This document discusses payment gateways, processing of payments, and future trends in mobile payments. It provides an overview of how payment gateways facilitate transactions between merchants and banks. It describes how payments are processed, including encryption of data and authorization. It also discusses security measures like 3D Secure and PCI compliance. Finally, it outlines emerging technologies for mobile payments, including storing payment details on devices and using phones for contactless "tap and pay" transactions.

1. Payment Gateway/Payment Service Providers
and future trends in mobile payment

2. Agenda
• Overview
• Connectivity
• Processing
• 3-D Secure
• PCI-DSS compliancy
• Key Benefits
• Future Trends

3. Overview
Payment gateway
A Payment Gateway/Payment Service Provider (PG/PSP)
facilitates the transfer of information between a payment
portal (such as a website) and the Front End Processor or
acquiring bank. It offers merchants online services for accepting
electronic payments by a variety of payment methods including
credit card, bank-based payments such as direct debit, bank
transfer and real-time bank transfer based on online banking.

4. Connectivity
Type of connectivity
• Direct XML API solution - all actions are performed within the
website (online booking engine) environment of the merchant,
credit card data is processed via XML API connection.
• Generic solution (redirection) – the merchant’s website redirects
the customer to a third party acquirer’s payment page where the
credit card data is submitted, processed and if successful, system
redirects back to webpage of merchant for completion of process.
Alternatively redirection can be done after booking process is
complete.

5. Processing
Payment processing
• And order is submitted via a website, the customer's
web browser encrypts the information to be sent
between the browser and the merchant's webserver.
This is done via SSL (Secure Socket Layer) encryption
• The merchant then forwards the transaction details to
their payment gateway. This is another SSL encrypted
connection to the payment server hosted by the
payment gateway
• The payment processor forwards the transaction
information to the card association (i.e.,
Visa/MasterCard)
• The credit card issuing bank receives the authorization
request and sends a response back to the processor
(via the same process as the request for authorization)
with a response code. In addition to determining the
fate of the payment, (i.e. approved or declined) the
response code is used to define the reason why the
transaction failed (such as insufficient funds, or bank
link not available

6. Processing
Payment processing
• The payment gateway receives the response, and
forwards it on to the website (or whatever interface
was used to process the payment) where it is
interpreted as a relevant response then relayed back to
the cardholder and the merchant (the entire process
typically takes 2–3 seconds)
• The merchant submits all their approved
authorizations, in a "batch", to their acquiring bank for
settlement
• The acquiring bank deposits the total of the approved
funds in to the merchant's nominated account. This
could be an account with the acquiring bank if the
merchant does their banking with the same bank, or an
account with another bank
• The entire process from authorization to settlement to
funding typically takes up to 3 days

7. 3-D Secure
3-D Secure is an XML-based protocol used as an added layer of
security for online credit and debit card transactions. It was
developed by Visa to improve the security of Internet
payments. It adds another authentication step for online
payments.
In most current implementations of 3-D Secure, the
issuing bank prompts the buyer for a password that is known
only to the bank/ACS provider and the buyer. Since the
merchant does not know this password and is not responsible
for capturing it, it can be used by the issuing bank as evidence
that the purchaser is indeed their cardholder

8. 3-D Secure
This decreases risk in two ways:
• Copying card details, either by writing down the numbers on
the card itself or by way of modified terminals or ATMs, does
not result in the ability to purchase over the Internet
because of the additional password, which is not stored on
or written on the card.
• Since the merchant does not capture the password, there is
a reduced risk from security incidents at online merchants;
while an incident may still result in hackers obtaining other
card details, there is no way for them to get the associated
password.

9. PCI DSS compliancy
Compliancy
In order to be able to accept online payment a merchant has to
meet certain standards and requirements.
There are 12 requirements for compliancy in the Payment Card
Industry Data Security Standard (PCI DSS) organized into six
logically related groups.
Validation and certification of compliance can be performed
either internally or externally, with the assistance of the PCI
Requirements, depending on the volume of card transactions
the merchant organization is handling, but regardless of the size
of the organization, compliance must be assessed annually.

10. Benefits
Key Benefits
• Long term reduction of costs
• Automation of payment processing
• Fraud detection tools
• Flexibility - partial or full capture
• Accept online payments 24/7
• Improved security – PCI DSS

11. Future Trends
With the development of wireless technologies and the online
industry, it becomes clear that in the near future credit cards will
become obsolete. In development are new online and offline
mobile payment technologies which allow for increased flexibility
of using your mobile device , which has all your credit card data
encrypted and stored within your SIM card.
This will allow for future merging of online banking and mobile
services together and usage of the full potential of wireless
technologies. Here are some in-development as well as already
implemented technologies:

12. Online payment
• Online payments - All credit, debit card
and bank account details are encrypted
and stored within the mobile device.
When a customer reaches a payment
page online, the mobile device
recognizes it and suggest payment
methods available on it. Then the desired
payment method details are
prepopulated automatically on the
payment page. Authorization of a
transaction is only done via touchscreen
fingerprint recognition software as well
as a password to prevent data theft in
case of lost or stolen mobile devices.

13. Offline payment
• Offline payments – also known as Near
Field Communication (NFC) where the
actual mobile device serves as a payment
device. A consumer using a special
mobile phone equipped with a smartcard
waves his/her phone near a reader
module.The customer then gets
prompted (optionally) for a password on
the mobile device to authorize the
charge. This technology is already
available in multiple shopping points
worldwide.

14. Future Trends

15. Future Trends

16. Thank you! Questions?
Danail Yotov
Head of Content Department
TravelStoreMaker.com
danail.yotov@travelstoremaker.com
www.travelstoremaker.com