We all keep hearing of terms like ‘encrypted data,’ ‘payment gateway,’ ‘data security’ – but what do they mean and does an end user need to know all these terms or terminologies? We all need to know some details about the terms mentioned above because we all use internet enabled payment facilities at some point or other. They can certainly be ignored by someone who is yet to be introduced to online payments and other internet related functionalities.
A payment gateway is a mediator between banks and the e-commerce site facilitating communication both ways related to the transaction. This intermediary works in the following ways:-
- The first step that follows after filling in payment details by the customer is the encryption of the data. This means that the data or details provided by the customer are translated into secret codes that can only be decrypted by using a password. Thereby compared to the plain text, the encrypted data, also called ciphertext is more secure which is why there is so much noise about data security. This data is then forwarded to the payment processor.
- The payment processor forwards this same data to the customer’s bank or the credit card company. At this point, these entities study the transaction vis-à-vis the balance that the customer has in his account and come back to the payment processor with a decline or approval.
- The processor then reconnects back with the payment gateway which in turn informs the merchant website to proceed with the transaction and process the payment or reject the transaction.
Thanks to technology, all this above process happens in a matter of a few seconds or minutes. Two very important parts of this process are:-
- A merchant agreement which is an agreement between the merchant or the owner of the online store and the payment service provider. It covers all topics related to the processing of online transactions with clarity on the responsibilities of both the parties.
- Secure Electronic Transaction (SET) that enables the e-commerce site to transfer customer data to the bank or Credit Card Company without actually viewing the card details.
Additionally, payment gateways service providers provide add-on facilities like
- Translating different currencies for transactions that happen across international borders. It works beyond the barriers of language and centers around working with different types of payment methods.
Online payments need all elements of security working in coordination with each other. Payment gateways need to be compliant with a set of standards and regulations that have been set by banks and card associations to be able to accept credit or debit card mode of payments. These standards are called Payment Card Industry Data Security Standard (PCI-DSS). Online e-stores that are used by costumers to buy products online should follow the HTTPS protocol.
There are two types of payment gateways –
- Hosted gateway – the user has directed away from the merchant website onto a hosted page
- Integrated gateway – user enters his card on the merchant site only.