Payment Gateway Integration

Payment Gateway Integration


A payment gateway is an e-commerce application service provider service that authorizes credit card payments for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. It is the equivalent of a physical point of sale terminal located in most retail outlets. Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor.

A payment gateway facilitates the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the Front End Processor or acquiring bank.

Since the customer is usually required to enter personal details, the entire communication of 'Submit Order' page (i.e. customer - payment gateway) is often carried out through HTTPS protocol. To validate the request of the payment page result, signed request is often used - which is the result of the hash function in which the parameters of an application are confirmed by a secret word, known only to the merchant and payment gateway.

To validate the request of the payment page result, sometimes the IP of the requesting server has to be verified. There is a growing support by acquirers, issuers and subsequently by payment gateways for Virtual Payer Authentication (VPA), implemented as 3-D Secure protocol - branded as Verified by VISA, MasterCard SecureCode and J/Secure by JCB along with Card Verification Value, which adds additional layer of security for online payments.

3-D Secure promises to alleviate some of the problems facing online merchants, like the inherent distance between the seller and the buyer, and the inability of the first to easily confirm the identity of the second. Payment Gateway providers follow PCI DSS, the Payment Card Industry Data Security Standard, which ensure safety of the cardholder's data