No items found.

Multiple Payment Gateways: The Why and How

No items found.
October 4, 2022

Innovative and savvy companies use multiple payment gateways from multiple payment service providers (PSPs) to improve their user experience, reduce costs, and expand into new markets. In this article, you’ll learn why you shouldn’t rely on a single payment vendor. And more importantly, you’ll learn how to easily support different payment vendors so you can enjoy total flexibility without burdensome complexity.

According to the Baymard Institute, 28% of customers' cite long and complicated checkout processes as the reason for canceling their purchase. Decline rates, latency, and overall performance fluctuate across PSPs.

If you’re limiting your payment stack to a single PSP (sometimes called a payment vendor or payment processor), you’re hurting your company’s ability to grow into new markets, optimize margins, and address customer needs. Additionally, since you’re “locked-in” to a single payment vendor, you have little to no control over fee changes and outages – and no way to quickly respond if payment services are canceled.

The best way to address these issues is to integrate your payments infrastructure with multiple PSPs. That might sound complex, and it can be, but in this article I’ll show you how you can easily escape payment processor “lock-in” so you can optimize payments for your business.

Let's start by defining our terms: What is a payment gateway, and what is a PSP?

What is a Payment Gateway, and what is a PSP?

A payment gateway is a service that helps merchants initiate ecommerce, in-app, and point of sale payments, and that connects to a PSP to process those transactions with card networks like Visa, Mastercard, etc. A PSP gives businesses the support they need to access electronic payments, providing a consolidated merchant account and payment gateway for the collection and management of payments. 

PSPs help abstract away the complexities of supporting payments for e-commerce businesses while also helping to ensure that those businesses’ e-commerce sites stay PCI compliant. 

Typically, PSPs like Stripe, Adyen, Braintree, and others, provide several ways to securely collect credit card data. For purposes of this article, working with multiple payment gateways or multiple PSPs amounts to the same thing.

For example, in a typical transaction the purchaser is redirected to a website hosted by the PSP, and all collection and transaction activity takes place in that hosted payment environment.

How PCI Tokenization Works for Card Authorization

Alternatively, for a more seamless and brand-integrated experience, merchants can collect card data through a secure form and client-side SDK instead of redirecting purchasers to the PSP’s site. The form fields that collect sensitive data are hosted by an iframe that runs within the PSP’s PCI compliant environment (as shown above).

To maintain PCI compliance, PSPs use tokenization to obfuscate sensitive data fields like credit card numbers. When you work with a PSP, they generate tokens and provide them to your business using a process called PCI tokenization. You can safely store these tokens within your application database. 

How PCI Tokenization Works for Card Transactions

When you need to charge a credit card, you call the payment service APIs using these tokens (as shown above). Next, the PSP converts these tokens to the original values and routes the transaction to the correct card network – Visa, Mastercard, etc.

What Does It Mean to Use Multiple Payment Gateways or PSPs?

Many merchants use a payment gateway provided by a single PSP for all of their transactions. To use multiple PSPs, a merchant (such as your business) selectively routes each payment through one of several payment gateways. There are many reasons that your business would want this flexibility, for your own benefit and your customers’ benefit.

Benefits of Using Multiple Payment Gateways

In this section, I’ll cover six important business and customer benefits to using multiple PSPs.

Business Flexibility

Just as it’s a good investment practice to diversify your portfolio and not put all of your money into a single market investment, using gateways from multiple PSPs is a good business practice to give you maximum payment processing flexibility. With multiple PSPs, if your relationship with a specific vendor deteriorates for whatever reason, you aren’t locked into using that vendor.

Additionally, PSP fee structures can change or vary depending on the use case and other factors. By having more than one option, you retain negotiating power and the ability to easily discontinue working with a given PSP, if needed.

Geographic Coverage

As you expand your business internationally, the need for more than one payment gateway becomes acute. Some PSPs charge more for transactions in certain countries, or have other limitations like only supporting certain currencies or payment methods. Just as importantly, the rate of authorization or transaction failure, and overall platform performance, can vary greatly from one country to another for a given PSP.  

By using more than one PSP, you can route payment authorization and transactions through the PSP that gives you the best fee structure, most coverage, and best performance in each country where you operate.

