Choosing a payment gateway
page last edited on 27 June 2017
A payment gateway is an essential part of your online strategy. Popular shopping carts are compatible with a great variety of payment systems widely known as payment gateways. But how can you choose the one that is right for you? You do not have the luxury of rectifying a wrong decision. Apart from the cost of the service, you stand to lose out much more - customers, orders, fraud related losses, integration time, time to market etc. On the stage of getting your online store live, you will likely face the problem of accepting credit card payments from your customers. It is the most common and convenient payment method available over the Internet. To be able to accept credit card payments at your X-Cart based online store, you will need to subscribe to the service of a payment gateway which will process credit cards for you. Payment gateway service is available from such companies as Authorize.NET, PayPal, WorldPay, 2CheckOut and some others. There are several significant benefits when using this type of service:
- Most payment gateways have a sophisticated fraud protection mechanism that helps to avoid most chargebacks from the customers whose credit card might have been stolen by hackers.
- The process is fully automated so you can save a vast amount of time if you have many orders.
- Some payment gateways like 2CheckOut enable you to accept credit cards even if you do not have an internet merchant account (It may be difficult to obtain a merchant account if you have just started a business and haven’t got a positive credit history yet).
Things to ask first
Some important initial questions you should ask of any potential vendor of billing software include:
- How long has the company been in business?
- What is the history of the company?
- How long has the particular features package you’re interested in been on the market?
- How many and what types of Web services use their software?
- Are client references available for you to call?
- Is a demo version of the software available?
- What is the availability and accessibility of system setup, training and support, as well as the approximate cost of these essential items?
- Will the company be able to import data from your previous billing system, if necessary, and what is the expected cost for this service? have they been successful with this?
- What are the hardware and networking requirements recommended by the software vendor for optimum efficiency?
- What is the cost of their ‘basic’ system and what is ‘included’? Are there any additional products available at an extra charge to enhance the basic software package?
First, you should draw a line between payment gateways that require a merchant account and those that don’t. Payment gateways requiring a merchant account usually offer attractive commission rates, for example, 1.8% of each transaction, a fixed $0.20 from each transaction, and a series of monthly charges grouped under several headings, usually amounting to less than $100. This means that your company keeps a greater share of gross sales. On the other hand, payment gateways requiring a merchant account have several disadvantages:
- They seldom engage in fraud prevention and rather leave it in the hands of the seller to decide which transactions are safe to accept and which should be rejected. If the company suffers a high rate of fraud, the gateway provider may terminate the service.
- Moreover, signing up for a merchant account can take around one month, and these are usually only granted to incorporated companies with an existing financial background.
- Lastly, it can be hard to get authorization for transactions with certain credit cards such as American Express and Diners Club. In the case of payment gateways not requiring a merchant account, the main advantages are:
- You will be ready to sell immediately.
- Fraud prevention tools are provided free of charge.
- There are usually no fixed charges (only a commission over transactions). Of course, the disadvantage is a less attractive commission rate, usually between 5.5% and 12%, with a $0.80 fixed rate per transaction. It is also worth noting that the name on the customer’s credit card statement will be the name of the payment company, not yours.
See the list of ready-to-use payment processing integrations for X-Cart 5 in our Marketplace. Choose the one that looks good for your needs and contact the payment gateway reps directly to create a merchant account. Can’t find your payment gateway in this list? Email us at firstname.lastname@example.org.
Integration, customization and branding
From the technological point of view, you should consider the type of integration and security measures offered by each gateway. One of the most important criteria is that your customers receive a consistent and smooth transaction experience through this process. Many 3rd party payment gateways forget this fact. The feature acceptable for quick implementation is web form integration with the payment gateway: integration simply consists of a web form to send payment information. In a typical transaction, therefore, your сustomer is shunted from your website to the payment gateway website. The look and feel of both websites are different resulting in a non-consistent experience. This is proven to reduce the trust factor for a customer. Some payment gateways allow you to put a header banner or a logo. This, however, is not enough to provide a consistent experience. Some of the best payment services allow complete customization of the payment pages. You can change the text color, size, font, background colors, header, header background, etc. - all through an easy-to-use web based interface. In selecting a payment gateway, ensure that you obtain an interface that allows you to completely customize the payment pages. If you are looking to get a secure and uniform integration, you should choose a gateway with the most complex integration method. However, the first thing you should do is consult with your hosting provider if you comply with all the requirements (SSL certificate, permission to install components, permission to open ports in the firewall, etc.)
Fraud detection and risk mitigation
Indeed, business loss from online fraud can be daunting. So merchants have realized the importance of taking measures to minimize losses occurring due to online fraud. It is important that the payment gateway you choose supports basic fraud detection and risk mitigation measures. Note that fraud detection does not simply end with AVS or CVV2. Most payment gateways will offer you CVV (Verified by Visa) checking. While it is an additional measure, it does not successfully detect fraudulent patterns. Ideally, choose a payment gateway that offers you fraud detection tools apart from just AVS and CVV2.
