The Definitive Guide to Payment GatewaysJuly 21, 2014, Mia Steinberg
Here at Checkfront, we are pleased to work with some fantastic payment gateways to create a simple, streamlined experience for users and their customers. But we also get a lot of questions about payment gateways; what they are, why they’re useful, and what’s necessary to know when you’re comparing two providers. That’s why we’ve written this comprehensive guide; it’s meant to cover a lot of the information you’ll be bombarded with when you’re shopping around, and give you the tools and knowledge to make smart decisions about a major factor of your business. We encourage you to read through the whole thing; but if you want the shorthand version, start with these questions:
Want the full scoop?
This ten minute read can save your business a lot of money and headaches:
- 10 Cash-Saving Questions to Ask Your Payment Provider
- Why is it a Good Idea?
- Features to Look For
- Demystifying Merchant Accounts
- Re-Billing: What to Look For and Why
- Other Questions to Consider
Running an online business has never been easier; no matter what you’re selling or where you are, you can connect to the global marketplace with just a WordPress site and a few key plugins. But while the resources have been streamlined, you still need to pick the right ones that will work for your business and further your success. You need to pick a website provider that will allow you to add inventory with ease; you need to have a customer-friendly, clean design. And you need a payment gateway to process your transactions. But what is a payment gateway exactly, and which one should you choose to help run your online business?
When you go to a physical store and use your credit or debit card, the clerk will usually swipe it through a point of sale (POS) terminal. These automated machines facilitate the transaction, ensure the funds are available, and transfer them to the merchant—but keep your data private. In simplest terms, a payment gateway is the online equivalent of POS machines; it provides a way for retailers to take customer payment information securely, ensuring that the data is passed from the buyer to the merchant and the bank without getting compromised.
Why is it a Good Idea?
Running an online business means that you don’t deal with physical cash in the same way that a brick-and-mortar store does; if you sell products online but are only able to take payments in a physical form (such as checks), then your cash flow is going to be very inconsistent and occasionally may run you into trouble. If a customer makes online reservations for your accommodation or tour online, you could end up waiting weeks or more for their payment—and if they fail to show up, then you’re eating that cost. If you run a service which charges customers on a recurring basis, you need their information every time you take a payment. With online payment options, you’ll get your cash flow at the same rate as your sales—a much better situation for your bank account! For businesses which operate based on bookings and scheduled events—like those who might use Checkfront—this aspect is absolutely vital.
Taking credit card payments online is all well and good, but why use a payment gateway, specifically?
Some people dismiss payment gateways as being too much of a hassle, but here’s the thing: if you try to do it yourself, you’re taking on the responsibility of collecting, storing, and properly processing credit card data online. If your server crashes, or your website is hacked, or even if you simply mistype some crucial code, all of that information could be made vulnerable or possibly lost. It’s a nightmare that no business owner should have to endure! Payment gateways take care of all of that stuff for you, and make online transactions much quicker and more secure. Online shoppers know the risks of giving their credit card data away too willingly, and having a third party gateway will give them peace of mind.
Checkfront defaults to a ‘reservation-only’ mode; you can still use the software without a payment gateway, but you won’t be able to take any payments whatsoever. We have over twenty different payment gateways that can integrate into Checkfront, so you’ve got lots of options for which service should handle your transactions. But that brings us to the big question: how do you choose a payment gateway that’s right for you?
Features to Look For
Payment gateways seem complicated in part because there’s so much diversity in what is offered, how much it costs, and how your money is managed. Furthermore, every business is different; some operate entirely online, while others have a physical storefront. Some process thousands of online transactions per month, and some only deal with a few dozen. The different gateways are a reflection of the incredible diversity of their clients.
That said, there are some core features that you should look for when shopping around for a payment gateway. Some will be more important to you than others, or not relevant at all, but these are the vital components that you should keep in mind when you’re comparing services. Consider the type of payments you need to take, and pick a system that’s flexible enough to handle them; some businesses will only need a simple gateway setup, and others will need more advanced options.
