gateway serves as an entrance to another network. In the world of computers, this means something slightly different than it does in the world of transaction processing, where merchants use gateways to process and authorize credit card transactions for purchases their customers make online.

Gateways, whether they consist of one server or a whole series of servers, translate the coding each network uses so that purchase information (item number, price, card numbers) can be transmitted and understood.

For merchants selling goods and services through a Web site, gateways serve as connectors to the vast array of customers who want to make purchases. This includes communicating information on the variety of payment methods those customers use as well as the multitude of networks through which they're connecting to the Internet.

Gateways are the part of the transaction process where credit card authorizations are made so that card-not-present payment transactions go through smoothly. They also enable the use of virtual order screens/terminals to process mail/phone order transactions. Sounds simple enough, but in reality, there are challenges merchants face when setting up and using gateways for e-commerce.

Cost, Implementation, Integration

In the last few years, the cost of using a gateway has decreased dramatically due to increased competition in the marketplace, but prices still vary widely by provider.

Some gateway providers charge as much as an additional 50 cents or more per transaction for their recurring billing features, while others charge only the normal transaction fee. Some providers charge up to an additional $400-plus for integration, while others charge nothing. Getting merchant Web sites to work with gateways can be a programming challenge. Most merchants are entrepreneurs-not computer programmers or Web designers-and their technical skills might be limited, which is where gateways come in. Some gateways integrate sufficiently with merchant sites so that customers never know when they've been routed from the merchant site to either create shopping lists of items to purchase or to make payments. Other gateways are more cumbersome to navigate, and it's obvious you've gone to another site.

Providers should keep implementation and integration of gateways simple. According to Daniel Brasov of Group ISO, "I wish most gateways would get their stuff together and try to make it simple for the average merchant. In talking with merchants or shopping cart companies, I have heard the easiest gateways to integrate are: www.authorizenet.com, www.networkmerchants.com www.slimcd.com and www.tranzakt.com."

Shopping Carts, Customer Service, Security

There are certain features gateways should incorporate.

Shopping carts keep track of items that customers want to think about before they buy, so they incorporate complex coding to make sure that nothing falls out of the cart. Shopping carts usually reside separately from gateways-many gateways insist on not offering shopping carts as part of their service because of current agreements they have in place with shopping cart vendors.

However, merchants are best served when a gateway offers a shopping cart as part of the package. Merchants should evaluate how much revenue they expect to generate from sales on their Web sites and determine if an online store will be cost effective. Before spending hundreds, if not thousands, of dollars on a shopping cart, they should see if income from Web sales will bring in enough to cover expenses and gateway minimums.

Merchants need to track purchase information for a variety of reasons including inventory control and accounting purposes. Depending on the source, the purpose and the destination of the information being uploaded, a gateway should allow for uploads in multiple formats such as XLfile or Notepad and should not limit the number of transactions that can be uploaded. The gateway should also promptly provide a thorough report of any and all unsuccessful transactions with an explanation for each transaction failure.

Over and over again companies with a great product fail to capitalize on their success because of a lack of customer service. Most merchants will continue to use the same gateway (even if they switch their merchant account provider) based on customer service and support. For example, one of our merchant clients said to us, "Even though the company is not price-competitive and the integration is a nightmare, they still get my business because of their excellent customer service."

Pro-active flexible recurring billing should also be part of a gateway's offerings. A challenge for one of our merchant customers was being able to bill the customers on the day that their checks arrived so the funds would be available. Sometimes that would occur every two weeks, rather than on the 1st and 15th of the month.

The solution was to use recurring billing software set to "bill every two weeks." When pro-active recurring billing is implemented, if the first credit card is declined, a second credit card is automatically billed. If that card is also declined, the software continues trying all of the cards and checking accounts on file for that customer until the billing is authorized and captured.

Fraud Tactics and Prevention

Online transactions are much less secure than those in which a customer presents a card in person. Payments for Internet transactions are made remotely, with the buyer providing the card number and expiration date. Card numbers are far easier to steal than cards.

A clever thief can create "valid" card numbers by accessing card-number generators on the Internet. Credit card fraud rates are at least 10 times greater on the Internet than they are in the physical world, and that rate is steadily increasing.

Pinging occurs when Internet merchants selling low-ticket items get a big boost in sales, only to learn that the sales were all fraudulent, resulting in chargebacks. This happens when a crook tries to determine if its recently acquired credit card numbers are valid before moving on and purchasing hard goods or selling the list to a fraudulent merchant. Pinging can be quickly terminated when the number of transactions from a certain IP address is limited to one or two successful transactions in a day.

One common way that crooks take advantage of low-tech communication on the Internet is by simply rewriting the pricing information on the order form before the sale goes through. For example, if a merchant Web site sends information to a gateway in plain text, it can easily be altered. This form of fraud is targeted mostly toward larger Internet merchants whose shipping department personnel may not catch the change unless they double-check every order thoroughly before shipping the product. Gateway security encryption and the use of a secure server can prevent this type of fraud.

Fraud scrubbing, especially when integrated before the customer completes the transaction, is the best and most affordable security feature to incorporate, and all gateways should include this feature. Fraud scrubbing will also save the Internet merchant the cost of transaction fees by eliminating the possibility of the Address Verification Service (AVS) or Card Verification Value 2 (CVV2) not matching.

When Internet merchants sell content, domain names or downloadable programs, the maxim "only ship to the billing address" does not apply. In these cases, other security measures, such as Internet Protocol (IP) address matching, need to be implemented. A thorough IP address program verifies that the IP address/state/country matches the address of the customer. This should be implemented before the transaction is processed to prevent the merchant from paying the transaction fees and finding out later that the customer has provided fraudulent information. IP address matching can dramatically reduce chargebacks for these merchants.

Overall, most gateways fit the bill according to Brasov, but he cited one in particular for the range of options it offers to merchants. Features offered on www.networkmerchants.com, he said, include fraud protection, pro-active recurring billing, multiple billing options (such as Western Union SwiftPay), uploading transactions and an integrated shopping cart. Coming in a close second is www.tranzakt.com .

David H. Press is Principal and President of Integrity Bankcard Consultants, Inc. Phone him at 630-637-4010, e-mail David at dhp@integritybankcard.net or visit www.integritybankcard.net