When a business owner decides to take the business online, a payment gateway is needed to process online transactions. There are a few options to set this up:
1. Self-hosted
Pros – The merchant has full flexibility to customize the look and feel of the payment page.
– Full control of customer data.
Cons – Customer data is collected by the merchant server, and then transferred to the gateway service provider.
The merchant has to take security measures to protect cardholder data, such as card number, expiry date and card security code.
– The merchant is responsible for fulfilling all PCI DSS requirements.
2. Shared-management e-commerce implementations
The three common types of implementations are embedded APIs, iframes, and hosted payment pages
Pros – Merchant can bypass their own server and redirect the payment page to the payment gateway provider. In this case, the merchant does not need to worry about technical details and PCI DSS requirements, because cardholder information is securely captured by the payment gateway provider, while the merchant only collects customer contact and order details.
Cons – Less flexibility on look and feel, the customer leaves the merchant website to process payment.
a) Embedded APIs with Direct Post
Merchant follows the code given by the payment service provider, so that customer data can be posted to their server.
Example:
b) Iframe (the code begins with <iframe src=
Payment service provider (PSP) creates a form (iframe) that the merchant store inserts to their website. The form is hosted by the PSP, so when customers fill up the form, the PSP receives the data.
Example:
c) Hosted payment pages
This is a very straightforward method. When customers make a payment, they will be redirected to the PSP page.