Online Authorization

Secure Internet Portal for Card Processing

A payment gateway is kind of like a magic portal into the world of credit card processing. The most common users of gateways are ecommerce enabled websites, which use them to authorize credit cards when a customer has entered information into a secure shopping cart. Many other businesses use them to get authorizations through virtual terminals or credit card processing software. Part of the appeal of the gateway itself is that it functions as a kind of plug-in that connects your application (software, website, POS system) to the world of credit card processing. If everything works right, you don't even know it is there.

Encryption and Security

Payment GatewayWhen a website shopping cart is used, the gateway is accessible via a secured https: connection. Credit card numbers get encrypted before leaving the user's computer. Other systems that may use gateways are automated phone payment systems (IVRs) and and virtual terminal software, which replicates the functions of a credit card machine without the hardware.

Gateway Card Authorization Process

The number of steps in authorization of credit cards through a payment gateway is one reason that many websites caution the user to be patient and not click the "back" button. As soon as information is entered and the user clicks the "submit" button, the data gets sent on a wild ride that makes Mr. Toad's journeys look dull. Credit card data is encrypted by the web browser through Secure Socket Layer encryption. Data may go to the merchant (the online store) or straight to the gateway's processing system, which adds a layer of security and reduces compliance requirements on the store's behalf. If the merchant gets the data, it gets sent through another gateway to the payment processor that is used by an acquiring bank, which is kind of like the bagman. Then the data goes to the holder of the card brand (Visa, MasterCard, etc.) to check the card's validity, and then the transaction goes to the bank that issued the card to make sure there are funds and no issues that would call for the card to be declined. A hold may be placed on the authorization amount to ensure the buyer does not get overextended. At this point, an authorization (or decline) message goes back to the seller and gets reflected as a successful sale or a declined authorization. It is all kind of like the movie Inception but with your money.

Some of the fraud prevention tools found in gateways are seamless to merchants and end-users, but critical to prevent theft. For example, IP and geolocation tools determine where the transaction originated. Sudden use of a card thousands of miles from the last known transaction may create red flags. Address verification (AVS) and comparison against blacklists may also prevent the merchant from experiencing a fraudulent transaction.