The Scenario
If you have been a developer for a while chances are this scenario has happened to you. Your manager or an executive comes to you and says “Find us a new system that supports (insert their giant list of requirements here)”. Depending on the requirements this can be a tall order. This decision becomes more important if the payment service provider will be responsible for critical operations such as system or data security. If you are a developer responsible for finding a new payment gateway or payment facilitator, this is your challenge.
After hours of evaluating websites and white papers of various service providers all claiming to have the cheapest rates, most features and the best API you will ultimately need to answer one question – what does the service or API actually do and how does that meet my requirements?
There is no shortage of payment gateways or processors that can perform a basic sale transaction, credit or void. While these functions are critical to any gateway, software platforms have become more sophisticated and need more than this basic functionality. Software platforms now need to onboard new merchants, synchronize transaction data and offload critical system operations that are subject to compliance standards such as PCI.
Here are some areas and advanced features to take into consideration as you select your next payment service provider.
Offloading
Look for a service provider that gives you the ability to offload secure cardholder data transfer and storage. A good service provider will give you the ability to fully offload the handling of protected data by offering hosted payment pages or javascript libraries that abstract your system from sensitive data handling. Also look for a payment service provider that can handle long term storage of your sensitive data with features such as tokenization or vaulting.
Onboarding
While many gateways will allow you to run transactions, your field of options is reduced if you need to onboard new merchants using an API. If you find a payment service provider that allows real-time onboarding, make sure they also provide immediate processing. You will also want to pay close attention to how funding is handled for newly created merchants.
Account Management
If your project has onboarding requirements chances are it has some account administration requirements also. Look over advanced API functionality to see what account management options are available from your prospective service providers.
PCI Certified
When evaluating a payment service provider look for a company that has been PCI certified. Ideally look for companies that are PCI Level 1 or Level 2 certified. Certification helps ensure they have been properly evaluated by an independent auditor and their systems have been tested for common and advanced vulnerabilities.