In the course of doing business today, you’ve likely heard of payment gateways and payment processors. They both play essential and distinct roles in every credit card transaction. But the roles of each in the payment process are often confused, leaving many business owners to wonder: what is the difference between a payment gateway and a payment processor?
First, the processor. As experts in high throughput and high availability data management, processors are hired by banks to handle card payments. In the United States, only a bank can move money. There are two banks in every credit card transaction: the issuing bank, which issues credit cards to consumers, and the merchant or “acquiring” bank, which acquires transactions on behalf of businesses. Issuing and acquiring banks are connected to each other through card networks like VISA and Mastercard. Only an authorized processor can introduce a transaction into the card networks on behalf of a bank.
Gateways, on the other hand, don’t move money; they aggregate transactions from an array of sources, screen for fraudulent patterns, and route transactions to various processors for delivery to the payment networks.
As shopping moved to the Internet with the rise of e-commerce, payment gateways were established as a bridge between web-based checkout software and the traditional payment processors. Gateways don’t move money, but they take the friction out of collecting the sensitive payment credentials for card transactions and transmitting the data securely to the acquirers that do.
Handling electronic payments used to be simpler, because processors controlled the merchant’s side of the transaction by dictating what payment terminal hardware and software they would support. Processors published detailed terminal specifications that POS devices needed to implement in order to be certified. But that simplicity didn’t lend itself to a lot of flexibility. POS terminals only took magnetic stripe cards, and the merchant and his terminal usually had a one-to-one relationship with a processor. An app written to processor A’s terminal specification, for example, could only send transactions to processor A. Since then, the sources of payment transactions have exploded, from e-commerce to mobile and unattended kiosks, along with the tender types available to customers (prepaid, loyalty, gift cards, digital wallets, bank transfers) and processors able to handle them.
A Basic Credit Card Transaction
To see exactly what a payment processor does - here’s a breakdown of a typical card transaction, without a gateway, this one from a stand-alone payment terminal at a physical merchant location, straight to a payment processor:
This process starts when the customer presents a card to the merchant, who then swipes it through a credit card terminal provided by the merchant’s payment processor (or in the case of an EMV chip card, inserts the card into the terminal).
The terminal validates cardholder data, by way of the card’s magnetic stripe or EMV chip. A message with data, such as the cardholder, merchant, and purchase amount, is sent to the payment processor. The processor then requests authorization from the issuing bank over the bankcard network.
The issuing bank sends a response back, either an approval or a decline. If it’s an approval, a hold equal to the purchase amount is placed on the cardholder’s account and the available credit is lowered accordingly. All the while, the payment processor is essentially a middleman in this process, shuffling transaction data between merchants, issuing banks, and acquiring banks.
A merchant will then send batch settlement requests to the processor on at least a daily basis. Credits, tips, refunds, reversals, and the like are addressed at this time. The final part of the process is clearing, where the card network will wire funds from the issuing bank and to the acquiring bank, minus any fees.
Today’s merchant is faced with customers who want the freedom and flexibility to pay in multiple ways. What happens if the customer wants to pay with something other than a credit or debit card, like a gift card or a digital wallet?
What if the merchant also needs to accept payment from online orders, over the telephone, or via mobile or enterprise applications?
The merchant could hope that their processor supports all of these options, or perhaps integrate with additional processors that do. Or, the merchant could look to a payment gateway to manage all of this complexity for them.
The Expanding Role of Payment Gateways
In addition to supporting a variety of transaction sources, payment gateways have expanded to manage many business functions. Payment gateways provide transaction security, above and beyond what most the processors offer. Gateways handle complex encryption services, both from the payment source and to the payment processor. Gateways can filter out suspicious transactions based on the source of the transaction, the frequency of transactions sent from a source, the dollar amount, and more.
Gateways can also initiate transactions based on merchant requirements. A good example is recurring billing. For merchants billing clients on a regular and repeat basis, gateways can maintain an encrypted database of customers and customer payment methods, removing or “descoping” the merchant environment from compliance with onerous cybersecurity requirements (such as PCI) enforced by the card networks. Based on a merchant-provided schedule, a gateway can initiate a transaction and handle any exceptions encountered. A gateway can even generate and deliver an invoice to a client, with embedded payment instructions and links to a gateway-hosted payment page.