The web has connected the world in unprecedented ways, including financial interactions. You can buy almost anything you can imagine online, no matter where the retailer is located—and vice versa. But this universality means that you’ll have to deal with a variety of different currencies. There there are two separate but intertwined considerations when it comes to payment gateways: which currencies the gateway accepts, and which currencies it will pay out—that is, the countries in which it will work.
A gateway may only work for merchants based in the USA, Canada, the UK, but can process payments from accepted credit cards no matter where that cardholder lives; many companies also offer currency conversion, so that international shoppers will see prices listed in their home currency instead of the default USD. Some gateways are US-only and will only accept US dollars. Before you take a look at anything else, take note of which payment gateways will work in your home country—otherwise you’ll be doing comparisons with something that you’ll never actually be able to use!
Have you ever gone to buy something, only to be redirected off of the store’s page to a pay site and prompted for your credit card details? It’s a disruption to your online shopping experience, visually disconnecting you from the goods you’re buying and the merchant who’s selling them. People are wary of redirected pages, especially when it comes to giving their credit card details online, and they may change their minds if they fear that they’re not paying via a secure path.
That redirected payment page is called a hosted checkout; it’s a common choice for smaller businesses and one of two types of checkout page options you will run across. It’s quite easy to implement and requires very little technical knowledge; however, if you do choose to go this route, you should be able to customize the look of the hosted page so that it mirrors your own website. Customers are more likely to convert if they have a streamlined, cohesive purchasing experience; but even if they know your business is trustworthy, they may still be unsure about submitting their information to an unknown payment gateway page.
This is where integrated checkout comes in, and it’s the preferred choice for many businesses and is relatively easy to implement on a page or in an app like Checkfront. Integrated checkout options keep the checkout process entirely on your site, while still being extremely secure; it looks professional, it feels more trustworthy from a user experience standpoint, and it smoothes the process. Gateways like Stripe, 2Checkout, and Authorize.net all offer this service.
This is an important point when it comes to cloud-based services, and one that many people often forget. You’ll want to consider whether your chosen payment gateway will play nicely with other add-ons that help you operate your website. Using a booking system with a disconnected payment gateway is asking for headaches you don’t need. Check our list of supported payment gateways for Checkfront, and if you don’t see one you want to use then drop us a line to ask about it; we may be able to include it in a later update to our system.
Payment gateways are all about taking a customer’s money, but sometimes it’s not just as simple as that. Do you have a storefront with a physical POS terminal? If so, look into options that will play nicely together. You shouldn’t have to deal with two separate payment systems with separate fees and separate policies. Some companies, like Moneris, offer point-of-sale services as well as online options, so all of your payments are being processed in the same place by the same provider. If you’re going to be using mobile devices heavily, get a gateway that integrates with your mobile operating system; if you operate with a lot of coupons, you’ll want something that can calculate those changes automatically without a lot of trouble on your end.
Do you offer refunds to your customers, just in case? Then make sure to pick a gateway that will do them for you. Checkfront offers options for refunds in the back end of our system, but some payment gateways don’t connect to that part of the app; in these cases, you will have to log into the payment gateway site, issue the refund, then go back to your Checkfront account and manually square up the invoice with the refund. Having a refund cycle that’s connected to Checkfront makes all of this far easier; luckily, most of the popular gateways like Stripe, Quickpay, and eWay offer this connectivity. Look for integrated or in-app refunds offered as an option.
Security and Reputation
Part of the appeal of a payment gateway is the increased security for you and your customers. You’re dealing with a very important and very sensitive aspect of your business, and a data breach could destroy your reputation. Payment gateways need to be secure; they should be willing to explain how they protect you and your customers, and ideally they should conform to web security standards like the Payment Card Industry Data Security Standard (PCI DSS) at a minimum. Does the gateway hold on to customer credit card data? If so, for how long and why? Go to bat for your customers’ security and make sure their money (and yours) is in the right hands.
Always do outside research on potential gateways; when you type the company name into Google, does it auto-suggest words like “scam” or “complaints”? Read reviews online—from both professionals and users. The big companies will have a mix of positive and negative reviews, but you can always find horror stories from bad companies and it’s best to avoid becoming one yourself. Check out what other users are saying on social media outlets like Twitter; these public spaces often act as impromptu customer service outlets, and you can see how the company responds to questions and complaints.
