayPal) facilitates a transaction, whereas a payment gateway (like Payflow) either approves or declines transactions between a merchant and their customers. 

 

How does a payment gateway work?

A payment gateway helps authorize and process transactions between retail merchants and their customers, online and in-store. 

Payment gateways encrypt sensitive information (like the credit card number) related to payment. It guarantees that the information is transferred securely between the customer and the merchant. Here’s a breakdown of how payment gateways work:

  • Step 1: A customer either places an order online or completes a transaction at a merchant’s physical store. 
  • Step 2: The payment gateway then securely transfers the transaction information to the acquiring bank (either the merchant bank or the acquirer). 
  • Step 3: The payment gateway determines which credit card provider (Visa, Mastercard, American Express, etc) issued the buyer’s card. 
  • Step 4: The payment gateway routes transaction information (credit card and banking information, the transaction amount, etc) to the correct payment switch. 
  • Step 5: The payment switch then sends the transaction request to the issuing bank and sends the transaction information to the credit card’s network. 
  • Step 6: The issuing bank runs the transaction through its fraud detection procedure to see whether or not the transaction is legitimate. They also confirm whether or not the buyer has enough available credit to make the purchase. 
  • Step 7: The issuing bank either approves or declines the transaction, and sends that information back through the credit card network to the merchant bank and payment gateway. 

Graph showing how payment gateways work for eCommerce and physical retail stores.

 

Payment gateway security standards

There are several security standards that payment gateways must adhere to, most notably around data encryption and PCI compliance.

Data encryption

Payment gateways encrypt data using a secure sockets layer (SSL) to protect the buyer’s sensitive banking information prior to sending the transaction through the credit card’s network. This encryption assures that the buyer’s credit card information is coded, making it difficult for malicious agents, fraudsters and hackers to access it while it’s transferred between different agents throughout the payment process. 

PCI compliance

PCI compliance is a set of security standards created by the Payment Card Industry Data Security Standard (PCI DSS) to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment to protect both the consumer and the merchant. 

In many cases, retail merchants build their payment processing systems using solutions from several different companies. They may use one company’s payment terminals, payment gateways from another and a point of sale system yet another. 

While each of those three solutions may individually be PCI compliant, that doesn’t guarantee that, when all three are used in tandem, the merchant is PCI compliant. That’s because PCI compliance also includes how merchants connect all of their payment processing systems together and how they manage their customers’ data. 

 

How to pick a payment gateway provider

When you use different providers for payment processing, payment gateways and ringing up sales, there’s more room for bad actors to take advantage of potential vulnerabilities.

Lightspeed helps retailers avoid this problem by providing retailers with a point of sale system, eCommerce platform and end-to-end payment processing, effectively eliminating the third-parties. We capture your customer’s payment information at the point of sale (no manual reconciling necessary) and work directly with credit card payment gateways to safely and securely deposit those payments into your bank account. 

Rather than need to do your due diligence to see whether or not your third-party payment provider and payment gateway integrates with your retail point of sale system and online store, Lightspeed’s PCI-compliant integrated payment processing does it all the heavy lifting for you. 

Additionally, traditional third-party payment processors require retail merchants to open up their own merchant account (a unique bank account that may come with a lot of paperwork and associated fees), but with Lightspeed, Lightspeed becomes the merchant of record. We take full responsibility for maintaining a merchant account so you don’t have to. What that means is that all card payments are sent first to our shared merchant account, then safely forwarded to your business bank account. 

If you’re already working with a third-party payment processor or gateway, Lightspeed has made configuring your payment processing with your retail point of sale a simple four-step process. Visit our support page dedicated to the topic for more details. 

 

Scale your business with integrated payments

Before you sign up with a third-party payment processing or gateway provider, do your homework. Find out if there are any hidden fees and make sure how their solution fits in with your retail point of sale system. For example, if you’re using an online payment gateway for your online store and a physical payment gateway for your physical store, you want both third-party systems to send transaction data to your point of sale system to simplify your bookkeeping. 

Whether you’re growing your retail business, opening a new location or just exploring credit card payments for the first time, you’ll benefit from having a crystal clear understanding of the different combinations of payment processors, merchant accounts, point of sale systems and payment gateway providers before you sign on the dotted line. 

You have questions; we have answers. Talk with our retail payments specialists today for a personalized consultation. 

The Retailer’s Ultimate Guide to Inventory Management

The Retailer’s Ultimate Guide to Inventory Management

What is a Card Not-Present Transaction?

What is a Card Not-Present Transaction?