Payment Gateway

Presented By
Thriven Kumar Reddy N

Contents
o Introduction

o How Transactions Works and Role of PGs

o What happens at Gateways

Introduction
o What is Payment Gateway? o A payment gateway is an e-commerce application service provider service that authorizes payments for ebusiness, online-retailers, etc.

o Why? o Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the Payment processor.

How Online Transactions work?

o Jargon o Customer/Buyer o Merchant/Seller o PG o Issuing Bank o Acquiring Bank

Working step by step

Working step by step

Working step by step

Working step by step

Working step by step

Working step by step

Working step by step

At a Glance

What happens at Gateways?

o After the customer places the order and submits the payment

information, the Merchants server encrypts with SSL and forwards it to PG, where it will again encrypts with SSL and forwards the information to the Card Issuer/ Issuing bank and sends the response back to the Merchants server/ customer that id received from the Issuing bank processor.
o PGs, most of the times will also perform Fraud Management

before forwarding it further in the process, like

o o

Checking for valid Prefix of the card number Checking for validation of card number using LUHNs rule.

SSL
o Netscape's SSL is an Encryption

specification/protocol which uses the public-andprivate key encryption system from RSA, which also includes the use of a digital certificate

Fraud Management
o Using LUHNs Rule: o Luhns rule is used to validate a card number that is accepted from the customer, which can be applied to many of the card types like VISA, Master card etc. o Steps involved:
Considering an example, we will see how Luhns rule works. Let card number be : 1234 5678 1234 5670

Fraud Management(cntd Luhns rule)

o Double the value of alternating digits: o But start from the second last digit and work backwards.
This will give us the following values. 7 x 2 = 14 5 x 2 = 10 3x2=6 .. etc.

o Add the separate digits of all the products:

This yields the value: (1 + 4) + (1 + 0) + 6 + 2 + (1 + 4) + (1 + 0) + 6 + 2 = 28

Fraud Management(cntd)
o Add the unaffected digits: o Add all the remaining digits which are not used in the above steps
1234 5678 1234 5670 0 + 6 + 4 + 2 + 8 + 6 + 4 + 2 = 32
o Add both results and divide by 10
o

It should be evenly divided by 10 to be a valid number.

28 + 32 = 60 60 is evenly divided by 10

Fraud Management
o Using the Prefixes and length of Card-Number o Each card issuer company will have its own prefix which is common to all the cards that come from that company and fixed length. o Example:
Card Type Master card VISA Prefix Number 51-55 4 Length 16 13-16

American Express 34/37 Discover

JCB

15 16
16

6011
3

Fraud Management
o PGs also sometimes uses AVS(Address Verification

Services), Card Code Value (CVV) verification. o And SET as a specification/protocol instead of SSL, which works with digital certificates.

Final Gist
o So by this we can conclude that, PGs are used to just

Forward the information securely, authenticating the users, ensuring Information Confidentiality and Data Integrity etc by having secured connections across the Merchants server and Banks processor.

Any Questions? or Suggestions!