Payment gateways act as an intermediary between the customer’s bank account and your own, ensuring that the money is available and that the transaction is successful. But the money won’t actually land in your account until the transaction is settled by both the issuing and acquiring bank, and that can take time to process. Payment gateways hold on to batches of money and pay out to you on a regular basis—this can be a daily occurrence, like with Authorize.net, or it can be a weekly payout like with Stripe. Depending on your business model, you may want to go with a delayed payout so that the gateway can offer in-app refunds quickly and easily. But make sure you know the gateway’s payout policy; some hold on to your money for up to a month, and you don’t want to grind everything to a halt while you wait for that cash to become available.
Don’t underestimate the importance of customer support when looking for a payment gateway. This is going to be a major part of your business, and if something goes wrong it could bring things to a screeching halt. As we talked about above, doing research into other users’ experiences with your chosen gateway will prove invaluable. Some companies only offer a certain level of service for their smaller-size pricing options; others will offer comprehensive support for everyone. You want a gateway service that will be able to work with you to fix things when they go wrong.
Demystifying Merchant Accounts
If you’ve looked into payment gateways even a little bit, you’ve probably run across the term “Merchant accounts”; there are lots of companies which offer them packaged along with their gateway services, and others which warn that you must have a merchant account before you can set up a subscription. What the heck are they talking about? What is a merchant account, and why is it different from the one you already have as an established business? Why do some gateways need a credit check whereas others are just sign-up-and-go? What is the meaning of all this?
Internet merchant accounts are a very important part of payment gateways, but they can be confusing unless you untangle them and understand the role they serve (and what they do not do). So here’s a breakdown.
A merchant is a special bank account that holds the funds from debit and credit card sales. Separate from the business owner’s actual bank account, funds in the merchant account are held there until the end of the day, when they are transferred to the owner as a batch—otherwise, the business would be depositing money hundreds of times per day. Whenever you pay with a debit or credit card, your money goes to this intermediary merchant account.
While there is a lot of confusion and questions about payment gateways, merchant accounts can be more complicated. There are two types of merchant accounts: dedicated and aggregate. A dedicated merchant account is one that belongs only to you; the money inside is solely yours. With an aggregator, everyone’s payments are processed by the provider and the cash goes into a big pool.
Why a Dedicated Account?
With a dedicated account, you enter into a legal agreement with the issuing bank or company and must usually undergo a lengthy credit check and application process. The most basic consumer protection policy states that a cardholder is entitled to get their money back if the good or service they purchased is not delivered. The payment processors risk losing money every time they handle a credit card transaction on your behalf, because they must cover the cost of chargebacks and credit issues. So getting a dedicated merchant account takes some effort, including gathering your financial statements, submitting an application (sometimes with an application fee), and convincing the underwriters that you are not a risky investment for them.
Should you get a dedicated merchant account? That depends. If you’re only processing a few dozen credit cards per month, then the lengthy application process and the myriad of fees, contracts, and terms of service may not be worth it; it’s better to go with an aggregator (see below) for a low volume of credit card sales. But if you do a lot of business online, a dedicated merchant account gives you way more control over your money. One of the biggest advantages is the incredibly quick payout rate—usually less than two business days—which is very convenient for those who need or want the cash as quickly as possible.
Some gateways offer a merchant account along with their payment processing services; others, like Authorize.net, have a list of verified resellers that they work with very well. With this setup, you are charged based on the volume of your sales and the type of business you operate, and there are usually tiered options or negotiable rates you can customize, to a degree. Always read your account contract very carefully and know exactly what you’re being charged for and what sort of rates you’re getting, and why.
Why an Aggregator?
The other type of merchant account is an aggregator. These accounts are like a big central pool, which you share with the other companies using the service. Instead of a bank taking on your risk and processing payments on your behalf, companies like Paypal and Stripe do that for you—think of them as a proxy, of sorts. It’s much easier to get connected to an aggregator; while you still need to give them some information about your business, you’re not going to be denied because of a short credit history. You typically pay fewer fees, have a more generalized contract, and can get set up far faster.
