Finding the perfect payment gateway | PCI Booking

Finding the perfect payment gateway

Finding the perfect payment gateway

Geoff Milton

So many payment gateways for merchants to choose from, so little time.
 

You'd think it'd be simple for an OTA or a channel manager to find a payment gateway that processes secure payments online, encrypting data before it reaches the payment processor.
 

It isn't.
Payment gateways vary widely:

-- Some are basic, giving you a connection, and letting you do all the grunt work of establishing a merchant account for receiving the card payments.

-- Some don't require a merchant account, handling the money transfer from the payers' account or credit card, ensuring the payment is accepted, and then sending the money into the OTA/channel manager's account.  
 

How do you choose? It depends on your specific needs, and only you can determine what they are. But here are some basic guidelines that can help steer you in the right direction:

Security

This is where the barebones payment gateway offering could fail, because you'd be responsible for security, and that's not easy: you'd need to establish how you store and process payment card data, so that it never touches your own system, in compliance with PCI DSS standards.
 

Because it only takes one data breach for you be subjected to heavy fines – and some bad publicity that will tarnish your reputation.
 

That's why it makes sense to evaluate vendors based on security and to ask them outright what they do to protect guests' payment card data. Musts include data encryption, or tokenization: substituting payment card data for an indecipherable token.
 

The best-case scenario, of course, is to have them prove they are PCI compliant.
 

Currency flexibility

OTAs, channel managers and booking engines take reservations worldwide. While it's obvious that you need currency flexibility, you need to be sure that the payment gateway handles any currency, which can connect to merchant banks.
 

It may also be worthwhile to look for a payment gateway vendor that offers dynamic currency conversion (also known as cardholder preferred currency), to give credit card holders a choice: they can pay in their own currency, or in the destination currency. For example: a French guest may want to use Euro, instead of US dollars, when they pay for a stateside hotel. Note, however, that sometimes, this could work to the guests' disadvantage, due to conversion rates.
 

Fees

Payment gateway vendors' fees can be confusing, making it difficult to make comparisons. Some charge one-time fees, some, recurring monthly fees, others, transaction fees, or a combination of all.
 

Generally, you can expect the following:
 

1.    Initial setup fees, which ought to include integration fees, setting up a merchant account

2.     Recurring costs, such as per-transaction fees: estimated at anywhere from 2-5%, depending on your transaction volume; and/or a flat transaction fee

3.     Annual maintenance fees

4.     Optional fees, such as refunds, chargebacks
 

Hosting: your site or theirs?

Also a matter of individual need, but important to consider. If you opt to have the payment gateway hosted off-site, then you don't have to worry about compliance or security. They are responsible (see security, above).
 

But you also may lose the guest, because the guests is sent off your website: almost never a good idea if you want to retain customers.
 

That's why an integrated payment gateway may work: guests never leave your site.
 

Of course, this approach also has its own challenges:
 

-- It requires integration and sometimes, you'll need to get a programmer to tweak behind the scenes, til it works

-- You'll also be in charge of adhering to PCI compliance standards when storing payment card data 

-- It may not be so easy to change payment gateway vendors. That can prove problematic if you want to jump ship for a better deal or better service. 

Check the rep

How reliable is the payment gateway provider? If there's a power outage, high traffic periods or other events, will uptime be assured?
 

Check what the experts say, like toptenreviews. You can filter options according to your requirements, until you find the right one.
 

Choice can be a good thing.

Subscribe to the

PCI Booking Blog