Payment Gateway Integration.
A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.A customer places an order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service.
If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's webserver. In between other methods, this may be done via SSL (Secure Socket Layer) encryption. The payment gateway may allow transaction data to be sent directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces the merchant's Payment Card Industry Data Security Standard (PCI DSS) compliance obligations without redirecting the customer away from the website
The merchant then forwards the transaction details to their payment gateway. This is another (SSL) encrypted connection to the payment server hosted by the payment gateway.
The payment processor forwards the transaction information to the card association (I.e.: Visa/MasterCard/American Express). If an American Express or Discover Card was used, then the card association also acts as the issuing bank and directly provides a response of approved or declined to the payment gateway. Otherwise [e.g.: MasterCard or Visa card was used], the card association routes the transaction to the correct card issuing bank.
The merchant then fulfills the order and the above process can be repeated but this time to "Clear" the authorization by consummating the transaction. Typically, the "Clear" is initiated only after the merchant has fulfilled the transaction (I.e. shipped the order). This results in the issuing bank 'clearing' the 'auth' (I.e. moves auth-hold to a debit) and prepares them to settle with the merchant acquiring bank.
The processor forwards the authorization response to the payment gateway.