How Payment Gateways Work, Part 2
Keeping Transactions Secure
- Since the customer is usually required to enter personal details in the transaction process, the payment gateway is often carried out through HTTPS protocol.
- To validate the request of the payment page result, signed request is often used – which is the result of the hash function in which the parameters of an application confirmed by a «secret word», known only to the merchant and payment gateway.
- To validate the request of the payment page result, sometimes IP of the requesting server has to be verified.
- There is a growing support by acquirers, issuers and subsequently by payment gateways for Virtual Payer Authentication (VPA), implemented as 3-D Secure protocol – branded as Verified by VISA, MasterCard SecureCode and J/Secure by JCB, which adds additional layer of security for online payments. 3-D Secure promises to alleviate some of the problems facing online merchants, like the inherent distance between the seller and the buyer, and the inability of the first to easily confirm the identity of the second.