What is a Payment Gateway?
A payment gateway is the engine that fuels the communication and transmission of
data between the functional components of the payment process. It relays the request
for payment (which may come from a shopping cart, a virtual terminal, an in-house
accounting system, or even a retail terminal) in the appropriate electronic format
to the appropriate entity (a bank, Visa/MasterCard, or processor). The gateway relays
the response or authorization that sets the funds transfer activity.
Security Features
- Security is important before, during and after the payment processing process.
To fully ensure security, the system employs proven technology to transmit data
safely and to safeguard consumer data. The gateway has been CISP Certified, which
requires diligent adherence to anti-fraud measures to protect merchants and consumers.
- The Gateway utilizes Secure Socket Layer (SSL) authentication and encryption technology.
This is patented technology developed by Netscape Communications and relies on encryption
developed by RSA Data Security, Inc. and other cryptographic providers. SSL encryption
protects information being transmitted across the Internet from third parties.
Integrating with the Gateway
- Our Virtual Terminal, shopping cart and product catalog are pre-integrated tools
that merchants can easily use to process payments securely and efficiently. The
tools provide smaller merchants the benefits of powerful customized e-Commerce applications
with a more professional appearance.
- Larger Merchants with more complex product lines, software companies, and ISPs
may choose to use our API to integrate directly with the Gateway. Payment Express
Systems provides complete integration information, guides and tool kits along with
technical advice and documentation for using the Gateway, Virtual Terminal and Shopping
Cart.
About CISP
CISP stands for Cardholder Information Security Program and has been implemented
by Visa to protect cardholders and merchants from fraud and identity theft. MasterCard,
American Express and Discover also have security requirements, but CISP is the most
stringent. CISP requirements apply to all entities that store, process or transmit
cardholder information, including payment processors, merchants and banks.
It is important to note that this applies to both card present and e-Commerce businesses.
Compliance with CISP is monitored differently depending on how much cardholder information
is involved. Since we process millions of transactions, a complete on-site security
audit by an independent third-party was performed after several weeks. The extensive
review process was successfully completed. As a result, we are certified to properly
handle confidential cardholder information.
Through our efforts, consumers are safe from identity theft and credit card fraud
and merchants are protected by systems restrict merchants' access to only the minimum
information necessary to complete a transaction.
How Encryption Works
When remote servers or customer's web browsers access the Sage Gateway Commerce
Server, the connection between the 'client' and our Commerce Server becomes
a dedicated 'link'. Basically, you need a set of electronic keys to access
the Commerce Server and the client. As a dedicated link, we transparently handle
the use of the keys which are then used to encrypt the information.
This allows the 'client' to send information that is encrypted and would
appear as jumbled or mangled text across the Internet to the Sage Gateway Commerce
Server where the data is decrypted. Most web browsers have a method of notifying
you or your customers that they are on a secure connection with a server, which
uses SSL technology. Clues that you are on a SSL server include locks on toolbars,
keys, and solid blue lines around your browser.
|