Definitive guide to Payment Gateways

If, like many New Zealand online retailers, you’re trying to get your head around the complexities of payment gateways, you need to read this guide!
This in-depth guide to online payment gateways will walk you through the key things you should be looking out for when trying to implement this online payment system. We’ll even do our best to demystify the dreaded ‘Internet Merchant Bank Account’.


Introduction to payment gateways
How Payment Gateways work
How are payment gateways different to shopping carts?
Charges and fees structures
Are there any risks involved?
Top 5 payment gateways in New Zealand
Key features to look for in a payment gateway
Core features
Questions to ask of your payment gateway provider
What is an Internet Merchant Bank Account
Other questions to ask about Internet Merchant Bank Accounts
What is PCI Compliance?

Introduction to payment gateways

POLi Pay and Merco. Introduction to Payment Gateways

A payment gateway is an Internet-based virtual infrastructure that helps to facilitate online transactions between a buyer and a seller. It processes the payment by verifying the credit card and accepting or declining the payment on the seller’s behalf.

In order to have a payment gateway service enabled on your website, you have to sign up for the service and have a special bank account called an Internet Merchant Account into which the money can be transferred after it has been collected on your behalf.

Business owner benefits

1. Tap into new customers

Offering your customers a variety of payment options is critical and that includes credit cards. A gateway will enable this and allow you to service many more potential customers.

2. Streamline your cashflow

Your online business won’t deal with physical cash in the same way that a store on the high street would.

If you conduct business online but only accept payment retrospectively (e.g. you send out an invoice and the customer pays directly into your bank account, then your cashflow may well be inconsistent).

(Of course, you can use an Internet Banking solution like POLi or Account2Account).

Similarly, if you run any kind of service, which charges customers on a recurring basis, you will need to request their payment information every time you take a payment. The risk here is that payments are late or missed altogether. Again, affecting your cashflow.

By offering online payments at the point of purchase, your cashflow will match your sales will is easier to reconcile and better for running your business.

3. Let them worry about the security

Payment gateway providers spend a considerable amount of money investing in security so you don’t have to!

But let’s say you decided not to use a gateway and instead opted to collect, store and process all of the credit data yourself. What would the implications be?

Well, in short, your business would be held accountable for the security of the data. If your servers were to crash, or your website got hacked and that data was made vulnerable to theft (or lost), you would have a legal nightmare on your hands. A gateway will take care of all that for you (for a fee).

Customer benefits

POLi Pay and Merco customer benefits

Payment Gateways provide a convenient, quick and secure way for customers to make an online payment through a choice of credit cards.

All gateways must comply with the Payment Card Industry Data Security Standard (PCI DSS) which offers a minimum level of fraud security (and protection) for your customers and, by extension, your business.

Customers also tend to feel more assured in providing credit card details to a third party rather than to the website owner itself.

How gateways work

Once the customer has checked out and selected the option of paying by credit card, the payment gateway service takes over the payment process for the merchant.

To understand the process and how it works, here is a step-by-step summary:

  1. A customer buys an item from the merchant and puts in a credit card number at the checkout screen or if he is buying through a phone answering service, enters his bank credit or debit card number. This
  2. If the payment is being made through a computer, then the information entered is encrypted by the buyer’s computer browser using a SSL encryption and forwarded to the merchant’s site for further action.initiates the payment service.
  3. Details of the purchase, the amount etc. are conveyed by the merchant website to the payment gateway for processing. Here too, the information is encrypted before it is forwarded.
  4. This information is taken by the gateway and is conveyed to the merchant’s bank account.
  5. The information is accepted by the seller’s bank and the transaction details are forwarded to the buyer’s bank for authorization by the card issuing authority.
  6. Based upon a number of factors, the buyer’s bank can either accept or reject the payment. The card issuing authority will generate a response code based on the fact whether the payment was accepted or rejected.
  7. This information goes back to the payment gateway and is then transmitted back to the merchant’s bank account. Here the information is interpreted as relevant or not and is forwarded to the buyer and the seller.
  8. The transaction details are then sent to the merchant to inform him whether the sale has been made of not. It provides both the buyer and the seller with a transaction ID for future reference. It takes only a few minutes for this entire process to be completed.
  9. If the buyer’s bank approves the payment, the sale is clocked and the money is deposited into the seller’s bank account at a scheduled interval.

The seller has to submit all the authorized payments in a batch to his bank at a predetermined interval. The bank then deposits the approved amount to the seller’s bank account. This entire process can take between 2-4 days depending upon the settlement schedule.

How is a payment gateway different to a shopping cart?

