A commonly asked question when we’re helping businesses to understand the secure payment solutions available from Gala Technology, is what is the difference between a payment gateway and a payment processor? It is a valid question, and one that we’ll help to clarify in this article.
Whilst it may appear to the untrained eye that it is very simple to make a payment, either by telephone, online, or in person at a chip & pin card reader. Entering the card details into an online checkout, or tapping the card against the contactless sensor, and receiving goods or services in exchange for the money that changes hands.
However, what occurs when a transaction takes place relies on several different parties, processes and systems to run smoothly and securely.
The tool that performs those checks with the cardholder’s bank is known as the Payment Gateway, and the tool which enables the actual process of acquiring the funds is known as the Payment Processor.
Simply put, a Payment Processor is exactly that. It is the tool which communicates between the business’s terminal or payment gateway, the card issuing bank and the merchant’s acquiring bank, to process the transaction. For example, when a customer makes a payment in person by tapping their Contactless card against the card reader, or enters their chip & pin number, this is the authentication required to confirm the security of the transaction. The terminal will communicate with card issuing bank to confirm that the card is valid and that there are funds available to cover the value of the payment. Once the payment has been approved, the Payment Processor will facilitate transfer of funds from their bank into the business’s Merchant Account.
An online, or a card-not-present telephone purchase cannot be instantly verified in the same way that a customer personally entering their pin number into a card reader can when they make an in-person purchase in a shop, so it requires additional checks to bring it into the same level of security.
A Payment Gateway will act as a security guard for the transaction, ensuring all aspects are above board. A good gateway will not only check that the card is valid and that there a funds available, they should also provide additional security, such as implementing an authentication process such as Verified by Visa, 3D Secure, or Strong Customer Authentication (SCA) which will request additional verification such as Biometric data or One-Time Passcodes (OTP). It is important to note that not all payments will require additional security measures, for example if the payment is in keeping with the cardholder’s purchase patterns, the card issuer may choose not to challenge the payment
There are numerous benefits to protecting your customers’ card data, and arguably even more penalties if you don’t. Card data and personal information are hugely sensitive subjects, and there are several obligations of a business that takes card payments, most notably in the form of the PCI-SSC (Payment Card Industry Security Standard Council) which enforces an industry wide obligation known as PCI-DSS (Payment Card Industry Data Security Standard) and the ICO (Information Commissioner’s Office) which enforces GDPR.
Both of these organisations take the security of individuals and their card data extremely seriously, and the penalties for breaching either of their regulations can be crippling, especially for small businesses.
Beyond the threat of financial penalties, there are of course benefits for businesses that take their customers’ data seriously.
Gala Technology is the trusted payment processing solutions specialist for merchants of all shapes and sizes, across multiple sectors. We are the innovative team behind the multi-award-winning payment processing technology SOTpay. We support merchants in actively reducing transaction fees, reducing fraud-related losses and protecting customer card data when accepting card-not-present payments through several channels.
For businesses who accept online payments, SOTpay+ from Gala Technology is a PCI-DSS Level 1 secure payment gateway, which enables businesses to authenticate all card-not-present transactions, as well process them. With built-in security options, including AVS, CV2 Checks, 3D Secure and Velocity Checking, it takes care of all aspects of your payment security, leaving you to focus on growing your business.