If you want to implement your own omni-channel payment gateway solution, then this document is definitely for you. It provides all the essential guidelines on payment gateway solution implementation. Unfortunately, most people underestimate the complexity involved in setting up their own payment gateway solutions. So, with these guidelines, we will try to simplify the gateway implementation task for businesses.
To make it easier to navigate through the variety of challenges, we have grouped the key issues into three major parts. In our guidelines, we briefly address each of the issues and provide references to resources relevant to each section. If you need more information on some specific subject, you can find it in the respective source.
The sections focus on the following aspects:
Requirements and challenges Here we review regulatory requirements and some of the common challenges that the company might experience.
Necessary features Here we review the key features that most companies need. So, you can decide which ones are important in the context of your search for the gateway.
Available models and strategies Here we discuss the common ways that allow you to implement your own payment gateway solution. We start with lower-cost lower-control lower-liability options and move on to the higher-cost full-control and full-liability options.
Requirements and challenges of omni-channel payment gateway implementation
As a company accepting credit card payments, you have to ensure sensitive cardholder data security according to PCI DSS compliance requirements. PCI compliance standards (PCI DSS) are intended to minimize the possibilities and risks of payment card data compromising.
The key requirements of the latest PCI compliance standard editions are as follows.
- Cryptographic protection of transmitted cardholder data (CHD) and usage of PCI DSS compliant data centers. Keep in mind that not all data centers are PCI compliant.
- Strict access authentication and user identification. Specific requirements concern: stronger passwords and two-factor authentication, access history logs, and frequency changes.
- Restriction of physical access to sensitive card holder data.
- Testing of security systems and processes.
- Implementation of adequate security programs and policies.
Common cryptographic protection in accordance with industry standards is point-to-point encryption and tokenization. If you need to store credit card data (for instance, for recurring billing purposes), then you definitely need a tokenization solution. Tokenization can be performed by a special hardware security module (HSM) or by a third-party service provider.
The costs associated with PCI DSS compliance will vary depending on your PCI compliance level (from 1 to 4). The level is defined by the number of transactions and payment amounts you process on a monthly basis. A level 4 business only has to complete a short self-assessment questionnaire form (SAQ). However, companies of higher levels should go through annual PCI audits, costing up to $50,000. Payment for third-party tokenization or HSM encryption of CHD is another important cost item, besides PCI audit.
A common misconception shared by many prospective merchants is that to accept electronic payments they only need a payment gateway. In reality, however, the most important partnership to build is not a gateway but an acquiring bank partnership.
An acquiring bank provides you with a point of entry into the international banking system. It also underwrites you as a merchant and assumes liability for your operations. So, the first question you need to answer is, “who is your acquirer?”
Your integration process will vary depending on the acquiring bank you partner with, as well as the specifications you receive from that acquiring bank. The acquiring bank should support all your target MCC codes, geographies, currencies, payment methods, and other features. Your choice of and integration with the payment gateway will also largely depend on your chosen acquirer.
Not all acquirers are willing to “take you onboard” and provide all the functionality you need.
Indeed, sometimes, acquirers are reluctant to underwrite merchants, especially startup ones. The most common reasons are as follows.
- A merchant has low expected processing volumes, so the acquirer’s potential revenue looks too small.
- A merchant has no processing history.
- A merchant represents a high-risk MCC (industry) with high probability of chargebacks.
- A merchant comes from a geography, where the acquirer has no physical presence. An acquirer considers such geographies to be high-risk ones.
An option for a smaller business, that cannot find an acquirer to underwrite it, is to operate through a PayFac or PSP. We will provide more information on payment facilitators (PayFacs) in subsequent sections of these guidelines.
Certification procedures that you have to go through will depend on your target features. These are, usually, focused on payment types and methods you want your solution to support.
Specific processes, particularly those related to the usage of payment terminals and/or SoftPOS systems, require separate additional certifications. The certifications might belong to different conceptual levels. For instance, certification might signify that the integration process has been appropriately performed. Implementation of a payment terminal solution calls for separate certification. If you partner with local banks in your target geographies, you might have to get certified by these banks. The details of such certifications will depend on the requirements to service providers or PayFacs, specific to the given geography.
You should remember that certifications often have unclear time frames and tend to take a long time to complete. Besides that, certification of each new integration, feature, or partnership has its cost. That is why it makes sense to analyze all legal matters associated with the certification process in advance. Thus, you will be able to define your budget and accurately estimate the time of the rollout.