Credit card transactions have a versatile set of features. There are various modes of transaction that can be performed. Auth-capture, sale mode, reversal, partial captures, partial reversals etc. It is important that the payment gateway supports all the transaction modes. Various business occasions require different combinations of these transaction modes. For instance, if a customer places an order you will want to authorize the transaction. If you do not have all the items the customer has ordered, you will need to initiate a partial capture at the time of delivery. If the customer has got the items, but one of them is damaged, they will return it back to you, and in this case, you will need to initiate a partial refund.
Financial transactions require profound security measures. And it is not only the Verisign 128 bit Digital Certificate which most payment gateways have. Security is a ground-up activity which needs to be effectively planned. There are several facets to take care of, including the datacenter physical security (where the payment gateway servers are hosted), OS and application security, firewall and intrusion detection systems at the OS and application layer, database security, and, finally, transaction security. Each of these requires the initial establishment and continuous monitoring. Verify that the payment gateway you choose controls all the facets of security on an ongoing basis.
Time-to-market is the mantra for online businesses. Every online customer lost to a competitor represents higher customer acquisition costs. Additionally, most merchants today outsource their website development. It is crucial therefore that the payment gateway offers you an easy integration process. This is another area where few payment gateways offer ready-made integration kits for all possible platforms. Quite a few payment gateways implement only complex Socket based APIs requiring you to write clients in specific languages to talk proprietary protocols. Another common problem faced here is that some payment gateways have integration kits that require a DLL or a component to be installed on your server. This becomes an issue if you are hosted in a virtual hosting environment. Your server provider may not be willing to install any component on their servers. Make sure to check up on the feasibility of the integration process in detail before you make up you mind in the choice of a payment gateway.
Comprehensive merchant interface
One more aspect to check from the beginning is the functionality provided by the merchant interface. The types of reports available, the interfaces available for searching transactions, processing captures and refunds, requesting withdrawals etc. In fact, you should request a demo of the merchant interface before you make your payment gateway decision to ensure that it supports all the features you require.
Many payment gateways may have hidden costs associated with them that may not be disclosed in the beginning. This may not allow you to compare them with enough depth. Some of the hidden costs with any payment gateway service are as follows:
- Chargeback fees
- Chargeback Forex losses: this particular item is important. Most banks or payment gateways will charge you Forex losses on chargebacks. Sometimes this can translate to a substantial amount. Some service providers, however, will bear the chargeback losses themselves.
- Reversal fees
- Termination fees
- Hidden setup charges
- Non-Sufficient Funds fees
- Annual fees
- Statement fees (more for more services)
- Customer support fees
- Withdrawal charges
Most of these costs will not be mentioned on their websites. It is important that you understand all the costs mentioned above and ask the provider directly for all the information regarding these costs. Most providers will charge you these fees without disclosing them to you.
Time to withdrawal
Find out how soon you can get access to your money. Some payment gateways may proclaim a no-reserve policy, but take a month to remit your funds. That means your funds remain blocked for a period of one month with the provider. While most payment gateways may maintain reserves for risk mitigation, it is essential to estimate within how much time you will have access to your funds.
Ensure that your payment gateway provider has a well-staffed and trained support team. Under ideal circumstances, the payment gateway provider should have a 24x7x365 support desk. It’ll enable you to respond quickly to your international customers who may have queries with regard to their online transaction.
With a global audience, multi-currency support becomes essential for those who have customers outside the USA and Europe. Though it is not an essential feature, it is helpful to be able to charge your customers in local currencies, or at least US Dollar currency.
Most payment gateways will reserve a certain portion of your funds to mitigate risk due to chargebacks. What is important is to find out the reserve amounts and how they are calculated, as well as the time period for which the reserve is maintained. Also ensure that you tie up with a payment gateway that maintains a rolling reserve as opposed to a fixed reserve so that funds begin rolling in your account albeit a little late.
Another factor to bear in mind is that some payment gateways are not available for the sale of intangibles such as software and services, whereas others are.
Lastly, we should mention the callback response or silent response feature. What is it, and how can it help selling with the shopping cart? A callback response is a silent and secure signal sent by the payment gateway to the shopping cart to notify it about the result of a transaction. It is extremely useful to update the order status from pending to paid and trigger other processes related to the approval of a payment, such as:
- Decreasing the stock of the products purchased
- Delivering digital goods
- Increasing sales figures
- Notifying affiliates and suppliers
Alternatives to online systems
X-Cart also supports payments through non-credit card means, for example PayPal. This company acts as an intermediary between users and transfers funds from one user to another by discounting the amount of the transaction from the payer’s account. This system can be useful in certain cases, although the verification procedure is quite complicated.
If your store is just starting out, you will want to keep fixed costs low. You should choose a gateway that offers its own SSL certificate free of charge, does not require installing components on your server, and does not charge excessive penalties for chargebacks. If your store is already established, with a clear projection of sales levels, you will want to choose a gateway that allows you to use your own merchant account and your own SSL certificate, and offers all the security measures and uniformity of advanced integration methods.
Help make this document better
This guide, as well as the rest of our docs, are open-source and available on GitHub.