Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between the merchant and the payment processor. Payment gateways can be either licensed software installed on the POS terminal or ecommerce server, or hosted software which is accessed remotely during a transaction. There is a strong trend towards hosted payment gateways, as hosted gateways allow transaction data to be sent directly from the customer’s browser to the gateway, bypassing the merchant’s systems. This reduces the merchant’s PCI-DSS compliance obligations without redirecting the customer away from the website. Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor.
There are two types of payment gateways:
- Processor Specific Gateways – These are gateways embedded in the service offering of the payment processor. Typically, the cost to use an embedded gateway is included in the monthly fees of the processor. Processor specific gateways are always proprietary – and can only be used with the specific processor. So, you cannot change processors without losing all the settings, accounts and data entered over time into the proprietary gateway.
- Processor Neutral Gateways – Processor neutral gateways offered independently of a payment processing services. These neutral gateways are specifically designed to provide merchants the ability to use a variety of payment processors and easily switch between processors. As neutral gateways offer the ability to connect with dozens and dozens of processors – a merchant will not be restricted from using their preferred processor because their ecommerce platform or point of sale software does not supports a specific processor. Further, because the neutral gateway is independent of the payment processing services, merchants are able to switch processors without losing all their settings, accounts and data entered over time into the payment gateway.
Can I use my existing hardware?
Whether or not you can continue to use your existing payment processing hardware will depend on the gateway’s encryption requirements. Most gateway providers will require the magnetic stripe reader and or pin pad have the encryption supported by the processor. So, you may need to re-encrypt your pin pad or magnetic stripe reader if you are switching processors. If you process debit transactions via a pin pad, it will also likely need to be re-encrypted for the new processor.