For instance, if you want the solution to be truly omni-channel, then it should support both card-present and card-not-present (CNP) payments. These features call for server certification and payment terminal certification. These processes might take considerable time, as project assignment is a long process itself (even if development does not take long). Most payment cards nowadays are equipped with an EMV chip. So, you might have to go through EMV certification, for which you will need some EMV toolkit. Another potential additional cost!
To accept card-present payments, you will need a payment terminal solution. So, you have to think about payment terminal fulfillment and injection with respective terminal management systems. Finally, to handle mobile and in-app payments (including those made through SoftPOS), you will also require the respective functionality.
Naturally, all the listed features should be accordingly certified by the providers.
Important omni-channel payment gateway features
There are plenty of gateway offerings at the market. Your company should be able to choose the gateway solution, which covers its business needs at a reasonable cost. You wouldn’t want to pay extra for unnecessary features, right?
The problem is that, first and foremost, you communicate with the representatives of your potential gateway partner’s sales department. The salespeople are not always able to grasp all the technical aspects of the future partnership. That is why you need to understand clearly, which features are critical. Only if you have this understanding, you can see, whether the offering under consideration supports the target features. For instance: does the solution have the respective API; does it provide the required specifications and forms? An average salesperson might not be able to give detailed answers to these important questions.
So, let us outline the critical payment gateway features you might need, depending on the type of business you represent.
Card-not-present (CNP) payments
If you are an e-commerce website, then just the basic online payment functionality might be sufficient. In some cases, you might need credit card data storage function (especially, if your customers make repeat purchases). The key relevant features might include
- API for payment processing;
- Potentially, plugins of shopping cart platforms or services you are using;
- Credit card tokenization service (or appliance);
- Hosted payment pages;
- 3D secure support;
- Online payment fraud monitoring tools;
- Management of chargeback and refunds.
If you are dealing with retail businesses or retail situations, having card-present payment functionality is almost always necessary. For instance, nowadays, even artisans, plumbers, and personal coaches need to accept card-present payments. So, if you are working with such types of merchants, you will have to add the respective key features. Particularly, you will need to implement EMV payment terminal solutions. Also, you might need to support SoftPOS and mobile payment processing features. The key relevant features will include:
Batch file processing
This group of features is especially relevant for utility companies, insurance companies, and health and fitness clubs. These entities accept bill payments as well as recurring payments. (In this subsection, we assume that subscriptions are managed by the submitting platform or payment system). In addition to the listed CNP features, subscription-based companies need the logic for batch file processing. So, the key features will include:
Hosted recurring billing
This group of features is relevant for recurring billing systems (similar to the businesses from the previous section). In this subsection, however, we address the companies whose system of record should include a billing component. Therefore, they have to outsource the billing and subscription management to a third party. So, the respective gateway solution should be complete with a recurring billing engine (such as UniBill) and subscription management logic. Consequently, the relevant features will include:
- Payment plan management;
- Subscription management;
- Customer management;
- Recurring billing API;
- Management of various types of payment plans and subscription packages.
This feature is particularly relevant for large SaaS or PayFac platforms and PSPs (servicing PayFacs and SaaS companies). Examples include shopping cart, CRM, accounting, and web publishing platforms (such as Tilda or Wix). Does your business belong to a similar category? Well, then your gateway solution should probably, support the key functions related to merchant lifecycle. These include:
- Automated merchant onboarding;
- Merchant underwriting;
- Background verification and KYC logic;
- Remittance of funds;
- Payment reconciliation.
Key payment methods
Nowadays, in addition to traditional credit cards and bank transfers, there are many other payment forms. They include digital wallets, crypto currencies, and other payment mediums. Ideally, the more payment methods you support, the better. However, the solution which seems to be the most suitable one, does not necessarily support all your target payment means. That is why, you should carefully analyze the available solutions from this standpoint. Your analysis can be based, for example, on the payment methods used by your target customer base. For example, if your customers are mostly older people, they will prefer credit card payments. If you address younger customer segment, then you might want to support e-wallets and crypto payments.
In this subsection we will address the major payment forms and explain the key aspects, related to them.
Credit card and debit networks
Most people associate payment cards with major credit card networks (Visa, MC, Amex, Discover, and others). In addition to them, debit networks also play an important role. In some countries, such as the US, the usage of debit networks allows businesses to reduce payment processing costs. In some other countries support for debit networks (such as Interac in Canada and Mada in Saudi Arabia) is the key aspect. That is why you need to consider your potential gateway partner’s ability to support debit networks (in addition to major credit card brands).