Shopping carts and payment gateways are often confused as being the same thing. In fact, they are two completely separate components that are part of the payment process.

Shopping carts allow customers to select products and services on a website and ready them for purchase, while payment gateways actually facilitate the process of payment.

Charges & fee structures

Like all services, payment gateways charge a fee. The payment structure differs between gateways and can be quite confusing for people starting out.

Think carefully about what your business requirements are and reconcile them against the fees for each gateway provider before signing up.

The charges may include any or all of the following:

Transaction fees

The percentages vary between 2 – 6% of the total transaction amount. In addition to the transaction fees, gateways also often charge a flat rate fee per transaction to cover the Merchant Sales Fee (MSF) levied by the credit card schemes. The credit card company, merchant account service and the payment gateway share the commission. This fee can vary from company to company.

Monthly fee

Most payment gateways charge a monthly fee. For some gateways this could be a tiered system with the fee increasing with the number of transactions and service used. The fee includes the administrative charges for your account, plus fees for services like fraud detection, auto billing and customer support.

Set up fee

This is the initial sign-up fee that you may be charged for initiating a merchant account. This is usually a one-time charge and can vary from one service to another.

Other fees

Besides these fees, there are others that may be charged including chargeback fees, security and support, fees for recurring billing and currency conversion charges for international payments.

Are there any risks involved?

The biggest risks involved with using a payment gateway are credit card fraud and prepayment risk.

risk assessment: POLi and Merco

Credit card fraud

Credit and debit card fraud occurs when the card details are stolen and then used to make purchases online by someone other than the cardholder. The details of the card can be stolen while the customer is physically making a point of sale swipe of his card or through phishing attacks. Once the details are with the thief or hacker, they can use it to make purchases online. All reputable payment gateways have procedures in place to prevent such fraud.

Prepayment risk

A prepayment policy is where the purchaser has to pay for goods or services in advance of receiving them e.g. membership subscriptions.

The customer pays the merchant in advance, in good faith, in the belief that the goods that have been purchased, will be delivered on time, will be of good quality and will arrive in perfect condition. If for some reason the goods are not as specified or cease to be available (e.g. the website the customer is paying a membership to closes down), the customer is at risk of losing their money.

Most payment gateways have very stringent policies regarding prepayment. They ensure that the customer does not lose his or her money and that it can be returned to the buyer if there is a dispute or the buyer is dissatisfied.

Top 5 payment gateways in New Zealand


Flo2Cash provides credit card services to enable merchants in receiving their payments as easily as possible, whether it be over a landline phone, internet or your mobile phone. All transactions are processed in real time. Like Swipe they’re able to offer a bundled service negating the need for a facility from a bank.



Specialised payment technologies development for eCommerce entrepreneurshipsas a Paymark Certified Solutions Provider, PayStation is there to help you find the right payment solution for you and your customers. They support internet credit card payment through the following banks: ANZ, ASB, Bank of New Zealand and Westpac. Paystation was recently purchased by Trade Me.

DPS – Payment Express

DPS is a well known credit card/payment gateway provider in New Zealand. It offers a range of services including merchant hosted and non-hosted options as well as a simple manual credit card processing facility.



Bambora (until recently trading as IP Payments) offers a versatile service, and empowers you to handle any kind of payment. You can handle real-time transactions, batch payments, even recurring transactions. It is always good to give your customers the option to use their phone to complete payments and order products or services. Every third New Zealander owns a smartphone, and it would be purely illogical to ignore this market which is only going to get bigger.


SecurePayTech provides secure and affordable credit card authorization and processing services for on-line businesses. Comprehensive reporting of individual transactions combined with historical trend analysis keeps you firmly in control of your business.


Key Features to look for in a Payment Gateway

It feels like there are so many gateway options available to merchants; the fees involved and the level of service all seem to vary so greatly.

There’s also the issue of ‘no one service fits all businesses’. Every business is unique in some way or other and so, therefore, are its needs.

Key Features to look for in a payment gateway. POLi Pay Merco.

What is your business situation?

From a business perspective, there are a few things you should strive to be clear on before you embark on your selection process (it is might be helpful to couch these points within a specific timeframe – e.g. 12 months):

  1. Will your business trade entirely online or will there be a mix of online and physical payments? What are the proportions?
  2. How rapidly do you expect to grow?
  3. How many transactions will take place each month?
  4. How many transactions will take place each month?
  5. Will you customers likely want to use a mobile device to purchase from you?
  6. Do you envisage charging deposits or recurring payments (or both)?