With an aggregator setup, your money is still paid out to you, but it typically takes a little longer—anywhere from five business days to one entire month! That said, aggregators like Stripe and Paypal offer flat per-transaction rates, and rarely have setup or monthly fees on top of that. For merchants who only process a few hundred transactions per month or so, they are a lightweight, cheaper option, with straightforward fee structures and very little hassle to set up.
- more control over your money
- dedicated account which only belongs to you
- quick payouts
- close relationship with issuing bank
- tiered discount rates based on processing volume and risk level
Companies that process lots of payments each month
- payments go into the company’s large pool
- slower payouts
- fewer fees and application requirements
- relatively easy setup
- limited customization of services
Smaller companies and startups
Other Key Questions to Ask About Merchant Accounts and Payment Gateways:
– do I need to have one set up independently of the gateway, or do I need to have a merchant account bundled with the gateway?
– are there specific providers I must choose in order to use this gateway?
– what’s the application process like?
– what are the requirements for standard accounts?
– how much does the account cost—both upfront, and over time?
– is a merchant account actually advantageous for my company’s size and operational volume?
Re-billing: What to Look For and Why
If you need to set up automatic recurring billing, or want to take a temporary deposit that will be refunded at a later date, then you’ll need a payment gateway that offers these options. One of the most commonly asked questions from Checkfront users is whether they can store credit card numbers so that they can add onto a customer’s invoice or charge an initial deposit and then take full payment later, without having to take the customer’s credit card information a second time. The answer is yes; this is absolutely possible, and many merchants specifically seek out gateways that support re-billing. But some gateways will charge extra for this option, and you want to make sure that your gateway will tokenize the credit card data to make sure it’s as secure as possible.
Tokenization is the process by which sensitive data is transformed into something that has no external value or exploitable meaning, but can still be used by the applications, people, and processes that need it. A great real-world example is casino chips; they are passed between player and dealer or player and player just like real money would, but they have no value outside of the casino. If $2000 worth of casino chips are stolen, the casino hasn’t actually lost that amount of money; they’ve just lost the tokens that represented the cash.
When it comes to credit card data online, tokenization is advantageous over basic encryption because there is no mathematical relationship between the original number and the transformed one. With straight encryption, there’s a specific code that transforms a 5 into, say, a % sign, and a 34 into a 67. But the problem with this is that codes can be broken with enough time, energy, and brute force. Tokenization, on the other hand, just substitutes one value for another, usually by random number generation. The number 3447 on a customer’s credit card could become 8910 for one transaction, but 6622 for another. Businesses can use the tokenized numbers to generate their reports and maintain their records, just like a gambler can use casino chips in place of actual money. In both cases, the tokens are transformed back into their original form when payout occurs.
How does this relate to payment gateways? A good one will tokenize your data, making it more secure. But with this increased security comes a slight drawback: since you’re not storing customer credit card details—just the randomized tokens—it can be very difficult to set up a rebilling cycle or add a payment to a customer’s card without taking their information a second time. If you want to have these billing options, you will need to pick a payment gateway that gives you this ability—Stripe, WePay, Authorize.net, and a few others all offer it.
Payment gateways are going to cost you money; this is a fact that no one can deny. If you resist the notion of paying for the service then you’re going to end up with a very limited setup that will not offer you the full range of options you need and deserve. Paying for a gateway service is worth every penny, but the payment options are very different from company to company and can often become confusing to a newcomer. Here’s a small rundown of the different types of charges you may see, and what you should expect.
Discount Rates and Transaction Fees
This is the bread and butter of payment gateways, and one of the major things you’ll be comparing when looking for your right fit. Virtually every gateway we’ve ever seen makes their money by charging you a small percentage of each transaction they process for you. This is usually called a merchant discount rate, and it’s typically between 2-5%. Additionally, most gateways will charge a flat rate of a few cents on each transaction—typically under fifty cents. This commission is split between your merchant account provider, payment gateway, and credit card provider (or any combinations therein). The rates vary greatly depending on your chosen company and setup.