You should also pay particular attention at payment settlement in local networks and currencies of your target geographies.
In essence, direct debit payments are bank transfers using a local payment system. The most well-known examples include NACHA in the US, SEPA in Europe, and BACS in the UK. These systems are rarely used for online transactions, they are a common means of recurring and bill payments.
If direct debit processing is important for you, then you might have to partner with some local bank. You might be required to open an account there, and register a business in your target geography. If you only need to process credit cards, then you won’t necessarily have to register a business locally. However, for direct debit payments this step might be unavoidable.
As fraud levels increase, people are more and more hesitant to give out their credit card data online. Major e-wallets provide both fraud protection and convenience, especially when it comes to card-present payments. If e-wallet payments are relevant for your business and its customers, you should look for ways to support them.
Examples of popular e-wallets include Apple Pay, Google Pay, PayPal, WeChat. Integration with Apple Pay and Google Pay is done through your acquirer. In the case of PayPal, you might choose an integration through an acquirer or work with PayPal directly.
Crypto payments are rapidly gaining popularity. Not every solution is able to support cryptocurrencies. However, for many businesses cryptocurrency support is an important aspect.
As of now, the key blockchains include Bitcoin, Ethereum, BSC, Polygon, Avalanche, and Fantom. It is important to define, which currencies you intend to support. Many businesses might be unwilling to accept payments in crypto, because it is an extremely volatile and risky asset. However, presently, special cryptocurrencies, called, stablecoins are becoming increasingly popular as an investment and payment vehicle. The price of stablecoins is pegged to conventional currency rates and, thus, they are less prone to fluctuations.
Not all blockchains support stablecoin transactions. For instance, Bitcoin blockchain mostly supports Bitcoin payments and not stablecoins. Ethereum blockchain, built on Ethereum Virtual Machine, does support many stablecoins. On the other hand, just like Visa/MC transaction, each transaction on blockchain has its price. On some blockchains, such as, again, Ethereum, transaction fees are rather high. So, it makes sense to process only large-amount transactions on this blockchain.
Fantom, Polygon, and Avalanche blockchains charge lower per-transaction fees than Ethereum. However, it might be problematic to convert crypto to fiat if you operate through these blockchains.
There are two mechanisms of crypto to fiat conversion: a crypto card or a special brokerage service. Transferring specific cryptocurrency to a card or broker (on a specific blockchain) might also be a problem. Reason: not all present-day brokers support transfers of stablecoins from all blockchains. In fact, major blockchains support only transfers performed in some specific currency. Examples include Ether for Ethereum, BNB for BSC, Avax for Avalanche, Matic for Polygon. So, most brokers support only transfers of these particular blockchain-specific currencies to their wallets.
BSC has its own stock exchange, supporting multiple currencies, including stablecoins. This simplifies transfer and conversion operations.
Omni-channel payment gateway implementation: models and strategies
Your choice of the most suitable payment gateway solution model depends on several factors. The business model of your company, as well as your transaction volume, are, probably, the definitive factors in this context.
So, in this section we will focus on the key models and strategies of payment gateway solution implementation. Conceptually, the models differ from each other according to three aspects, which you can address in-house or outsource. They are:
Infrastructure, maintenance, and support
Like we said, you can either delegate each of these aspects to a third party, or take it “in-house”. To a large extent, this choice defines the amount of resources, efforts, control, and liability, associated with each model.
Well, now we are ready to take a closer look at each of the models.
A custom payment gateway solution built from scratch
Custom solutions built from scratch are suitable for large companies that do not want to delegate any of their operations. Choosing this option, you get unlimited control over development and all the processes. Plus, you don’t have to pay any gateway fees.
If you choose this model, you have to address all the three critical aspects – infrastructure, development, and operations – in-house. That is why, building a gateway solution from scratch is a time-consuming and labor-intensive process. It also involves large costs related to development, maintenance etc. So, the savings from elimination of gateway fees should offset these development, implementation and maintenance costs.
If you outsource development process to a third-party, you also delegate a certain amount of control. So, the whole project becomes more risky and costly.
Gateway fees, constitute approximately 1-2% of processed transaction amounts. The cost of building a gateway solution from scratch amounts to several hundred thousand dollars. So, your company should have at least eight-digit processing volume in order for the solution to make financial sense.
