Payment Gateway Vs. Merchant Account Explained

Selecting the right online payment gateway is the first step to success for any business or organisation taking digital payments. Customers want a fast, seamless and secure process when making credit or debit card payments and the payment gateway is what facilitates that.

With new payment methods increasing in popularity, merchants also need capabilities that will benefit a wider customer-base. These can include Alternative Payment Methods (APM) such as Apple, Android or Samsung Pay, as well as any country or region-specific APMs that your customers use.

A common confusion our payments experts are often asked to clarify is the difference between payment gateways and merchant accounts. Are they one and the same, and can you have one without the other? In this post we provide some clarity as well as answers other common questions about each payment facilitator.

What is a Payment Gateway?

Online payment gateways act and perform the same tasks as in-store Point of Sale (POS) terminals. Both send information through the same systems to a complex payments ecosystem making transactions possible across thousands of miles. Merchants aren’t allowed to collect and send customer card and other payment details to payment processors and merchant banks directly; a payment gateway acts as a go-between.

Card or other payment details are taken, including the amount being charged. This data is securely sent through the gateway, sent via card schemes, processed, verification occurs, and then transmitted securely to the merchant. Issuing banks are also informed, to transmit funds from the customer accounts to a merchant account or payment processor that may include a merchant account.

When selecting a payment gateway, merchants always need to weigh the difficult balancing act between speed and security. Customers expect a high level of security yet at the same time want fast and convenient payment processes.

Second-stage authentication, such as those provided by Verified by Visa and MasterCard SecureCode are familiar experiences when shopping online. However, every additional step in the payment process can be a friction point that could result in an abandoned shopping basket; therefore getting the balance between security and convenience is key. An effective payment gateway is one that is optimised for the smooth, friction free customer journey, with security seamlessly built in to protect customers and merchants against fraud and other risks.

Payment Gateways Can Reduce PCI Compliance Scope

Now more than ever security should be front of mind with merchants and payment companies. Card schemes and banks already place the compliance burden largely on merchants. With GDPR (General Data Protection Regulation) coming into force in May 2018, retailers and any organisation that handles sensitive customer data need to take even more care.

Working with a payment gateway that is PCI DSS-Level 1 compliant (the highest standard possible), removes much of consumers’ sensitive data – including payment card details – out of the merchant environment. This can have a positive impact on compliance costs, as well as reducing the risk of data breaches and cyber crime.

What is a Merchant Account?

Some payment gateways or processors – the services that operate behind gateways and make the ecosystem work – include merchant accounts as part of the service.

Merchant accounts operate in a similar way to normal deposit bank account. Money comes in from issuing banks once authentication takes place, and the issuing bank confirms the customer has the funds. Money can then be withdrawn into business accounts. Retailers and organisations that handle online or in-store payments tend to think of merchant accounts as holding tanks for payments taken.

To accept card payments (credit or debit cards) online retailers and organisations must have a merchant account. This enables a reciprocal arrangement of credit whereby the card company extends credit to the consumer, and the acquirer (an FSI that provides the merchant account) extends credit to the merchant.

As best practice it is helpful to keep some funds in that account in case of refunds and to cover any incidences of ‘friendly fraud’. Most refunds or cases of fraud take place within 30 days of a purchase, so for cashflow it can be useful to retain one month’s takings in that account. However, depending on the type of merchant account you have – aggregate or dedicated – businesses don’t always control when funds are released.

In some cases, you control when funds are released into a business account. You may have this control with a dedicated merchant account. Whereas with aggregate accounts – when your funds are pooled with other merchants, they are usually released on a schedule, either weekly, bi-weekly or monthly. Schedules can often be negotiated at the start of any relationship, so be sure to ask.

Businesses wanting to take online payments usually need both – a payment getaway and merchant account – provided through a payment services provider. Some providers can offer both these services, others may be able to advise you on the best independent provider for the services you require.

If your business or organisation is just getting started with online payments you may also like to read this post about the common payment issues merchants can face. Get up to speed now and you can potentially avoid these problems further down the line.