Enhanced User Experience

By limiting yourself to a single PSP, you’ll often face situations where you can’t serve a given customer using their preferred payment method. Your chosen PSP might not support the type of card or currency that your customers prefer. This adds friction to the payment flow for your customers, which hurts their customer experience and leads to a larger number of abandoned purchases and results in lost sales.

With multiple PSPs, you can serve a wide variety of customer needs and payment methods. Better yet, you can demonstrate understanding and empathy for your customers by customizing their payments experience to their geographic region.

Additionally, if there’s ever a problem with a particular PSP, you can dynamically switch options on the fly, so that you can process the transaction rather than frustrating your user with a failed payment.

Optimize Your Payment Stack

Using multiple PSPs helps you to optimize your payment stack so that you can increase conversion rates, minimize declined transactions, and ensure all transactions are processed optimally. 

Optimal routing approaches typically fall into one of three categories:

  • Success-based routing focuses on reducing authorization and transaction failures, and managing factors like pricing conditions, geography, and potentially other factors. Machine learning algorithms can be used to optimize around a large variety of conditions and features.
  • Health-based routing focuses on the uptime and speed of the payment gateway.
  • Business-rule-based routing focuses on known factors like card brand, issuer, and payment method.

Payment Gateway Backup

Even the best payment services in the world can have downtime. Your business will share in this downtime if you’re limited to a single payment gateway that’s undergoing an outage. By working with multiple PSPs and using multiple gateways, you can reroute authorization and transactions to an alternative payment processing vendor.

Downtime and slowdowns tend to happen at the worst possible time for businesses that rely on a single PSP – for example, during critically-important Black Friday Sales in the United States. Using multiple gateways helps you maintain a consistent, reliable, and quick payment experience for your customers – a key differentiator when they’re at their most impatient and competitors are looking to lure them away.

Control Over Analytics

Many PSPs lack certain features, like privacy-preserving analytics. And, the type of data that you can get from each PSP varies from one vendor to another. By leveraging multiple PSPs, you can tap into a large range of features, allowing you to dive into purchase data analytics so you can make an informed decision about which gateway to prioritize when routing each payment.

When Is It Time to Switch?

In the previous section, we covered the benefits of using multiple PSPs to help you optimize your customer payment experience, but there are also some clear signals to look out for so you’ll know when it’s time to prioritize this effort.

Fees and Processing Costs

If your cost of processing is too high or the pricing tiers for your PSP are no longer a good fit for your business, you likely need to consider switching or diversifying. 

Lack of Features You Need

Your current PSP might not have kept up with the times. Perhaps their feature set was adequate when you started your business, but at this point, they might lack the essential features you’d expect of more modern systems, such as: mobile app support, network tokenization, and 3D Secure (3DS).

Expanding to New Markets

If you’re expanding into new geographies, your PSP might not be able to process payments in that market or support the local currencies. You can either switch to a PSP that supports everything you need, or integrate with multiple PSPs to create a flexible solution that combines the strengths of multiple payment vendors.

Poor Support

It’s extremely frustrating to pay for a service, especially one that’s as critical to your business as a PSP, and not get first class customer support. If you’re not getting the support you need from your payment vendor, then it’s likely time to switch to another vendor – or start working with multiple PSPs. 

How to Support Multiple Payment Gateways

There’s clearly a strong case for any business to use multiple payment gateways, which is why it's a proven success pattern followed by the world’s most innovative and fastest growing companies. However, if you were to start collecting and storing credit card data yourself so that you can authorize and transact through any third-party payment provider, you’d drastically increase your PCI compliance scope. That’s a deal breaker, because offloading PCI compliance scope is part of what attracted your business to working with a PSP in the first place.

So how can you support multiple payment gateways without taking on additional compliance scope?

You can do this by moving your customer credit card data into Skyflow Data Privacy Vault

With Skyflow Vault, you can securely collect PCI data just like you would if you worked with a single payment processor like Stripe – except instead of sending the card information directly to Stripe and having your customer data locked away in their systems, the data is stored in your Skyflow Vault.

The vault is a PCI Level 1 compliant environment that lets you continue to offload PCI compliance, but gives you the additional freedom to quickly and easily switch between payment systems. And better yet, centralizing your customer PCI data in Skyflow lets you easily utilize multiple gateways to create the best user experience possible for each of your customers, regardless of where they’re located.

High-level Architecture for Using Multiple Payment Gateways with Skyflow
High-level Architecture for Using Multiple Payment Gateways with Skyflow

Let’s see how to set this up.