Core features of any payment gateway

Even though there is great variety in the solutions available, there are still a number of core features that you should compare and contrast. Think about the different types of payments you will need to receive and use that as a starting point.

Currency Support

Many merchants in New Zealand start their online business journey with ambitions of cornering a little market in this country. However, the opportunity to sell to customers in other countries (such as Australia) can arise very quickly (whether you want it to or not). It’s not uncommon to begin trading over the ditch within the first 12 months.

However, this decision comes with it to interdependent considerations:

  • 1. Which currencies will the payment gateway accept (from the buyer)?
  • Which currencies will the gateway pay out in (to the seller)?

A gateway may only function in certain countries e.g. New Zealand or the USA but may be capable of processing credit card payments from whatever country the credit card holder lives in. Similarly, the gateway may process the sale in the seller’s currency or provide currency conversion at the point of sale, enabling international shoppers to see the price of the goods in their domestic currency.

HINT – before you do anything else, check that the gateway will operate in your home country. This sounds obvious, but it’s easier to miss than you might think.

Hosted or integrated checkout

There are essentially two ways of hosting a payment gateway: a hosted solution or an integrated solution. There are pros and cons to both.

Hosted Checkout

Most gateways offer a hosted option. When customers check out and are ready to pay they are redirected to a ‘hosted’ payment page(s), which enables them to complete the transaction. They are then redirected back to the seller’s website.


  1. Easy to implement with very little technical knowledge required
  2. Usually a very cost effective solution for start ups and smaller businesses
  3. You can typically style elements of the hosted pages to make them look and feel more like your website


  1. Redirecting customers to a separate set of pages to make payment can often make them feel uneasy.
  2. There is potential to have a greater number of abandoned payments as a result of being redirected
  3. Even with styling, the environment rarely reflects your website’s design to the fullest (i.e. it will still look like a different website).
Integrated Checkout

An integrated checkout basically means that the checkout and payment all takes place within a single environment – your website.


  1. Integrated checkouts tend to look more professional
  2. They tend to ‘feel’ more secure and trustworthy
  3. As they are more customisable, they tend to work better with other add-ons you have in your store (and thus increase conversion rates)


  1. Integrated checkouts require more technical expertise to implement than hosted checkouts
  2. They are usually more expensive.

Mobile and Point of Sae (POS) support

If you run a business that accepts payments via an electronic POS terminal as well online, then you need to ensure your gateway supports/integrates with it.

Ideally, you will have all your payments processed in the same place. There really is no benefit to having to manage two different systems with their own fees and policies.

If your business uses mobile devices for receiving payments, then you should consider a payment gateway solution that integrates with your mobile operating system.

How refunds are processed

If you will need to offer your customers refunds (and what business doesn’t at some time?), then you should explore how they are managed by each gateway.

Some gateways actually offer a refund module that is integrated with your Merchant Account so you can seamlessly update all systems with the new payment information.

However, this is quite sophisticated and many gateways don’t offer this level of integration.

Re-billing and monthly billing (e.g. membership fees)

If you need to offer your customers the option of paying in instalments or any kind of recurring billing, you will need a gateway that offers this functionality.

Security and Reputation

The security and reputation of the payment gateway you ultimately use can and will have a huge impact on your business’ reputation.

A key selling point of using a payment gateway is the security it offers your customers. Do your homework: ensure the gateway is secure and conforms to the Payment Card Industry Data Security Standard (PCI DSS) – at a minimum!

Look into how the service stores and uses customer data. Does it retain the data? If so, why does it do this and how long does it retain it?

Seek impartial reviews of the service online and see what other merchants are saying on social media about their experiences.

Pay-out Policy

Payment gateways act as an intermediary between the customer’s credit card scheme account and the Merchant’s Internet Account. The time it takes a payment to land in your bank account following a completed transaction can vary greatly from one gateway to the next.

All gateways pay out monies in batches that are processed periodically – daily, weekly or monthly. Depending on your business model and cashflow, you may want to look for a gateway that makes more regular payments or on the other hand you may have sufficient operating funds to continue with a less frequent payout policy.


The level of support you can expect from your gateway provider is of critical importance. Be aware that service levels are typically tiered; if you want a greater level of service, you have to pay more for it. You need to figure out if it is worth it for the extra cost to your business. Research the options and see what their existing/previous merchants have to say about their service.

Questions to ask about Payment Gateways

1: Will I need an Internet Merchant Account?

This is potentially the most important question to ask; do not skip this step! Whilst most mid-large sized online businesses will most likely prefer to use their own Merchant Internet Account, many smaller businesses may find this a daunting prospect.

2: What currencies do you support in addition to NZD?

