When you start building an e-commerce site, one of the first concepts you need to learn is the difference between external and integrated gateways. The difference is important for the development of your website, but it only makes a small difference to your customers.
Data Security Standards
For the people buying items on your checkout page, an external payment gateway opens a new website in a separate browser tab. For example, websites that take PayPal payments must use the company’s external payment gateway, sending their customers to the PayPal site for processing. The customer returns to the e-commerce site’s checkout page after authorizing the payment. This method has some distinct advantages over using an integrated gateway, but it usually costs more for business owners to process payments.
When you use an external gateway, you can completely forget about Payment Card Industry Data Security Standards. These standards, imposed by the Payment Card Industry Security Standards Council, are fairly straightforward, but they require online businesses to continually monitor their data encryption, network security and antivirus software.
An external gateway handles all of these tasks, but an integrated gateway, which is embedded on the business owner’s website, has to follow PCI DSS to the letter. Any violation in the data security control objectives can result in serious fines that could put a website out of business. These objectives are put in place to protect credit card users from fraud. They’re required by the PCI SSC, which is an independent organization made up of representatives from the major credit card companies.
Following Control Objectives
It’s not too difficult to follow PCI DSS control objectives, and the security council provides a self-assessment questionnaire to help business owners determine which level of security they need. There are four merchant levels that group online businesses in order of size, from merchants processing fewer than 20,000 transactions per year to those processing more than six million per year. The council imposes different requirements on businesses according to their merchant level.
Credit card fraud is a big danger, especially for small, at-home businesses and sole proprietorships. Criminals target these websites, because they typically have less protection than larger companies that can afford to hire a cyber security team. Implementing PCI DSS protocol doesn’t guarantee that a website won’t be compromised, but it does protect businesses from the heavy fines issued by Visa when it’s discovered that proper protocol wasn’t followed.
Other Differences
The responsibility for data security is the main difference between external and integrated gateways, but there is also a cost difference. Online businesses can save money by taking care of data security themselves, but it’s important to find a reputable payment gateway that works together with credit card companies and the business’s merchant account. There are hundreds of payment gateways to choose from, so doing a little research before subscribing to a service can prevent costly problems down the line. Another important point to consider is that some payment gateways don’t process transactions for ammunition or electronic cigarettes, and violating this policy can also result in heavy fines.
Related Resource: Regional Payment Association
E-commerce is one of the biggest industries on the Web, and business owners must be vigilant against criminals stealing digital information. If you own a website that takes credit card payments, you should understand the difference between external and integrated gateways.