When a consumer submits a card payment online or at a physical terminal, the unsung hero of the interaction is the payment gateway.
The payment gateway is the software that captures and transmits the sensitive data from a customer’s card (along with other key transaction information) to the acquirer so the authorization process can happen. For online and software-based payments, the gateway runs in the background behind the checkout page. In-store, the gateway software is built into the merchant’s physical payment hardware.
In addition to facilitating the flow of data to and from the merchant, the payment gateway is also the first line of defense against bad actors looking to steal valuable customer data.
Several initial security measures begin at the gateway level. The first and most universal is encryption. All gateways encrypt customer payment data before sending it. At the most basic level, they use legacy protocols like SSL (Secure Sockets Layer) and TLS (Transport Layer Security). However, modern gateways increasingly employ a more advanced and secure method known as tokenization.
A gateway can also require additional security steps that must be met before submission, like 3DSecure or the European Union’s Strong Customer Authentication (SCA). The former requires online shoppers to enter a PIN before a transaction can go through. This step ensures an authorized holder is using the card.
No comments:
Post a Comment