At checkout page, our website sends encrypted payment details to payment gateway
The customer browses website on their laptop or phone, places our service/product and then proceeds to checkout.
As part of the check-out process, they may be asked to confirm their order and fill in their billing information.
They submit the order by pressing ‘buy now’ or ‘pay now’.
The customer’s web browser encrypts the payment information and this is then sent to your web server. The process is carried out via Secure Socket Layer (SSL) encryption, which requires you as the merchant to have a full SSL certificate.
The website then forwards the transaction details, again using SSL encryption, to the payment gateway.
At this point the payment gateway takes over.
Payment gateway sends request to customer’s bank for authorisation
The payment gateway sends the encrypted transaction information to the payment processor used by your bank (the “acquiring bank”).
The processor then forwards this to the customer’s card association, for example, MasterCard or Visa.
The card association routes the transaction to the bank that issued the card to the customer.
The customer’s bank receives the request and checks that the funds available to the customer can cover the amount requested.
The customer’s bank responds to the payment processor with a code that indicates whether the request is approved or declined (and if it is declined, the reasons why).
This response is then sent from the payment processor back to the payment gateway.
The payment gateway forwards this response to our website, which in turn interprets it and passes it on both to the merchant and to the customer who is checking out. This entire process happens in 5-10 seconds.
Security of payment details
There is always some risk involved in making online payments, both for customers and for merchants. The key is to do what you can to help customers feel safe, while taking care of your obligation to protect their details.
There are essentially three issues to look out for and understand whether you or the payment gateway is responsible:
Secure Socket Layer (SSL):
Payment Card Industry Data Security Standard (PCI DSS) – which the entity storing customer payment details are responsible for and
3D Secure – this method is now used by payment gateways and banks, so no obligation on your side. However, do investigate further if you are using international entities.
A web page using SSL will display “https://” instead of “http://” before the website’s address in the browser’s address bar. A padlock icon will appear in the address bar of the browser before the address. A SSL ensures that when you send payment details to the payment gateway, they are encrypted and secure.