Stripe, for instance, will charge you 2.9% + 30¢ per successful transaction, no matter what. eWay, a popular Australian service, charges different amounts for different plans; their base plan charges the same 2.9% + 30¢ as Stripe, and their highest-tiered package charges 1.8% + 10¢ per transaction (plus a larger monthly fee). The merchant discount rate gets smaller as your monthly sales increase.
With some gateway companies, the buck (or 2.9% of the buck) stops here; they make their money on each transaction they process. But things aren’t always that simple, and if you just go with the cheapest discount rate then you may find yourself with a very poor match. There are other fees that are regularly charged, depending on the complexity of the service and the features you’re going to be using.
Almost all payment gateways have a monthly fee structure. It’s not uncommon to see multi-tiered levels of fees; the more services and functions you use, the more you’ll probably pay. Aside from the baseline monthly administrative/maintenance fee, you may be charged for optional services like fraud detection, auto-billing, and the level of customer support available (see below). Monthly fees may also vary depending on the size of your business and how many transactions you process per month; eWay, for example, offers two tiers of monthly plans, with varying discount rates, free transactions per month, and other offerings depending on the size of your business.
Important: If you are going to use an internet merchant account, then you will most likely pay a monthly fee to cover it. Companies like eWay and Authorize.net will bundle a merchant account and payment processing together, or offer to sell you each separately. Gateway plans that include merchant accounts are going to be very differently priced, so make sure you’re comparing the right things when you shop around.
Set up fees
When you sign up for a service, they may charge an initial setup fee—especially if you’re creating a merchant account with their assistance. This is a one-time charge, ranging from as low as $49, and while it’s important to take into account when calculating the most efficient gateway for you, don’t let this setup fee trip you up too much; monthly rates and transaction fees are going to be more important in your math.
This section covers things that are valuable comparison points for you to use when shopping for gateways, as some of them will charge you and others will not.
Chargeback and Refund Fees
Some gateways (not all) will charge you if you need to refund a customer’s money, or if the customer/bank yanks the payment back from you. The latter situation, which is called a chargeback, tends to incur more fees because they often happen due to fraud, technical or clerical issues, or identity theft. In those cases, the bank is responsible for the money, so they will charge merchants with steep fees as penalty for these situations. But chargebacks aren’t always your fault, and they happen sometimes; unless such situations are vanishingly rare for you, it’s worth searching for a gateway provider who doesn’t penalize you for refunds or chargebacks.
Security and Support
You want a reputable, strong payment gateway service that will take care of all the security issues so you don’t have to; you also want a place to turn if something goes wrong. Some companies will charge you for different levels of security and customer support; they may have a baseline option available for free or cheap, but limit your support to business hours and only via email; more expensive packages will include 24/7 customer support and increased fraud detection. As with the monthly fees section, these fees tend to accompany merchant accounts and other more complex setups. Make sure to ask about what sort of customer support is available to basic subscribers, so you aren’t left at the mercy of Google searches to fix a fundamental part of your business. ALL payment gateways should be PCI-compliant, at the very least; they should only charge for security features on top of that.
Recurring Billing and Data Tokenization
We covered this in detail above; if you want to be able to take several payments from a customer (or add something to their existing order) without taking their card information each time, you may end up paying for that service. Gateways like Authorize.net may also offer data tokenization as an extra add-on to your existing service, instead of just automatically encrypting your information that way.
As we mentioned above, one of the great things about an online business is the ability to find customers in every corner of the world. But if you have an eye on the international market, first make sure that your gateway won’t charge you every time you do a currency conversion, or that they’ll accept your home currency without extra fees.
If we tried to list every possible fee and charge that you may come across, this document would probably be a textbook! There may be hidden charges on top of the major fees to pay attention to, and you should keep an eye out for words like ‘bundle’, which indicates a bunch of fees lumped together that you may not realize you’re paying. Some common hidden fees include charges for monthly administration (on top of your monthly subscription), unscheduled withdrawals, currency conversion, and batch processing fees. We won’t go into each of these, but simply reiterate that some business owners will find that they need these extras and others won’t, and that a payment gateway which lays all of its costs out on the table is more likely to let you customize your experience with them so you only pay for what you need.
