Payment Gateways

What are payment gateways and how do they work?

Payment gateways are service providers that allow websites to accept credit card payments in real time. In an online transaction, the payment gateway is website software that sits between the website shopping cart and the merchant bank account.

Payment gateways work in conjunction with merchant bank accounts in one of two ways:

• The shopping cart collects credit card information and passes this in a secure way to the payment gateway for processing. The payment gateway processes the transaction and the funds moved by the bank into the seller's merchant bank account. The buyer's bank takes the money from the customer's credit card account. The result of the transaction is sent back to the shopping cart for display to the buyer.
• The shopping cart passes control to the payment gateway provider's website. The secure gateway collects the credit card details from the customer, processes the transaction in real-time and redirects the customer back to the shopping cart website along with information about the result of the transaction.

To use a payment gateway, you will need an Internet Merchant Account with your bank and an account with a payment gateway provider. In some cases banks offer both the merchant service and the gateway service - examples in Australia of these include NAB, Commonwealth Bank and ANZ.

What options do I have as a seller?

To get started easily, many sellers start off using a payment provider like Paypal or Paymate as an alternative to setting up a merchant account and payment gateway combination. The advantage of these types of solutions are simplicity, but the disadvantage are that they do not pay your funds directly into your bank account and you have to transfer the money over manually - with a time delay while the money clears in your account and sometimes incurring additional fees from the payment provider or bank.

Getting started with payment gateways usually involves shopping around for the best solution for the business' individual needs as each gateway and merchant services package offer different levels of fees usually depending on the number of transactions completed in a month. We suggest that you shop around as the markets in Australia and New Zealand are very competitive and you may be able to get a favourable deal for your business.

If you already have a merchant account for your physical store to process Eftpos transactions, a service like e-path might be favourable to your business. These services often do not charge transaction fees and just a flat monthly or annual fee. To customers, transactions appear to process just like a real-time payment gateway but are actually processed manually by the seller after the sale is made.

PCI DSS and PA DSS compliance

You may have heard of terms like PCI DSS compliance or PA DSS compliance. These terms refer to security standards set by card providers like Visa and MasterCard that all merchants, shopping cart providers and payment gateways must adhere to. Not complying is like driving your car without insurance - not recommended as the results can be dire if something goes wrong!

At Osc Works, we keep our servers in a PCI DSS compliant state and have this externally audited every quarter by internationally recognised security authority, Comodo. Scanning is only one part of compliance: we also adhere to PCI DSS rules and best practices for security (e.g. password lengths, not writing down credit card information, destroying secure and private information, having a privacy policy and physical security measures etc) so that our business can be certified as PCI compliant.

PA DSS compliance is a new set of rules that came into effect on 1 July 2010 which affect the collection of credit card information and the way the software physically processes this information. Ozcart is a hosted solution so is defined as a SaaS application under the PA-DSS standards. This means that Ozcart is PA-DSS compliant without requiring any specific certification. We are PCI-DSS certified and quarterly audited by a recognised international security company called Comodo.

What payment gateways does Ozcart support?

What other payment methods can you accept with Ozcart?

Where can I start looking for a merchant account?