Choosing the wrong payment gateway can be a painfully expensive mistake. Here are the questions to ask, the red flags to scout for, and the blind spots to be mindful of when you shop for a payment gateway.
When businesses prepare to expand—or recover from an economic crisis and pandemic—they usually tool up for the new challenges ahead. For any companies that sell online, choosing the right payment gateway is part of that preparation.
As someone who has engineered payment and banking technology for the last 20 years, I can offer a technical perspective on this choice. The recommendations I’ll offer are geared towards developers and independent software vendors (ISVs) that have some experience vetting and integrating B2B software.
The point here is not to plug one platform or disparage another, but rather to examine how business requirements ought to shape your choice of payment technology. I’ll suggest questions to ask payment vendors and identify common blind spots in order to help you make a sound decision. There is no one right answer to each question, but there are plenty of bad or disquieting ones.
1. How “modern†is the gateway?
A company that hasn’t modernized its gateway is probably underinvesting in innovation. “Modern†is a subjective word, so let’s unpack it in the context of payment gateways:
APIs have been around for years, and API standards are constantly evolving. Today, the most common APIs are RESTful, which greatly simplify the development effort to integrate.
What technology stack is used to build the gateway’s frontend and backend? A legacy technology stack (COBOL, VB, PowerBuilder, etc.) is going to limit innovation and extensibility.
How often does the vendor release new software, and what development methodologies do they use? An Agile shop tends to innovate faster and deliver new functionality to market quicker.
Learn More: The Robinhood Warning: Digital Performance is Important for All, Critical for FinancialsOpens a new window
2. What are the integration options?
In choosing a payment gateway, let your business requirements guide your technical decision making. Look for a gateway that helps you accomplish your business requirements with the least cost and effort.
For example: If your application is built on Magento, does the gateway have a Magento plugin? If you are building a mobile app, does the vendor provide mobile SDKs and support mobile payments methods such as Apple Pay and Pay with Google? If your business sells globally and you do not have the budget to localize your user interface for multiple languages, currencies and payment types, does the gateway offer hosted pages to handle localization for you?
A gateway can save you substantial development efforts by offering integration types that solve your business needs and minimize your development efforts.
3. Where and how do you plan to sell?
If you’re looking for a domestic payment gateway, there’s a competitive field of options. If you plan to sell cross border, then your requirements become more specific and complex.
For instance, if you plan to sell in China, you need the ability to offer local payment options like Alipay. In Brazil, Boleto Bancário and local cards are a must. In the U.S., ACH is important. In Europe, SEPA and 3-D Secure are key. Apple Pay, Google Pay, PayPal, and other wallets can provide a competitive edge in multiple markets.
Your business model will narrow the selection, too. Do you offer one-time purchases or subscriptions? Or both? Do you have a marketplace that requires payouts to merchants? For B2B business, invoice payments are a must. And for companies that have in-person and online sales, you’ll need a gateway equipped to handle both types of transactions.
The goal is to find one platform that can meet your needs for at least the next five years. Otherwise, you will find yourself cobbling together multiple platforms that are expensive and largely redundant.
Learn More: 6 Tips to Help IT Sales Teams Sell in the Time of CoronavirusOpens a new window
4. Is it developer-friendly?
When I buy B2B software, I ask a few questions to assess how developer-friendly it is:
- What support and resources do you provide for implementation?
- If I need help, do I get to speak with a real human being (preferably a developer)?
- What are your SLAs on support?
- Can I speak to a customer reference?
- What do you provide in terms of technical documentation and how complete is it?
If you get an evasive or disappointing answer to any of these questions, beware.
5. Compliance and Security
It’s almost guaranteed that any gateway you shop will be compliant with the Payment Card Industry Data Security Standard (PCI-DSS). Still, there are other regulatory and security questions that you should ask depending on where/how you conduct your business:
While the gateway is PCI compliant, what scope of PCI compliance will you (the merchant or partner) be responsible for when you integrate with the gateway? SAQ-A is the least burdensome because you never have to handle card data. But depending on the integration and payment workflow, you may be held to a higher (i.e., more expensive and technically complicated) level, such as SAQ A-EP, SAQ D or SAQ C-TV.
In what markets is the gateway compliant? For example, GDPR compliance and 3-D Secure is a must for selling in Europe. To sell in the U.S., a gateway must comply with the California Consumer Privacy Act.
Does the gateway include fraud prevention technology, or will you integrate that separately?
What processes and procedures does the company follow to keep data secure? Does their security program cover endpoints as well as the network, data, and protection for online transactions? What about server host intrusion detection? After all, you are entrusting your data to the gateway — make sure they properly secure it.
6. Scalability and Availability
Ask vendors about how many clients they currently serve and how high they can scale. A few ways to get at that information:
- What’s your typical average volume?
- What’s the peak volume you can support?
- What are your availability SLAs? For modern ecommerce, it’s common to ask for the five 9s uptime.
- Do you have multiple sites in the event of a disaster? How quickly would you recover?
- How many hardware failures can you sustain before your service is impacted?
- Do you have maintenance windows? Or, can you do software releases without bringing availability down? The vendor should be able to do maintenance on the fly, without interruptions, by moving traffic to one data center or another.
- Do they have a protection layer that throttles calls to their system to protect it from crashing?
Here’s why you should ask these questions: payment gateways can see more than triple their usual volume around Black Friday, Cyber Monday and the holidays. The last thing you need is a crash during the most lucrative days of the year.
Where There’s Differentiation
Most payment gateways will check the boxes in four or five of these categories. You’re going to see the most differentiation in developer-friendly support, security and fraud offerings, and integration options. You’ll also see vast differences between platforms that are tuned for domestic sales and those that excel at cross-border transactions. Again, if you let business requirements guide your decisions, you’ll choose a gateway well-suited to your goals and challenges.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!