Additionally, building your own payment gateway solution requires particular skills and experience from your personnel. The employees must be able to work with payment equipment, such as EMV payment terminals (and TMS) and encryption appliances, (such as HSM).
To summarize, the key challenges of this model are low predictability, unclear time frames, high risks and upfront costs. Its key advantages are full control and unlimited customizability.
A licensable open-source payment gateway solution
In comparison to a custom solution, implementation of a licensed payment gateway solution requires much less effort. It also costs less and allows you to delegate the responsibility for hosting and compliance to the license provider. Essentially, you implement a ready-made off-the-shelf payment gateway software product, and customize it according to your specific needs. If you choose a licensed solution (such as UniPay Gateway), you implement it “on top of” your own infrastructure and operations. You are in full control of these two aspects. At the same time, in most cases, you outsource development process to the license provider’s team.
A licensed solution is an optimal model for companies that
- have large processing volumes
- want to minimize the risks
- do not want to get involved in full-scale development process.
Customization, integration, and certification do take time and require upfront costs. But these expenses are much lower than those associated with building a custom solution from scratch. At the same time, your most beneficial reward is almost unlimited potential for customization.
A white-label payment gateway solution
A white-label payment gateway solution has the lowest cost among all available options. It is also associated with the lowest responsibility and control levels. If you choose a white-label payment gateway option, you outsource gateway infrastructure and development to the third party. At the same time, your core operations still belong at the local level.
A white-label solution is suitable for you if you are a smaller-size company. Such a company usually cannot afford significant upfront investments and/or spend considerable time on development. At the same time, it might have just a basic set of payment handling needs. So, its primary tactic objective is to boost its image as a gateway service provider in the eyes of its customers.
A white-label solution takes little time to implement and costs less than other options. Moreover, as your business grows, you can upgrade a white-label solution to a licensed version when the time is right. For instance, UniPay Gateway technology is available in both hosted and licensable versions.
Modifications of white-label payment gateway solutions; PayFac and PaaS models
White-label payment gateway solutions come in different flavors. Some businesses (such as software companies) do not strive to control the payment experience. However, many of them do want to get some residual revenue from payment processing and provide brandable payment solutions. So, they can choose the model similar to the above-mentioned white-label payment gateway option. At the same time, they often choose to outsource such aspects as merchant onboarding, underwriting, fraud prevention, etc. These functions are, usually performed by the respective white-label service provider.
In this context, we can mention the payment facilitator (PayFac) and payment-as-service (PaaS) models. These models are suitable for software companies that do not want to become full-fledged payment service providers.
Payment Facilitator (PayFac) model
A PayFac is, essentially, an entity that services a portfolio of sub-merchants on behalf of an acquiring bank. So, a crucial feature of a white-label PayFac gateway is its ability to automatically support sub-merchant life-cycle. Its basic phases include merchant underwriting and onboarding, sub-merchant funding, and payment reconciliation.
Some companies that want to make money on payment services find the PayFac model too challenging to implement. These companies often resort to payment-as-service or PaaS model. While PayFacs keep the operations in-house (outsourcing gateway infrastructure and development), PaaS companies outsource infrastructure, development, and operations. PaaS companies and the so-called white-label PayFacs, usually operate under the umbrella of a larger PayFac or PSP. At the same time, they can still brand their payment pages and obtain some revenues from payment services.
PayFac and PaaS models are suitable for companies already servicing large portfolios of customers. Examples include SaaS companies, franchisors, venture capital companies, and online marketplace owners. Does your business belong to one of the listed categories? Well, then you have a good chance of getting additional revenue from payment services. All you need to invest is a small effort at a relatively low cost.
Are you thinking of an omni-channel payment gateway solution that is the most suitable one for your business model?
Your choice of an optimal gateway solution will depend on your processing volume, available resources, and required degree of control over the process. The more complex model you choose, the more time it takes to implement it. Your optimal model is an optimal balance between features you control and features you outsource. It makes sense to take into account the potential learning curve for your personnel in this new endeavor.
So, in some cases, it makes sense to start with a low-control model (such as a white-label payment gateway). Later on, as your business grows, you can progress to more complex (and easily customizable) options. Your final step along this path might be licensing of your own payment gateway solution.
Feel free to take a closer look at the UniPay Gateway solution. It is a crypto-friendly omni-channel payment gateway solution, available in both hosted and licensed versions. Contact our experts for more details!