Payment gateway

A payment gateway (PG, 전자지급결제대행/電子支給決濟代行) is an e-commerce application service provider service that authorizes credit card payments for e-businesses, on-line retailers, bricks and clicks (온/오프라인 거래), or traditional brick and mortar (전통적 소매). It is the equivalent of a physical point of sale terminal located in most retail outlets.

Payment gateways protect credit card details by encrypting sensitive information, such as credit card numbers, to ensure that information is passed securely between the customer and the merchant and also between merchant and the payment processor. A payment gateway facilitates the transfer of information between a payment portal (such as a Website, mobile phone or interactive voice response service) and the Front End Processor or acquiring bank.

Key words
payment gateway, electronic financial services, payment gateway process, registration with FSC

Statutory ground
The Electronic Financial Transaction Act (전자금융거래법) provides that a payment gateway or "electronic payment settlement agency service" means any service rendered to transmit or receive payment settlement information in purchasing goods or using services in the electronic form or to execute as an agent or mediate the settlement of prices thereof. Article 2 xix.

Any person who intends to perform the electronic payment settlement agency services shall register himself/herself with the Financial Services Commission (FSC, 전자금융업 등록): provided, that the same shall not apply to banks provided for in the Banking Act and other financial institutions determined by Presidential Decree. Article 28 (2) iv.

PG process
When a customer orders a product from a payment gateway-enabled merchant, the payment gateway performs a variety of tasks to process the transactions. Many payment gateways also provide tools to automatically screen orders for fraud and calculate tax in real time prior to the authorization request being sent to the processor. Tools to detect fraud include geolocation, velocity pattern analysis, OFAC list lookups, 'black-list' lookups, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.
 * A customer places order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service.
 * If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's webserver. In between other methods, this may be done via SSL (Secure Socket Layer) encryption. The payment gateway may allow transaction data to be sent directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces the merchant's Payment Card Industry Data Security Standard compliance obligations without redirecting the customer away from the website.
 * The merchant then forwards the transaction details to their payment gateway. This is another (SSL) encrypted connection to the payment server hosted by the payment gateway.
 * The payment gateway forwards the transaction information to the payment processor used by the merchant's acquiring bank.
 * The payment processor forwards the transaction information to the card association (e.g., Visa/MasterCard/American Express). If an American Express or Discover Card was used, then the processor acts as the issuing bank and directly provides a response of approved or declined to the payment gateway. Otherwise [e.g.: a MasterCard or Visa card was used], the card association routes the transaction to the correct card issuing bank.
 * The credit card issuing bank receives the authorization request and does fraud and credit or debit checks and then sends a response back to the processor (via the same process as the request for authorization) with a response code [e.g.: approved, denied]. In addition to communicating the fate of the authorization request, the response code is used to define the reason why the transaction failed (such as insufficient funds, or bank link not available). Meanwhile, the credit card issuer holds an authorization associated with that merchant and consumer for the approved amount. This can impact the consumer's ability to further spend (e.g.: because it reduces the line of credit available or because it puts a hold on a portion of the funds in a debit account).
 * The processor forwards the authorization response to the payment gateway.
 * The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted as a relevant response then relayed back to the merchant and cardholder. This is known as the Authorization or "Auth". The entire process typically takes 2–3 seconds.
 * The merchant then fulfills the order and the above process is repeated but this time to "Clear" the authorization by consummating the transaction. Typically the "Clear" is initiated only after the merchant has fulfilled the transaction (e.g.: shipped the order). This results in the issuing bank 'clearing' the 'auth' (i.e.: moves auth-hold to a debit) and prepares them to settle with the merchant acquiring bank.
 * The merchant submits all their approved authorizations, in a "batch" (e.g.: end of day), to their acquiring bank for settlement via its processor.
 * The acquiring bank makes the batch settlement request of the credit card issuer.
 * The credit card issuer makes a settlement payment to the acquiring bank (e.g.: the next day)
 * The acquiring bank subsequently deposits the total of the approved funds into the merchant's nominated account (e.g.: the day after). This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.
 * The entire process from authorization to settlement to funding typically takes 3 days.

Types of sevices and tariffs
A recent market survey shows several types of payment gateway services and relevant tariffs thereof:
 * Credit card (크레딧 카드) PG: 가맹점이 내는 수수료는 3.3~4.0%이지만 카드사 수수료를 공제하면 0.4~1.0%
 * 카드사가 PG업체에 대금을 지급하는 시기는 D+2~6일, 가맹점 앞 지급시기는 D+3~10일


 * Online account transfer (온라인 계좌이체) PG: 가맹점이 내는 수수료는 1.8~2.5%이며, PG는 은행이나 은행망과 연계
 * PG업체에게 별도의 수수료를 내야 함 (가맹점에 대한 대금입금 시기는 D+1~8일)


 * Virtual account (가상계좌) PG: 가맹점이 내는 수수료는 건당 300~500원이며, PG사는 별도로 은행에 가상 계좌 설치
 * 사용 수수료를 지불해야 함 (가맹점에 대한 대금입금 시기는 D+1~8일)


 * Communications billing (통신과금) PG: 가맹점 지불 수수료는 5~13%, 통신회사 몫은 5~7% (대금지급 시기 2~3개월)
 * Gift certificate (상품권) PG: 가맹점이 내는 수수료 10~18% (상품권 발행업자 수수료 포함, 대금지급 시기 1개월)

PG companies

 * KSNET (케이에스넷)
 * KCP (한국사이버페이먼트)
 * LG uplus (LG u플러스)
 * KG Inicis (이니시스)
 * u-Way (대학원서접수 대행 유웨이)