Step 1: Create a Payment Vault in Skyflow Studio

With Skyflow Studio, you can quickly create a payment vault using the built-in Skyflow Data Types

For example, in the following image (left side), you can select the Card Expiration Date to represent the credit card’s expiration month and year. This data type is preconfigured to support common use cases, and can be easily added to your schema, along with the other types of PCI data that you’ll store in Skyflow. 

On the right side of the following image, you can see a complete example schema for collecting payment card data, with columns for card number and cardholder name, and with Card Expiration Date translated into expiry_month and expiry_year:

Example of a Simple Payment Vault Schema in Skyflow
Example of a Simple Payment Vault Schema in Skyflow

Now that we have our schema, we can get ready to collect PCI data.

Step 2: Securely Collect PCI Data

Similar to vendors like Stripe, Adyen, or Braintree, when card numbers and other PCI data are stored within Skyflow Vault, it returns tokens that can be safely stored within your application storage and other backend infrastructure.

To securely collect PCI data and route it to Skyflow without exposing your frontend or backend to sensitive data, you must use Skyflow Elements. This feature provides pre-built form elements to collect sensitive data client-side. 

As a simple example, the HTML below sets up a form to collect credit card information, including CVV.

You’ll need to mount a Skyflow Element to each of these DIVs to dynamically insert the secure collection fields. 

The example code below initializes the Skyflow client-side SDK and a collection object, and then mounts a card number collection element, inserting the secure form field and mapping it to the credit_cards table and card_number column defined by the vault schema.

When the user clicks the saveCreditCard button, the form data is stored securely within your Skyflow Vault and tokens are then returned to the frontend. These tokens can then be safely sent to your backend to be stored within your application database.

Now that you’ve saved this PCI data in Skyflow Vault, it’s time to securely share it with your chosen PSP.

Step 3: Create a Skyflow Connection to One or More PSPs

To authorize a card with tokenized data, instead of calling a payment gateway directly, you’ll call a Skyflow Connections API endpoint and pass the tokens in this request. You can create as many Skyflow Connections to as many PSPs as you want to support.

Skyflow supports several pre-built Connections, integrations to popular PSPs like Stripe, Adyen, Authorize.net, Braintree, and many others. 

However, you can also create connections to other PSPs that don’t have pre-built integrations using either the Skyflow Connections API or the Skyflow Studio UI. In the following image, you can see an example of using Skyflow Studio to create a new Connection to Stripe.

Example of Creating a Connection to Stripe
Example of Creating a Connection to Stripe

After configuring the Connection and route, you can call the connected API service just like you would if you were calling the payment gateway API directly, except that you call the Skyflow Connections API endpoint instead. 

Skyflow automatically detokenizes the tokens received within your vault’s secure computation environment, and then calls your chosen payment gateway on your behalf, sending the response directly to you – as shown in the following code example:

Wait, What About CVVs?

The schema and example above doesn’t include card verification codes (CVVs or CVCs) because PCI DSS forbids storing CVVs, but you can also use Skyflow to handle CVVs in full compliance with PCI DSS Requirements.

Wrap Up

With your customer credit card data securely stored in your Skyflow Vault, you’re not only offloading PCI compliance and de-scoping your infrastructure, but also gaining the flexibility to work with any PSP, or even multiple PSPs. 

To learn more about modernizing your payment stack, check out How Fintech Companies Can Break the False Dichotomy of Data Privacy Versus Data Utility

Keep Reading

December 12, 2024

Unlocking Privacy-Preserving AI with Skyflow’s Secure AI Functionality

Discover how Skyflow’s Secure AI Functionality empowers businesses to build privacy-preserving AI applications with enhanced usability, advanced privacy controls, and seamless data management—unlocking innovation while safeguarding sensitive information.
November 12, 2024

Navigating China’s PIPL Requirements: How to Unlock China Go-to-Market

In this post, we show how companies can address China's PIPL regulation by leveraging AWS infrastructure in China in combination with Skyflow Data Privacy Vault.
Data Privacy Vault
Data Residency
October 28, 2024

India SEBI's New Cybersecurity and Cyber Resilience Framework: Data Protection Strategies for Regulated Entities

Learn about SEBI’s new Cybersecurity and Cyber Resilience Framework (CSCRF) for regulated entities in India. Discover key data protection strategies for compliance and enhanced security.