In this age when online payment is the norm, we are surrounded by new terminology thatspo might be confusing like payment gateway, payment processor, and payment facilitator, among others. Worse, these terms are often used interchangeably with each other, and at a glance, they seem to mean the same.
Here, we will discuss how online payment processing works. As eCommerce or online shoppers, probably for us, a purchase is just a single click of a button, but payment processing is actually much more complicated than that.
What Is Payment Processing?
First, we have to differentiate between payment processing and payment processor.
Payment processing, or to be exact, online payment processing, is how we process any exchange of money online over the internet. This involves processing data from a payment method agreed upon by the buyer and the seller (debit/credit card, e-wallet, etc.) and facilitating a direct database connection between the seller (or the website) and the buyer.
A payment processor—a payment processing software or system— is a software or program that acts as a mediator between the merchant/seller and the bank/e-wallet involved in the transaction. The payment processor will validate and authorize the payment for the following factors:
- Whether there’s any limit on the account
- Whether the card/account is still valid
- If the buyer has sufficient fund
After the account is properly validated, the payment processor will then transfer the amount to the seller. Payment processors are usually third-party vendors (not the seller itself) to allow transparency and security for the buyer, and charge merchants certain fees whether monthly, on every transaction, or other models.
Also important to note is that a payment processor is not the same as a payment gateway, which we will discuss below.
How does Payment Processing Work?
A very important thing to note is that payment processing is usually separated (independent) from the eCommerce store/website. It is a separate system that only gets activated when a buyer is ready to make a payment.
For example, if you are using popular eCommerce platforms like Shopify to run the website, then Shopify will handle the core functionalities like displaying your products and letting customers place orders. When the customer is ready to pay, then Shopify will send all the important information to the payment processor to execute the transaction.
This is mainly done for two reasons:
- It is more secure for both the merchant and the buyer. The merchant wouldn’t need to worry about the validation of the buyer’s data and the buyer wouldn’t need to worry about the merchant running away with their money. In the eyes of the customers, it’s more secure to enter your credit card information via Paypal or Stripe rather than directly to the website you do not yet trust.
- The second reason is that rules and regulations related to online payment tend to change regularly in many countries. Thus, it can be hard for the merchant to keep up with all these changes. The payment processing software/platform can do the job for you.
With this model, the merchant or eCommerce website owner can focus on generating revenue, while the payment processing system can make sure all the payments are processed correctly.
In this payment processing, there are three key elements involved: payment gateway, payment processor, and the merchant account, each with its own task:
- The payment gateway is responsible for sending the transaction request to the payment processor (including Visa’s and Mastercard’s processor). Think of a payment gateway as a middleman/gatekeeper between the eCommerce store and the payment processor.
- The payment processor, as discussed above, processes and validates the payment. The payment processor will take the information passed by the payment gateway (which is provided by the buyer into the shopping cart) and validate the information. If the account/card is active and there are available funds for the purchase, the payment processor will then transfer the funds to the merchant account.
- The merchant account is where the paid funds get deposited when the processing is successful. All merchants are required to set up a merchant account if they want to accept online payment.
Typical Flowchart of an Online Transaction
While online payment processes can vary depending on the merchant, the typical process is like this:
- The buyer clicks “buy now”, and the website then passes the buyer’s information to the payment gateway. The payment gateway will then collect and validate the transaction and pass it to the merchant’s payment processor.
- The payment processor connects itself to the customer’s issuing bank (assuming the buyer is using a credit card) via VISA/Mastercard (card association) network. The card association network will then inform the payment processor about the customer’s issuing bank.
- The payment processor will then connect itself to the issuing bank to validates three things:
- Whether the card is valid and indeed issued by the bank
- Has the funds available for the purchase
- If the transaction passes the AVS (Address Verification System) and CVV (Card Verification Value) if it is a credit card payment
- The buyer’s issuing bank will then tell the payment processor if the card information was valid.
- If the card is indeed valid with enough funds available, the payment processor will then:
- Put an authorization to hold the fund. This is done when the merchant opts to take more time reviewing the order. For example, to ensure orders are legitimate to avoid chargebacks. In such cases, the buyer will see that the charge is “pending” on their credit card.
- The payment processor will then connect itself to the issuing bank to validates three things:
- Capture the funds immediately after the authorization/validation check, especially in the case where a merchant delivers. This is common in digital products where the product can be downloaded immediately or if the merchant allows same-day/instant delivery.