It is clearly critical that the gateway operates in New Zealand and accepts NZD. However, it is important to plan for future growth; is it possible you might be trading in Australia in 18 months?

3: Do you offer integrated checkout?

A seamless purchase experience on your website can often by the difference between a sale or no sale. Different gateways offer different levels of integration with your website; you should certainly consider this when weighing up your options.

4: How are refunds handled?

It is inevitable that you will have to process refunds from time to time. Different gateways handle this in a variety of ways.

5: How secure is your service?

Your reputation for payment security is only as good as the systems you use. As a minimum, your gateway should comply with the Payment Card Industry Data Security Standard (PCI DSS). It may also offer additional levels of security for a tiered fee.

6: What is your payout policy?

You need to understand how the money received in a transaction ultimately makes its way into your business bank account.

A gateway does not make payments to your account continuously in real time; it is always batched and paid out periodically. This could be every few hours to once per month depending on the gateway and the service.

If your business has cash flow challenges (and who doesn’t?), you should look for a service that offers regular small payouts.

7: What re-billing services do you offer?

Re-billing is a useful service for any merchant that might have a need to charge a customer multiple times without having to take their payment information each time.

Examples of this could be taking monthly membership fees, deposits or payment instalments. The key thing here is that the gateway has to allow the merchant to store the customers’ payment details.

8: How much does your service cost?

Payment gateways are not free – and nor should they be. Different companies will charge for their services in different ways so ensure you have list of requirements to aid you in your research.

9: What are the terms of your contract?

It is critical that you understand fully how the gateway uses the sensitive data it processes on behalf of your business. You should also know how easy it is to cancel the service and what, if any, information you can take with you. If you require an Internet Merchant Account, there is even more paperwork!

10: Is it easy to set up the gateway?

New Zealand has many small businesses and with that often comes lower levels of technical expertise compared to our better-resourced corporate cousins.

Some gateways are incredibly easy to set up whereas others can be more complicated. Always confirm which merchant accounts it will work with and consult the support documentation before making a decision. If in doubt, hire the services of a professional.

Try to seek out clear instructions from all parties for how to connect your payment gateway to your website, connect it to your merchant account and ultimately your business bank account. The level of complexity will vary between solutions and whether you are opting for a hosted or integrated checkout.

HINT – try to find a way of running the gateway in a development environment and always read the support documentation before choosing the gateway.

11. What will my customers see on their credit card bills?

Merchants often overlook this but it affects their relationship with their customers. Some gateways will simply show their company name on the statement where others may allow you to personalise the details with your business name. The bottom line is, find out how the charge will appear on your customers’ bills and tell them.

12. Who owns my data?

You are going to be processing large volumes of sensitive and important data: credit card details, payments, orders, and refunds to name a few. Before you sign up for any gateway service, ensure that you know exactly who owns the data that has been collected.

13. How easy is it to cancel the service?

We’re talking about cancelling the service before you’ve even begun! Overly pessimistic? Perhaps a little but nevertheless you should still know how to go about cancelling your subscription to the gateway service if you had to.

You might need to give a notice period, pay a buy out fee or be forced to complete your contracted term. When you are dealing with a subscription as fundamental to your business as income and customer payment data, it pays to know.

The application process can be quite lengthy (and expensive) in New Zealand and it will involve a credit check (often an issue for start ups that don’t have 24 months of business accounts).

What is a Merchant Bank Account: POLi and Merco

So, what is an Internet Merchant Bank Account?

Anybody who has begun the process of researching payment gateways will have heard the words ‘Internet Merchant Bank Account’. Some gateways seem to offer them as part of the package whereas others simply tell you that you need one before you can even start!

So, just what are these Merchant Accounts and why do some gateways offer them while others don’t? And why do I have to do a credit check to get one? Help!

What is a Merchant Account?

Internet Merchant Accounts are critical parts of a payment gateway. The downside is it’s hard to explain how they work, what type you need and how to get one.

A Merchant account is a special type of bank account that receives and holds funds that have been authorised by the payment gateway. It holds onto these funds for a defined period of time before transferring them to the business bank account in batches. That way, your business account is not receiving hundreds (or thousands) of individual deposits each day.

There are two types of Merchant Accounts.

Dedicated Account

A dedicated merchant account is one that belongs only to you. To get a dedicated Merchant Account, you will need to sign a legally binding aggreement with the issuing bank and you will usually have to go through an in-depth credit check. The payment processing companies take a risk every time they process a credit card transaction on your behalf as they bear the costs of credit issues and chargebacks.

