how paypal, authorize.net and many other payment gateway service get access to visa card processing regardless of bank?

Question

We know there are so many payment gateway service providers namely paypal, moneybrookers, authorize.net and many national and international payment gateway providers. Now, my question is what are the steps to develop our own payment gateway service to process any visa and mastercard regardless of any bank of the world. From which organization should i need to take authority to develop my own payment gateway service. What are the api and protocols provided by www.visa.com and www.mastercard.com to develop own payment gateway service. I don't know that payment gateway service provider's api has to interact with visa card brand site, card issuer bank and acquirer bank..??Please provide me the guideline... Thank you all in advance for your answer..

Answer 1

A payment gateway and a payment processor are two different things. A payment gateway, like Authorize.Net, allows a website or software to send payment information to a payment processor to process the payment. The payment processor does the actual handling of the payment (e.g. checks to see if funds are available on the card, is it approved, AVS, CVV verification, etc).

To get a relationship with Visa and MasterCard you need to become a Member Service Provider (MSP) and Independent Sales Organization (ISO). This costs about $10,000 up front and then $5,000 a year if you are approved. A background check and review is involved. This is done by your sponsoring bank, which you also have to find.

To build a payment gateway you have a lot of work ahead of you. This isn't a project you would write with a language like PHP. You would need to use a higher level language such as C or C++. Something compiled that will be much faster and more robust then PHP. You can power your web based front end with PHP (i.e. user control panel) but the backend stuff, including payment processing, will need to be in the higher level language. You'll also need an enterprise level database as open source databases could never handle a task like this. Basically you're looking at using an Oracle database which is expensive but also designed for this sort of thing.

Your first major issue will be PCI DSS compliance. You will have to secure your system from top to bottom with regular compliance checks. This is a lot more difficult then it sounds. And expensive, too.

Your second major issue will be getting certified by the processing networks. To be a successful payment gateway you must be certified on every processing platform and there are at least 16 of them that I can think of off of the top of my head. Being certified takes about two months for each. You can do them simultaneously but you would be looking at at least a year to be certified on all of them. And each one has a different API so you will need to code your payment gateway to work with all of them.

Your third major issue will be the data you store. Not only do you have the PCI DSS issues to deal with, but you will need to capture and store every transaction that runs through your system for years. That kind of data will require tons of storage space (that will also need to be secured).

Your fourth major issue will be processing volume. A gateway must be able to perform transactions in a second or less. This means your hardware solutions must be able to scale for heavy traffic especially over the holiday season. It will need to be able to handle hundreds of transactions per second (thousands if you become successful). That is a big reason why you'll need to use a higher level language over PHP.

Your fifth major issue is that you will need to create a powerful yet easy to use API for web developers to use to connect to your payment gateway. They need to be able to do everything a credit card terminal can do through code. Documenting that should be fun! ;)

Minor issues include:

• Making sure you are ECI compliant (Electronic Commerce Indicator is required for all Internet transactions)

• Securing all data transfer (SSL)

• Offering a user control panel

• If you want to be successful you will also need to have anti-fraud tools available

Building a payment processor is an even more herculean task. It will require relationships with banks (a friend just went through this process for their new venture and it took over a year just to get a bank to agree to work with them). I suspect it will require you having a lot of money set aside to deal with potential processing issues that result in your customers being owed money. I'm talking at least six figures.

The technical stuff would be at least as complex as building a payment gateway. You'll need to be interfacing with banks. Lots of them. And your uptime must be 100%. I have not been this deep in the technical aspects of it all so I can't give you anything more specific then that.

The payment gateway is a huge project but doable. It becomes easier if you limit the networks it will work with. Maybe stick to the most popular to start and go from there. A better idea might be to partner with a processing bank and sell merchant accounts through them. Then make your payment gateway work only for them at first. Then you can launch quicker and also make money on the credit card processing. The payment processor part is huge and probably beyond the scope of what you want to do. If not, it's a huge undertaking that goes way beyond a handful of programmers. You're gonna need lawyers, too.