These processes albeit seemingly long, typically only happen in just a few seconds.
The Importance of Payment Processing Strategy
As we can see, there are many different elements and steps in a typical payment processing, and each step/element would translate into a potential issue. There are various potential fraud schemes in online payment, and here are the common ones that might affect your business:
- Identity theft: the most common kind of online payment fraud where the criminal either uses a false/stolen credit card information to purchase something from your site or attempts to steal your customers’ credentials from your database.
- Refund/chargeback fraud: the fraudster will cancel the payment and then collect the refund from the victim’s account. Your business will then be hit with chargeback fees. This is commonly done when the fraudster has a stolen credit card (number) and can’t directly withdraw from the card without first making a transaction.
- Credit card tumbling: the fraudster randomly generates credit card numbers and input it on transaction forms, like a brute force attack. The fraudster might attempt hundreds or even thousands of small transactions and even when one of them is successful, it can mean a loss for your business.
This is where a payment processing strategy is important to minimize the occurrence of these fraud schemes. Even choosing the right payment gateway and processor can significantly help. A payment processing consulting agency like RPY can help in planning your payment processing strategy.
On the other hand, different business models might work better with a certain payment processing system or payment gateway to maximize revenue and/or conversion rate. For example, a B2B business might be okay with a slightly longer but more secure payment process, where the client typically also wouldn’t mind. A B2C eCommerce, however, might go better with a faster and seamless payment model.
In planning your payment processing strategy, here are some key areas to consider:
Implementing Basic Strategies To Prevent Frauds
Here are some common fraud prevention methods you should look for in your payment processing solution:
- Multi-factor authentication: asking another information from the customer to verify their identity. For example by responding to an email or SMS tied to the credit card number. Can be effective in preventing identity theft.
- CVV: for credit card payment, the basic principle is to require buyers to input the three-digit CVV at the back of their card.
- IP address verification: cross-referencing the IP address of the customers (and geolocation address)
- EMV chip: only viable for physical/on-site payment, but is a very secure method to prevent hacking and identity theft
- Minimum transaction limits: especially effective against credit card tumbling
Choosing The Right Payment Processing System
First, there are two main styles of payment processing systems:
- Payment aggregator/facilitator: an aggregator or facilitator is a large business that handles many different merchants/companies and processes transactions through an app or interface. PayPal, Stripe, Square, etc. are aggregators. We call the company an aggregator if it provides merchants with their own MID (Merchant Identification) under a master account, while a facilitator signs up merchants directly under its own MID.
- Payment processor: a dedicated payment processor that is configured to the needs of the individual clients. A dedicated, custom-tailored payment will allow merchants more versatility in processing transactions according to your needs.
Both types offer their own benefits and disadvantages, and typically a custom payment processor will require a larger investment. In most cases, a payment facilitator will suffice, but you should consider your needs and budget.
In general, your chosen payment processor should be:
- Versatile: although it might not be fully customizable especially when you are using a payment facilitator/aggregator, it should provide enough versatility in how you process payments and engage with customers.
- Intuitive: should be easy enough to use both by your customers and your staff members managing the system. Should require minimal training.
- Flexible: should provide the technology to allow customers to execute transactions wherever they are, both online and offline.
- Integration: how the payment processing system integrates with your other software and solutions.
Choose Processor That Accepts As Many Payment Methods
In the past, we can only use credit cards and probably PayPal to make online payments, but nowadays we have far more options including using cryptocurrencies, so the way that businesses accept payments has also evolved significantly.
So, it’s important to choose a payment processing partner that supports payment methods that are preferred by your target customers. Here are the common payment methods you should cover:
- Credit/debit card: pretty obvious, you should cover this as your basic payment method for both online and offline/on-site transaction
- EMV chips: Europay, Mastercard, Visa cards now use chips and require EMV chip reader technology to function.
- Cryptocurrency: depending on your business model/product you sell, including cryptocurrency as your payment method might be preferred
- Contactless: using NFC on smartphones or payment cards to eliminate the need to swipe cards
- Split checks: offering customers to split checks among customers, common in the hospitality industry
When a customer places an order on the eCommerce website, the payment gateway will gather and store the transaction data, which is then forwarded to a payment processing system, which will validate the transaction before forwarding it to the financial institution (and credit card association). When validated, the payment processor will then forward the fund to the merchant’s account.
Albeit seemingly simple and should only last a few seconds, there are many potential issues that might be tied with the payment process, and so having a payment processing strategy is very important.