So, it’s a complicated business and you will have to jump through a considerable number of hoops to satisfy all that you are not a risk to the underwriters.

Do you even need a dedicated merchant account?

That’s a good question and, as always, it comes down to the size of your business and volume of sales you are projecting. If you only expect to process 50 credit card transactions per month, it might not be worth the lengthy (and fairly costly) Merchant Account application process. (As well as the assortment of fees, legal contracts and terms of service.)

If you do project decent volumes of credit card transactions each month then a dedicated account could be a good bet. It would give you a lot more control over your money than an aggregator account (see below) in particular the speed at which you can access funds.

You will sometimes see a merchant account bundled in with a Payment Gateway’s payment processing services. An example of this in New Zealand would be DPS. This approach will typically charge transaction fees based on the volume of transactions processed each month on a sliding scale. See more on fees later in this chapter.

Aggregator Account

An aggregator account is the second type of merchant account. Think of these accounts as a shared resource for a range of companies utilising the service. Rather than your bank processing payments on your behalf (and taking on the risk), the aggregator does it instead. A well known example is PayPal.

Aggregator accounts are often very appealing to smaller companies and start ups as they are far easier and faster to set up than dedicated accounts.

You have far less control over your money with an aggregated service particularly with regards to how long pay-outs can take (often 5 working days plus). Also, the simplicity they offer typically comes at a cost although many of the aggregators also streamline their fees (PayPal operates at a flat per-transaction rate with no monthly fees).

If your online business only processes a few hundred transactions per month, you might want to consider this option. It is lightweight, easy to set up and get running and, while not necessarily cheaper, the fee structures are certainly simpler.

Internet Merchant Bank Account Fees

Like all services there is a fee for establishing and using Merchant accounts. The fees will vary from one bank/provider to another but watch out for these fees in particular.

Annual Fees

Most providers charge an annual maintenance fee from merchants. This can vary from one provider to another and can be anywhere from $79 – $400.

Monthly fees

Some of the fees charged are monthly fees. The statement fee is one such fee and is charged every month. Another monthly fee is the Monthly minimum fee, which is the minimum amount a merchant, will be charged irrespective of the actual processing charges.

Early termination fees

Some providers may charge a fee if a merchant terminates an account before the end of the contract term.

Merchant Service Fees (MSF)

The MSF is the fee paid to the credit card scheme providers for using their credit facility. Sometimes this fee is rolled into general transaction or account maintenance fees but it is good to check.

Other fees

There are a host of other fees that could be charged to a merchant including those for customer services, batch payments, chargebacks and transaction fees.

Other Questions to Ask About Merchant Accounts and Payment Gateways

Here are a few more questions you should have up your sleeve when it comes to getting into bed with a Internet Merchant Bank Account provider.

  1. Does the gateway have a list of specific merchant account providers I have to choose from?
  2. Does my gateway require a merchant account to be set up independently or will it be bundled with the gateway?
  3. How long is the application process? How complicated is it?
  4. What are the minimum requirements for a merchant account?
  5. How much will the account cost to set up and on-going?

What is PCI Compliance?

The term ‘PCI-DSS’ stands for Payment Card Industry Data Security Standard (although it is typically abbreviated to ‘PCI’). It is a set of regulations that all companies that process, store or transmit credit card data must adhere to in order to maintain a secure transacting environment. Regardless of the size of the business or the number of transactions processed, all merchants must be PCI compliant.

How do you get compliant?

This depends on your size and set up. If your business is online only and your gateway is processing all of the payments, then the responsibility for compliance falls on the gateway provider.

However, it is important to check with the gateway provider, particularly if you are using an integrated checkout rather than a hosted solution.

ALWAYS, ALWAYS, ALWAYS ensure that your gateway is PCI compliant. Find out more at

What happens if you aren’t?

PCI compliance is a serious business. Payment service providers may penalize banks for not following the PCI standards. The fines could be range from $5000 to $100000 per month. The banks then transfer the fee down to the merchant who will have to bear the cost of the fine or suffer increased transaction fees to cover the losses. At the very least expect to have your merchant account terminated.

All merchants have to adhere to the standards at all times. Check your merchant account contract to see what is the extent of your exposure in case of a breach of PCI compliance.


Setting up a payment gateway for your website can be complicated but you can simplify the process with a little forward planning. By understanding your businesses’ requirements of an online payment system in the short, medium and long term, you stand a better chance of making the right decision and saving yourself unnecessary pain.

So, do you need any help with payment gateways? Anything we’ve missed? Drop us an email – we’d love to hear from you.

To your continued online success!

Jeff Skidmore @POLi