Banks, Processors, ISOs, and Independent Gateways
It's important to remember that in most cases, the processor is not the bank, it is a vendor to a bank and other participants in the payment ecosystem. Leading processors like Fiserv, Global Payments, WorldPay, and Elavon may resell the services of a merchant bank, boarding (usually large enterprise) merchants onto their processing systems, but the merchant's account is actually associated with a merchant bank like US Bank, MetaBank, Citizens, Wells Fargo, or BMO Harris. Merchant banks are also known as “acquiring” banks, in that they acquire transactions. Acquiring banks establish relationships with processors to handle the front end – or initial authorization of a transaction - and the back end – or settlement and clearing. In this way, processors are both vendor to and resellers of acquiring banks.
Processors can behave like ISOs, but ISOs aren't processors. Processors and ISOs all have sponsor banks, but all merchant transactions are routed to processors for handoff to the card networks, and eventually the banks participating in the payment process. Transaction processing is a technology-intensive business, and all processors provide systems capable of handling thousands of transactions per second. Some ISOs have their own technical facilities, but most rely on processors to take care of the technical details. In this way, ISOs are customers, resellers, and competitors of processors. More and more ISOs roll out their own gateway offering to maintain more control of its merchant offering.
Many of the largest processors include payment gateway capabilities as part of their "front-end services," but there are also independent gateways integrated with all of the big processors that can handle traffic for any ISO. Truly independent gateways do not compete with ISOs, because they do not take a percentage of the purchase amount. Stripe – one of the world’s biggest gateways – is also a sales organization, (primarily for Wells Fargo in the US) and provides a gateway service, while also taking a percentage of the ticket price on each transaction. Some gateway providers, like Phoenix Managed Networks, do not take a percentage, increasing profit for their ISO clients. In a complex market where vendors can be competitors, it is an important distinction.
Having an independent gateway gives ISOs several major benefits. One is cost, as described above. An independent gateway may charge transaction or hosting fees, but it doesn’t take a part of the purchase price from either the merchant or the ISO. Another is flexible handling of many transaction sources, as we’ve seen. Lastly, an independent gateway also gives ISOs independence from any one processor, allowing them to “board” merchants on various processors depending on the merchant’s specific category or needs. In the end, the merchant relationship belongs to the ISO, and the ISO should be able to choose how and where that merchant’s transactions are processed. ISOs need processors, but they don’t need to be married to one, and they don’t need to promote the processor’s name over their own.
Many of the independent gateway providers, like PMN, offer ISOs the ability to brand a gateway’s interfaces with the ISO’s name. This personalization leads to customer confidence that their payment data is being handled by a trusted partner. While the branding helps with reinforcing name recognition between merchants and ISOs, the underlying gateway technology is still provided by the gateway provider.
ISOs looking to establish features unique to their marketplace usually transcend these generally available gateway service providers and look to buy their own gateway technology. Ownership gives the ISO more control over the merchant experience and expands its ability to provide unique features to its particular market. As merchants integrate and optimize their business process with the ISO’s owned gateway technology, they become "stickier," more reliant on the ISO, and less likely to look elsewhere for payment support. Providing that gateway technology to ISOs is Phoenix Managed Networks’ sweet spot.
The Benefits of PhoeniXGate from Phoenix Managed Networks
With a PhoeniXGate license, ISOs can offer their merchants a comprehensive payment solution that is branded and owned by the ISO.
From POS terminals to mobile payments and e-commerce, PhoeniXGate is designed from the ground up to deliver the widest array of payment technologies to the broadest spectrum of merchants. ISOs can even switch processors without it impacting the POS software their merchants use.
As the software provider, Phoenix Managed Networks can customize each PhoeniXGate instance to suit the ISO’s specific market requirement, from features and certifications, to branding and custom business models. As a service provider, Phoenix can also operate an ISO’s gateway instance in in its PCI-compliant cloud hosting environment with 24x7x365 support from Phoenix’s operations, engineering, development, and QA staff.
Unlike other payment gateway providers, Phoenix Managed Networks offers ISOs the option of ownership. The ISO looking to control their own features and products—but without the hassles of system administration and infrastructure support—should discover the benefits of PhoeniXGate and our custom-developed solutions.
If you’re an ISO ready to simplify payments security and managed services while scaling up your merchant network, contact Phoenix Managed Networks today to learn about PhoeniXGate.