How to build a payment gateway for Scratch
If you own an online store, you have to embed a payment gateway to process payments safely. In previous posts, we have considered how to integrate it into a website or mobile app. Today, I propose looking at the most difficult, yet, the most customizable approach. Let’s consider payment gateway development and, further, becoming a payment service provider. Indeed, it is a costly affair. However, it has certain advantages
What is a payment gateway?
A payment gateway is a complex system that enables debit/credit card payments for online and offline merchants. It sets a smooth passage of such transactions by encrypting confidential data and transferring them between a buyer, an online shop, and a bank. The shop acts as a payment portal and the bank as a payment processor. Thus, the payment gateway establishes communication between the three participants of the payment process. It ensures every transaction runs safely by applying various anti-fraud tools and acting under the PCI-compliance.
From the technical point of view, the payment gateway is a layer above the payment processor. It receives data from the user and, depending on the chosen payment method, redirects the payment to the processor in an understandable format.
Why build a custom gateway?
There are many ready-made payment methods that you can simply take and connect to your store. In the last article, we examined the best payment gateway providers and gave a credit card processing comparison chart. Nevertheless, none of these options will provide you with full control over the payment process. Besides, there will always be points that you would want to change or add.
Given this, we decided to share our vision of creating a custom gateway. We list the pros, cons, and reveal some tricky moments of such a project
Payment gateway vs. payment provider
It is essential to understand the difference between the payment gateway and the payment provider. While the first is software, the second is the ability to use this software for its intended purpose. So, writing a working program doesn’t mean you can embed it into your site or sell it to other merchants right away. First, you need to go through the certification process and connect with a payment processor. Note, building software is not a challenging task. In contrast, the registration procedure may take months or even years. Only after obtaining all the necessary permissions can you act as a provider.
Who needs a custom gateway?
Here are the types of companies that may benefit a lot from building a custom gateway:
- Large merchants with high turnover who do not want to depend on a third-party provider
- Incumbent billing companies that want to replace or update their software
- Hi-growth payment providers that need a more advanced payment processing system
- IT firms that intend to grow business by acting as a payment service provider
- Acquiring banks that want to improve their front-end solution
The pros and cons of custom development
Pros
Lower fees. With ready-made online payment methods, you are sentenced to lifely fees for every operation. Besides, in most cases, you should pay a registration fee. The custom solution will allow you to be your own boss and reduce payment processing costs
Custom features. Even the best global payment processor cannot meet all your expectations. If you look through the list of payment methods, you can see that some do not support multi-currency transactions, other ones do not work with recurring charges, yet others are too expensive. Opting for custom development, you can get the exact product you want
Additional revenue. Owning a payment gateway, you yourself can become a provider. It means you can charge registration fees and transaction fees from other merchants. Thus, you can think of a new way of business development that will help grow your profit.
Cons
Development time. With custom gateway development, you will spend time on the preparatory phase, pure development, testing, and maintenance. It will take longer compared to integrating a ready-made solution. However, in the long run, you will benefit, as you will be freed from recurring charges and gain an extra source of income.
Certification costs. To run your gateway, you need to connect to the payment processor and comply with the PCI requirements. Let’s be clear; it is a long and slow way. Besides, it requires high costs. If you choose a white-labeled solution, you avoid such a headache as you connect to the gateway with all the dust settled.
Sole responsibility. Being a payment service provider, you are totally in charge of transaction security. You must guarantee the protection of cardholder data and the minimum risk of fraud.
How to become a payment service provider
Now, we will list the steps to take on the path of becoming a payment provider.
Step 1. Set up infrastructure
You can either host your gateway on the third-party server or prepare the server on your own. The latter option gives you full power, however, you will need to maintain the data center and undergo an annual PCI audit. If you decide to host outside, I recommend considering AWS. They have a developed equipment base and offer solutions for all kinds of business.
Step 3. Develop CRM
A CRM system is a powerful tool for keeping client data, managing transactions, and controlling managers. It will allow you to do smart forecasting and avoid many mistakes. Basically, CRM is a huge customer base. For you, as a payment provider, it will provide great help for managing new and existing clients.
Step 4. Implement tokenization
Tokenization implies keeping credit card data on the gateway side rather than on the e-commerce store’s server. Tokenization aims to free merchants from storing sensitive data during recurring charges.
For that, the buyer’s card number is replaced with a token, which is further used by the online shop.
You must set up tokenization in case you are planning to run the gateway on your own server. The process involves preparing the hardware that will encrypt the card data and the software that will comply with PA-DSS rules. If you choose to host elsewhere, these troubles rest on the server provider’s shoulders
Step 5. Get 3DS certificate from EMVCo
EMV stands for Europay + MasterCard + VISA. It is an international standard for bank card transactions with a chip. To get a certificate, you need to do the following:
- Contact with EMVCo to get an EMVCo Product Provider Registration Number.
- Register in the laboratory and sign a quotation to open access to the lab’s 3DS test platform.
- Wait for formal approval of test results.
- Receive a letter of confirmation from EMVCo
- Contact the certification center and go through the certification procedure
- Get the certificate and the license
Step 6. Apply for PCI
It is a mandatory step if you want to deal with online payments. PCI DSS standard aims to reduce fraud by setting twelve obligatory rules for the software that works with credit cards. Besides, it divides companies into four levels depending on the transaction volume. To get approval, you should order the PCI audit. Note, it is a costly affair which you should repeat at least once a year.
Extra tips for building a payment gateway
In this section, I’m going to place a few recommendations that will help you build a competitive gateway
Integrate with many processors. The more payment processors you link with, the more opportunities you give to your merchants. Specifically, the sellers will be able to choose among different acquiring banks to open an operating account. Also, they will have a choice of transaction fee rates.
Make your gateway flexible and adaptive. An advanced payment gateway can quickly adapt to the merchant needs. So, make sure to add accessible customization opportunities. In particular, pay attention to types of payment methods. The more options the buyer has, the higher profit the seller can rise
Implement a dispute resolution interface. Merchants often face arguable points during their commercial activities. Therefore, you will do them a favor by offering a convenient interface to contact an issuing bank.
Give merchants accessible API. Business owners look for an easy way to integrate payment gateway into their store. If you provide a smooth mechanism to do it, you will increase the chances of getting new customers.
Provide customer support. Even minor issues in payment gateway may cause severe losses to merchants. So, make sure to hire skilled managers and implement chatbots that are available 24/7. It will help you troubleshoot problems shortly if they occur.
How much does it cost to become a payment service provider?
The price of a custom gateway is variable. It mainly depends on your preferences and business strategy. Given this, it is impossible to identify an exact sum. However, there are costs that you will face for sure. Let’s take a look at them
- Development costs €25000 – €35000
- Software certification (test platform subscription for 3DS Server, Formal Approval, LoA EMVCo certificate) €15000, €15000, €10000
- Tokenization appliance €42000 – €85000
- Annual PCI audit €22,000 per year
- Integration with banks and processors €4,000 – €13,000 each
A custom payment gateway is a right choice for stable companies that want to do business by their own rules. By developing the product from scratch, you tailor it to the specific needs and receive peak efficiency. Moreover, payment gateway development opens ample opportunities for growing your profit. If you want to sell it to other merchants, make sure it is highly secure and easily customizable. The features set should cover multiple payment processors, convenient dispute settlement interface, and easy tool for reporting.