Payment Gateway

The behind-the-scenes facilitator of real time credit card validation and processing.
payment gateway at work

Credit card payments offer great convenience for shoppers by eliminating the need for keeping cash-on-hand. One can make a payment now and pay later when the monthly bill arrives. Enabling these transactions is an information system/network called a payment gateway.


A Payment Gateway is the server which connects your website, mobile app, cash register with the one or more payment switches (or processor network). It lets your website, mobile app, mPOS or cash register know whether a charge is approved by the cardholder's bank and then submits your charges for settlement. Payment gateways enable online transfer of money by communicating with different parties involved in the transaction. They have become an essential part of our online world, from online shopping to utility bill payments, to charity givings, a payment gateway help us in many ways.


Lets understand how a payment gateway works by considering a typical credit card transaction.

A credit card transaction involves six entities

  1. The cardholder
  2. Issuing bank i.e. the bank that issued the credit card to the customer
  3. Card Brands & Card Schemes like Visa, Mastercard , Amex
  4. Merchant’s Bank
  5. Merchant i.e Shop, e-commerce website etc
  6. Payment Gateway which provides connectivity to payments network

The cardholder goes to a merchant, buys a product or service and pays using credit card on POS system or buys a product online. From swiping of the card (or using card online) to approval it takes roughly three seconds and a payment gateway does all the work. It sends instructions to deduct dollars from the swipe machine (or the e-commerce site) to the merchant’s bank, then to the card company and finally to the issuing bank. The issuing bank then checks the credit limit of the card holder and accordingly accepts or declines and sends the instructions back to the card company, then to the merchant bank and finally the merchant. All transactions are settled into merchant’s bank account, mostly at end of the day or the next day and at the end of the month the card holder gets a bill.

Information Flow

The above process can be summarized in three simple steps:

  1. Authorization
  2. Capture
  3. Settlement

Authorization - When you swipe a card or click the submit button, the payment gateway manages the process of confirming with your issuing bank if you have sufficient funds available for the purchase.

Capture - After verifying that the funds are available, a hold is placed on the money this is called capture and the merchant can ship the goods. Although the merchant does not yet have his money yet, but he is confident that he will receive the funds as they have been captured.

Settlement - Settlement is the process of the final transfer of money to the merchant and is accomplished in one business day. During settlement, the card issuing bank and the merchant bank connect with each other. The payment gateway aggregates the daily transaction details from the issuing bank and sends them to merchant bank, the payment network then handles the settlement and the money are transferred to the merchant's bank account.  The issuing bank charges the bill amount to the buyer and the charge appears on his credit card statement.



Development of Payment Gateway started around 1995-1996 and there were multiple companies that were working simultaneously to come out with a stable product. One name that is often mentioned in connection with the invention of payment gateway is Jeff Knowles of, who got the inspiration out of a necessity to provide a PC based payment processing solution for his clients. The first version designed by him had to be fed data manually and it took hours to process. He next created a merchant interface, an API and an encryption method for merchants enabling them to send transactions over the internet.


Payment gateways can be broadly classified in two categories: Hosted and Integrated

  1. Hosted : The user is redirected away from your website to a securely hosted page; and back once the payment is made.
  2. Integrated: User is able to enter card details without leaving your website, via API requests.

Choosing the right payment gateway


One needs to consider several factors while choosing a payment gateway for one’s business or non-profit. Below we have compiled some of the basic attributes, in order of their importance, that you need to consider before zeroing on a particular provider.


Data security is of utmost importance for a payment gateway and a level one PCI-DSS compliance is the surest way of ensuring that your customer’s data is processed securely and that there are no security breaches.

Business Requirements

Do you require to process one-off or recurring payments or both? How do you want to accept payments either through credit cards or direct debits or both? Is the payment gateway compatible with the ecommerce platform you are using? Do you want the payment form hosted on your server or on the server of the provider? Tip: Hosting on a provider’s server can take the compliance load off your shoulders. Does your provider accept all kinds of cards Visa, Mastercard, Amex etc?


If you plan to grow to other markets, does your provider allow you to deal in those currencies, in those territories with their banks.

Reputation and Credibility

Ask your payment gateway provider to make available the list of small clients (not their big clients). Call these people to check if they are satisfied with the services.


When it comes to choosing a payment gateway, carefully study the terms and conditions of the provider to see if they bound you to a certain contract period so that you cannot switch to another payment provider if you are not satisfied with the provider’s services.


Does the provider gives you access to real-time reporting with details of failed transactions etc. so that you can take informed decisions on time.


One needs to compare all the costs involved, both fixed and variable to find out both the highest costing and lowest costing provider. Then compare the features the two provide. Do the features provided by the highest priced provider justify their costs, are these features important to you? If yes, find out which other providers in-between provide similar features.

Card Intelligence

This important feature of a payment gateway is able to detect patterns based on analysis of processed card numbers, which helps merchants make timely informed decisions. Specifically, the payment gateway is able to provide important information about a particular card using the first nine digits of the sixteen digit credit card number. The information can be the location where the card was issued, the bank which issued the card, the type of card; regular, gift, pre-paid etc.

We hope the above information will enable you to make smart decision in choosing payment gateway for your business or non-profit.