Other Questions to Consider
Do I need to be PCI-Compliant?
The Payment Card Industry Data Security Standard (PCI-DSS, or sometimes just PCI for short) is a set of rules that ensure that all companies that process, store, or transmit credit card information maintain a secure environment. The major American credit card companies each started their own security requirements before combining them into one central set in 2006. All merchants, regardless of the number of transactions they process, must comply with the PCI standards for their size of business. Most small-to-medium businesses will fall under the umbrella of PCI level 4, processing fewer than 20,000 Visa e-commerce transactions per year.
That said, you may not need to rush out to apply for approval from the PCI standards council; it all depends on how you’re dealing with credit card numbers. If you’re running an online-only business and are using a payment gateway to process all of your transactions, then the responsibility will fall on the gateway to adhere to the standards. For Checkfront users, there isn’t much to worry about; we are fully PCI-compliant, and all payment gateways run through our app, so your business website is likely fine.
PCI compliance is a vitally important point to consider when looking at a payment gateway; it is the first line of defence for both you and your customer against thieves and hackers. ALWAYS make sure that your selected payment gateway is PCI compliant, and check their requirements; some will require that the site using their service is PCI-compliant as well, especially for integrated checkout options.
What will my customers see on their credit card bills?
This is something that many business owners may not think of initially, and while it may not be a dealbreaker it’s still good to know in advance because it pertains to your customers’ experience. Some gateways will show up on credit card bills under the company name, such as “2Checkout” or “Sagepay”; if a customer isn’t familiar with the gateway or didn’t realize you were using one, it can be extremely distressing to see a charge from an unfamiliar place! If you know about this ahead of time, you can let your customers know how the charge will appear on their bills. That said, it’s preferable that your business name is the one they see, and many gateways will give you that option; like with integrated checkout pages, it helps give the customer a seamless, professional buying experience online.
What are the policies for international businesses with a US merchant account?
Many payment gateways are based in the United States, and operate in US Dollars and accounts. This can be frustrating for international merchants, who can find themselves limited in their choice of payment gateways. Some businesses have bank accounts or merchant accounts based in the United States; this may allow them to use certain US-based services, but it’s not a guarantee. You may incur extra fees to use a gateway if you’re based in a different country; it just depends on the company and its policies, so if you’re in this situation you should ask before signing up.
How hard is it to set up?
When you purchase a payment gateway, what’s the process for integrating it into the rest of your business? If you need to get a merchant account (as discussed above), how do you connect it with your bank? Are there clear instructions on how to set up the gateway on your website, and can you run test numbers through it successfully? Always look at the support documents and read instructions; if something seems like a real hassle to set up, then you may want to move on. The goal, as always, is to decrease your headaches and increase your business volume.
Who owns my data?
Whether you’re collecting credit card data to be used in continuous billing, maintaining a private merchant account, or using an aggregator service, you’re going to be dealing with quite a lot of customer data—not just their credit card information (or encrypted equivalent) but records of payments, orders, refunds, and other important transactions related to your business. You should know before you sign up for anything exactly who owns that collected data, and to what extent. Always, always ask about this; you should have full control over your transaction histories and be able to do with it what you wish.
How easy is it to cancel the service?
We know you’re only just starting on the journey of finding a payment gateway, and it may seem pessimistic to be thinking about leaving before you even reach your destination. But whenever you are paying for a subscription or long-term service—especially one that deals with something as critical as your income and customer credit card data—you should know how to cancel your subscription if need be. It’s not just for cases of poor decision-making; even if you do all of your research and sign up with a gateway you like, sometimes situations change and you need to move on in order to grow your business. You may need to give the company a certain amount of notice before you leave, or ride out the rest of your contract (or buy out the remainder). No company wants to see a customer leave, but the good ones will have an open and honest policy about how to do so if you choose to move on.
Didn't find what you were looking for?
Use the form below to search our site