With the rise of the Fin-Tech sector, the number of payment gateways in the have significantly increased over the years. Given the competition in the market, it’s by default that any payment gateway needs to provide highly secure and ultra-smooth transaction to its customers. Let’s talk about what exactly is payment gateway and how do they work.
Payment Gateways provide means of communication between customer’s paying medium (like credit card, debit card etc.) and merchant’s payment receiving medium. These payment gateways are available in physical point of sale devices as well as virtual portals like Mobiversa, PayPal, Braintree, Stripe and Square.
Payment gateways help customers secure their sensitive information such as credit card number, CVV and other sensitive private information.
It works same way in Malaysia as it works elsewhere around the world.
The thing which breaks or makes any payment gateway the best payment gateway is how they secure customer details. All the payment gateways need to follow certain globally defined rules and guidelines to even exist in market.
Basically, what happens is, when customer buys or orders something online or at a physical store, the payment gateway encrypts the details in browser before being sent to server side using secure socket layer encryption.
Then the merchant forwards the transaction details to their own payment gateway. Here happens the second level SSL encryption. The merchant’s payment gateway then forwards the transaction information to the payment processor used by his bank. The bank forwards transaction details to the card processor and card processor approves the payment request before finally arriving the funds to merchant’s bank.
Because of the nature of the steps involved in the whole process, it takes average 2 to 3 days for your funds to arrive from your customer’s account to your account.
If you notice, high level of security encryption gets followed in each step. That being said, once you enter the card information and hit submit, no one, absolutely no one knows what it is. If any hacker wants to decrypt the information, it would take him thousands of years to arrive with original key and information about your card information. Now, you know why your cards come with expiry date. Right?
Since the customer is usually required to enter personal details in the transaction process, the payment gateway is often carried out through HTTPS protocol.
To validate the request of the payment page result, signed request is often used – which is the result of the hash function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway.
To validate the request of the payment page result, sometimes IP of the requesting server has to be verified.
For any payment gateway to exist in market, it’s standard for them to use HTTPS protocol instead of HTTP because of all the private information being entered, transferred and communicated from client side environment.
For request validation, a secret key which only merchant and payment gateway knows gets used for payment succeed page. The page gets rendered only if the secret key gets matched with critical information from transaction.