Payment Gateway FAQ

  1. What is a payment processing gateway?
  2. How is a credit card transaction processed?
  3. How is a payment processing gateway integrated to a merchant website?
  4. What is SSL?
  5. What is AVS?
  6. Can merchants process international transactions?
  7. Can multiple merchant accounts be accommodated on the payment processing gateway?
  8. Can international and US merchant accounts both be accommodated on the payment processing gateway at the same time?
  9. What is CCV?
  10. What tools are available for controlling fraudulent transactions?
  11. Is multi-currency processing supported?
  12. What is PCI?
  13. What Payment Card Industry Security Standards Council?
  14. Do organizations using third-party processors have to be PCI compliant?
  15. Does an SSL certificate mean a business is PCI compliant?
  16. What are the penalties for noncompliance?
  17. What is cardholder data?
  18. What is a network security scan?
  19. Is PCI compliance a one-time requirement?
  20. Are all merchants required to comply with the PCI DSS?
  21. What is a data compromise?

 

  1. What is a payment processing gateway?
    A payment processing gateway is the secure network connecting a website to the secure financial networks through which credit card and other electronic transactions are sent and received. Payment gateways can be used for internet, MOTO, and manual payment processing.

  2. How is a credit card transaction processed?
    The payment gateway passes the transaction securely to merchant bank’s processor which routes it to the customer’s issuing bank. The issuing bank approves or declines the transaction based on the customer’s available balance and passes the transaction results back to the payment gateway via the merchant bank’s processor. The payment gateway sends the transaction results to the customer and the merchant. The credit card funds are sent to the to the merchant account acquiring bank, which then deposits funds into the merchant’s depository bank account.

  3. How is a payment processing gateway integrated to a merchant website? 
    Most merchants use an Application Program Interface (API) which enables merchants to host their own secure payment form and send transactions to the payment gateway using end-to-end Secure Sockets Layer (SSL) connection.

  4. What is SSL?
    The Secure Sockets Layer (SSL) protocol has become the universal standard on the web for authenticating sites and for encrypting communications between users and web servers. An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet. Users can confidently send private data, such as credit card numbers, to a website, trusting that SSL keeps it private and confidential.

  5. What is AVS?
    Address Verification Service (AVS), a credit card verification system that compares the billing address information provided by the customer with the billing address on file at the customer’s credit card issuing bank. While AVS is somewhat helpful against fraudulent transactions, it is s not intended for use as absolute protection. Other payment processing gateway tools are available to protect from fraud.

  6. Can merchants process international transactions?
    Yes.

  7. Can multiple merchant accounts be accommodated on the payment processing gateway?
    Yes. Multiple merchant accounts can be dynamically configured and automatically load balanced on the gateway. Central control of all accounts streamlines management and simplifies reconciliation on all accounts.

  8. Can international and US merchant accounts both be accommodated on the payment processing gateway at the same time?
    Yes.

  9. What is CCV?
    Card Code Verification, or CCV, is a payment gateway feature that can be enabled to verify the card code submitted by the customer with the card-issuing bank. The card code is a three- or four-digit code assigned to a customer’s credit card number. This number is found either on the back of the card or on the front of the card at the end of the credit card number.

  10. What tools are available for controlling fraudulent transactions?
    Advanced fraud fighting tools are designed to detect and prevent detection suspicious transactions. Based on extensive research and transaction behaviour analysis, these weapons can be used to implement a flexible, rules-based fraud prevention solution customized to meet unique transaction processing needs.

  11. Is multi-currency processing supported?
    Yes. Payment processing is available in all major world currencies.

  12. What is PCI?
    The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements created to ensure that all merchants process, store or transmit credit card information maintain a secure environment. For PCI standards see:
    https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

  13. What Payment Card Industry Security Standards Council?
    The Payment Card Industry Security Standards Council (PCI SSC) manages the ongoing evolution of the Payment Card Industry (PCI) security standards with the goal of improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC , an independent body that was created by the major payment card brands. The payment brands and acquirers are responsible for enforcing compliance,

  14. Do organizations using third-party processors have to be PCI compliant?
    Using a third-party processor helps reduce risk exposure and decreases the work necessary to comply. But, businesses must be sure all parts of their business are PCI compliant.

  15. Does an SSL certificate mean a business is PCI compliant?
    Absolutely not. SSL certificates are simply one level of customer security required by PCI.

  16. What are the penalties for noncompliance?
    The payment brands can fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks pass fines on to the processors and merchants. Banks can terminate merchant accounts for companies that are not in PCI compliance.

  17. What is cardholder data?
    Cardholder data is any personally identifiable data associated with a cardholder. Examples include: account number, expiration date, name, address, social security numbers, and any other customer identification information.

  18. What is a network security scan?
    A network security scan is a tool that checks systems for vulnerabilities. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company's private network.

  19. Is PCI compliance a one-time requirement?
    No. PCI DSS compliance is an ongoing process. Validation actions vary depending on the actual number of transactions you process. However, the credit card associations require all merchants to comply with PCI DSS at all times.

  20. Are all merchants required to comply with the PCI DSS?
    Yes. All merchants that store, process, or transmit cardholder data must comply with the PCI DSS. The requirements apply to all acceptance channels including retail (brick-and-mortar), mail/telephone order (MOTO) and e-commerce. Validation requirements vary depending on the number of transactions an entity processes.

  21. What is a data compromise
    A data compromise is an incident involving the electronic or physical breach of cardholder data through the communication and/or information processing of the merchant/third party. Electronic breaches include data vulnerability in transit and storage; attacks via websites or servers, private key mismanagement, access related to user ID or password, and administrative network performance problems. Physical breaches include theft of documents or equipment such as receipts, files, PCs, or POS terminals. Skimming breaches are actually a hybrid of both a physical and electronic breach as the perpetrator takes possession of the card, steals the magnetic stripe data and returns the card to the cardholder.

 

Contact Us