Payment gateways are used in the following sectors for accepting one-off or regular payments

  1. E-commerce websites
  2. Non-profits for accepting donations online.
  3. Utility companies for accepting regular bill payments.
  4. Companies using Xero cloud accounting software for accepting payments through pay button on the invoice.
  5. Finance companies to set up instalment payments from their clients.
  6. Membership clubs for accepting recurring membership fees from their members.

Payment Gateways along with the supporting banking networks form the backbone of the cashless economy. Apart from all the high level benefits of digital transactions, they provide the following advantages at the user level.

  1. Credit card processing & validation in real time
  2. Works from a simple browser with no special deployment at the user end
  3. Transparent transactions with funds deposited directly into bank accounts
  4. Auto generated reports

Payment Gateway performance's can be judged by three important metrics; Processing Speed, Success Rate and Decline Rate. Also, one needs to ascertain how a payment gateway responds to ID thefts, rising transaction volumes, sensitive information leaks, chargebacks, holding payments and technical glitches.

  1. Interchange Reimbursement Fee - Fee charged by the card issuing bank, primarily for providing the authorization/settlement infrastructure. Forms the largest component, 70-80% of the total fee.
  2. Assessment Fee - Fee charged by the payment card companies for routing of information to the individual card issuing banks and for use of Stand-in-processing, in case the card issuing bank is unavailable to authorize the transaction. Forms 2-5% of the total fee.
  3. Processing Fee - Fee charged by the merchant acquiring bank for transmitting authorization requests, settlement information and ensuring integrity of the transaction. Forms about 1-2% of the total fee component.

Term used for debiting a merchant's bank account with the amount of a transaction that has previously been credited. If a user notices that a merchant is not following rules stipulated by Visa or Mastercard or a particular transaction was not made with a user's consent or goods purchased online don't arrive even after a significant time has passed, the user can then complain to the card issuing bank, who then issues a chargeback request to the acquiring bank. The acquiring bank, where merchant holds the account, asks him to adequately prove that the allegation made on him is wrong or that a particular transaction was indeed made by the user or that the goods were shipped by him. A failure to prove the same will go against the merchant and the charge back dispute will be settled in favor of the user. The Acquiring bank then gives the money back to the issuing bank.


Payment Gateways use advanced tools for fraud prevention, some of them are as follows:

  1. Dynamic Scanning - detects fraudulent characteristics in transactions.
  2. Proxy Piercing and Geolocation - determines the IP address of a user device engaged in an online transaction and pinpoints the transactions origin in real time.
  3. Country Bin Blocking - Blocking cards issued in a specific country.
  4. Card and Card Range Black Listing - Black listing cards of particular serial numbers.
  5. Transaction Rules - Setting daily and monthly transaction limits and blocking them when thresholds are reached.

The Payment Card Industry Data Security Standard or PCI-DSS is a global standard that sets guidelines for organizations to handle their payments. It is mandatory for payment gateways to get themselves audited for PCI-DSS every year. The requirements laid down by the standard are as follows:

  1. Maintain a policy that addresses information security.
  2. Install and maintain a firewall configuration to protect cardholder data.
  3. Develop and maintain secure systems and applications.
  4. Track and monitor all access to network resources and cardholder data
  5. Encrypt transmission of cardholder data across open, public networks.
  6.  Use and regularly update anti-virus software on all systems commonly affected by malware.
  7. Regularly test security systems and processes.

Flo2Cash, established in 2003, provides online payment gateway services to all kinds of businesses and non-profits. From small mom and pop businesses to big banks, it has become the preferred payment gateway provider for thousands of organizations, processing millions in transactions every month.

The services are client focused with minimum inputs required from them. No IT support is required and they are not required to go to a bank (all transactions are bank approved)

Flo2Cash is level one PCI-DSS certified, uses highest level of security, encryption and is bank approved. The fully compliant solution is kept up-to date with ever changing regulations, policies and procedures about collecting payments so that you don’t have to worry about being compliant. You can accept payments either through credit card or direct debit. For Direct Debits, we issue unique authority codes to businesses which enables un-interrupted payment processing. We use card tokenization for processing recurring payments so that businesses can safely store card details with us without worrying about security and compliance. Also, we are versatile online payment gateway that can be easily integrated to an internal app or a third party CRM.

We are the preferred website credit card processing company in New Zealand accepting payments through Mastercard and VISA. It also supports verified by VISA and Master secure-code (3D secure) which once enabled shifts all the charge-back liabilities away from you. We employ state-of-the-art fraud prevention tools that protects businesses from chargebacks, detect sudden pattern change in incoming payments, set transaction limits and block credit or debit card transactions for an individual or range of cards.

The client dashboard gives you access to valuable reports on time enabling you to make smart decisions quickly. Reports include dishonor reports, card expiry reports, detailed transactions list etc.

The payment gateway can be easily integrated, through a plugin, with some of the popular shopping carts for example

  1. Magento
  2. WordPress
  3. Opencart
  4. Drupal
  5. Joomla
  6. Prestashop
  7. Storbie

For integration guides related the above options, please visit our payment technology website. For APIs and other developer docs, please visit our developer section.

For more information, please get in touch with our sales rep on 800356222


For more information on Payment Gateways, visit our Blog.