acquirer, acquiring bank, CCavenue, citrus, citrus payments, credit card, direct API integration, EBS, ICICI payseal, issuing bank, netbanking, payment aggregator, payment gateway, payment processor, payu, PCI DSS certificate, tpsl
What is a payment gateway?
A payment gateway is a 3rd party entity (or software) that processes payment information entered by a customer on an e-commerce website. The gateway processes these payments on behalf of the e-commerce merchant. When a customer pays for merchandise using a credit/debit card, netbanking or any other prepaid mechanism (a.k.a non-COD payment in the Indian context), the payment gateway identifies the issuing bank of the card or connects directly with the online bank (in case of netbanking) to complete the payment. Once successful, they take the customer back to the e-commerce website.
Is it that simple?
No, it isn’t. Actually speaking, a payment gateway doesn’t do all this. A payment gateway is just a software (webpage or API) used to collect payment information details from a merchant (e-commerce entity) when a customer has placed an order. The gateway then transfers this information to a payment processor. The payment processor identifies the card network (visa, mastercard, Amex etc.) and then communicates with the card issuer bank to complete the payment. In order to get this done, the payment processor creates a merchant account on behalf of the e-commerce merchant. The payment processor enables the flow of funds between these various entities on the successful completion of a transaction. A merchant account is created by the payment processor with the acquirer bank on behalf of the e-commerce merchant. Payments are collected from the issuer bank and passed along to the merchant’s bank account. End of day, money flows from the customer’s bank account (identified in the credit card bill) to the e-commerce merchant’s bank account (identified as payments flowing from a payment processor). In today’s world, a payment gateway and payment processor are usually one and the same entity (or they are masked to the point that the difference is difficult to tell). Hence, for most practical purposes one can assume that what a payment processor does is done by a payment gateway. Hence, integration of an e-commerce merchant with a payment gateway is equivalent to integration with a payment processor.
The payment processor charges a certain % value per transaction (1.5% to 2.1%) as processing fees and pays only the net difference to the merchant. For example, a customer uses a citibank visa credit card to make an online payment of Rs. 1000 on xyz.com. A payment processor (with a 1% transaction fee) completes the payment on behalf of the customer. The payment is cleared by the payment processor via the acquirer bank and funds of Rs.990 is transferred to the e-commerce merchant’s bank account.
Any e-commerce player (in the World) requires some kind of connectivity with an acquiring bank so that when a customer enters credit card information on the website to make a payment, the acquiring bank processes the payment by working with the card issuing bank via a payment processor.
Is there anything more to it?
Yes, in the Indian context (and pretty much also for other countries) there are two types of payment gateways (or processors) that exist. One is a direct payment processor associated with an acquirer bank (e.g. ICICI payseal from ICICI merchant services, HDFC bank). The other is an aggregator (e.g. CCavenue, EBS, PayU). The aggregator is a provider of a basket of payment and associated services to the customer. This includes not just the ability to process credit and debit cards, but also the ability to process netbanking transactions, cash cards and other alternate payment methods. This is achieved by the aggregator as they enter into multiple tie ups with acquirer banks and other payment providers and build a common interface to provide all these options under one roof. An aggregator has multiple pricing options based on the transaction type and size of the merchant (e-commerce) business.
So, am I better off working with an aggregator rather than a direct payment processor?
This is not an easy question to answer. If you are a young startup firm with not much transactions to boast of, players like ICICI, HDFC and even the aggregators may not consider working with you. There will be huge delays in getting to talk to someone in their organization and the paperwork will be daunting.
The aggregator does good for an e-commerce startup by providing all payment options under one roof. The problem is that none of the payment gateways have a strong credibility when it comes to successfully processing transactions and/or providing optimum customer service. Fraud detection as a service is also not provided in an optimum manner by some of the payment gateways. It is also not prudent to put all your eggs in one basket. The challenge with a single payment gateway integration is that we are locked into having all our prepaid transactions tied to a single entity. If the gateway is down or unavailable or plain not efficient, the e-commerce business will face the brunt of it in terms of lost sales in checkout.
The challenge with the direct payment processors is that they don’t offer netbanking (unless with a separate integration like the way ICICI does with Citrus payments) and other payment options like cash cards etc. They are however good for credit/debit card transactions and also have a fairly good transaction monitoring system for fraud or chargeback issues.
Is there anything more to payment gateways?
Yes, indeed. Now, the question is how to integrate with a payment gateway? is it through a redirect to a webpage hosted and maintained by the gateway or is it through a seamless direct API integration. The answer is simple, direct API is the best. The problem is that in India, direct API integration is not clean and offered by all gateways. Many aggregators like CCavenue provide a seamless integration that cannot necessarily be called as API-based although they are good and work better than redirecting a customer to the gateway’s custom built web page for completing a payment. Another constraint is that in order to do direct integration, an e-commerce merchant is required to be PCI DSS certified. This is a long drawn process and many startup firms are better off just redirecting customers to the gateway’s payment page where all the options are displayed.
Now, many aggregators allow their webpage to be customized so that the look and feel is as per the merchant’s desire. But, many of these customization are hardly worth noting and don’t give any edge to the merchant. To see what the challenge is with PCI DSS certification, see my other post on this topic at https://ecommerceproductmanager.wordpress.com/2012/06/04/pci-dss-certification-for-e-commerce-websites-in-india/
Well, I don’t know why I added that line above, but to talk more about payment gateways, I would like to bring to attention the fact that a better transaction rate (% fee applied on every transaction) should not and cannot be the single motivation for choosing between various payment gateway options. I have seen several websites where the discussions around gateways begin and end with either the number of banks being offered by the gateway or who is offering the cheapest transaction rates. While they are all useful, they are not completely important to making the right decision in terms of selecting a gateway.
In my next post, I shall talk about what parameters to look for when making a decision to choose a payment gateway.