Global E-Commerce Gateway
We’ve combined the knowhow, processing reach and financial stability of Elavon, with the gateway expertise, fraud controls and connectivity of DataCash, a MasterCard Worldwide company, to bring our customers the next generation E-Commerce gateway.
Designed to meet the evolving needs of businesses everywhere, Elavon’s Global E-Commerce Gateway extends the convenience of payment choice to our customers, while addressing the risk and data security concerns they face when accepting payments online.
A fast, simple and reliable checkout ensures a positive customer experience while advanced fraud tools help optimise their sales.
Elavon’s Global Gateway offers many more features than the ability to accept credit cards through an online form, e.g. value-added features that either make our customers lives easier, or help to increase their revenue streams. Here are some of the more common features:
- Fraud Prevention
- Virtual Terminal
- Alternative Payment Methods
- Multi-Currency Service
- Recurring Billing
- Integration – two options
Developer & Integration Guides
- Global E-Commerce Gateway Developers Reference Guide
- Global E-Commerce Gateway Merchant Integration Guide
- Global E-Commerce Gateway Technical Support Guide
- Global E-Commerce Gateway Developers Reference Guide to 3DSecure
- Global E-Commerce Gateway Developers Reference Guide to Recurring Payments
- Global E-Commerce Gateway Developers Reference Guide to Hosted Card Capture and Hosted Payment Service
- Global E-Commerce Gateway Developers Reference Guide to Tokenisation
- Global E-Commerce Gateway Developers Reference Guide to Batch Input
- Magic Card Numbers
Global E-Commerce Gateway Frequently Asked Questions
What is a Gateway?
A gateway connects your e-commerce website to your account. The gateway facilitates online payments by connecting your secure order form with your specific merchant account at a processing bank. The gateway takes the submitted form data and presents it to the processing bank. When it receives a response from the bank, it presents that return data to the site of origin for appropriate handling.
Virtual Terminal is for our customers who need to accept card payments over the phone, in their back office or in a call centre environment.
Virtual Terminal allows our customers to manually enter transaction information for mail or phone orders or to resubmit once-flagged fraudulent transactions that have been determined to be genuine. It also allows customers to process cancellations, refunds or multiple fulfil transactions.
- Process credit and debit card transactions
- Identify and prevent fraud
- Generate and review transaction reports
- Cancel any approved transactions prior to the end of day cut-off (i.e. before it is sent to the bank for settlement).
Studies show that alternative methods - such as PayPal, Bill Me Later and Google Checkout, to name just a few - have captured a significant market share.
In Europe, although credit cards are commonplace, many purchases are made with inter-bank transfers - something that is not done in the United States except in business-to-business (B2B) markets. In the United Kingdom, debit cards are used extensively for online purchases; in China, many online purchases are made with cash.
So, deciding which payment methods to accept and how to do it can really be a critical and complex task. Yet, if you really want to optimise online sales globally, you have to be prepared to consider all the alternatives. The wider you can cast your payments net, the more sales you will harvest.
PayPal provides one of the most popular e-wallet services in the world, including the UK where one of every two online shoppers is a PayPal customer. PayPal, with over 103 million active registered accounts (164 million total accounts worldwide), provides a convenient method to pay for goods and send money to other users using stored PayPal payment information and the PayPal Express checkout facility.
Fraud and Risk Prevention
With the increased sophistication of hackers and the proliferation of stolen identities, global merchants must protect themselves with better mechanisms for mitigating fraud and reducing risks. Fraud prevention and reduction is one of the most important aspects of global and cross-border E-Commerce for merchants.
There are many fraud-prevention methods, including address matching (AVS), card security code validation (CCV) and explicit password authorisation. The critical decision for merchants is to choose the right technique or techniques that will minimise fraud but not result in too many false positives that turn away honest customers.
At the same time, dynamic credit risk assessment is essential. You need sophisticated tools that can instantly weigh the buyer’s ability to qualify and/or pay for whatever products or services are being offered— regardless of the country from which the purchase originates.
Elavon’s Global E-Commerce Gateway delivers comprehensive reporting and administrative tools to better analyse and understand e-commerce payment activity.
The Elavon solution provides a single web interface for managing multiple payment networks and for reconciling and researching transactions. Corporate treasury personnel don’t have to spend hours searching for and converting data. The system allows you to look at all transactions across all cross-border websites and to more easily perform analysis and currency hedge calculations.
Payment and Data Security
Elavon’s E-Commerce Gateway authenticates payment data according to industry and card scheme payment protocols with advanced, real-time authentication technologies and authorisation controls that improve online transaction security during authorisation and alleviate the regulatory and compliance burdens for our customers.
Card Security Code - Validates the card security code with issuer information.
Address Verification - Verifies the cardholder’s billing address with issuer information.
3-D Secure - Creates a virtual card present environment for online card-not-present transactions to authenticate all parties involved and guarantee payments for you.
Tokenisation - Protects cardholder data by exchanging actual card data with a randomly generated unique ID (“token”). The token can then be submitted in all future payment events instead of the card number, removing the burden of storing sensitive card data on internal systems and reducing PCI DSS compliance requirements.
Comprehensive Fraud Management
Elavon’s E-Commerce Gateway offers a range of Fraud Management Solution levels designed to meet the needs of businesses of all sizes, with transaction and/or sector specific needs. Advanced predictive modelling, behavioural analysis and self-defined rules help our customers better detect legitimate versus fraudulent transactions.
Express Fraud Screening of card transactions in real-time helps businesses reduce chargebacks. Express Fraud Screening offers protection for all goods and services being sold, even those that need to be instantly fulfilled - plus, it is simple to integrate:
- Utilises expertly crafted rules to value transactions as low and high risk
- Fraud screening Credit and Debit Cards using core transaction data set
- Reliable Risk Decision Engine for automated fraud screening
- Accept or Reject Model
- Real-Time Decisions with responses generated in less than 2 seconds
- Fraud Reporting with accurate real-time view
Core and Core Advanced Fraud Screening
These service levels provide comprehensive, sector-specific fraud screening solutions for both card and alternative payment transaction types (PayPal is only available with Core). Ideal for businesses that need to reduce fraud, mitigate risk and diminish false positive results for genuine customers. Our Core and Core Advanced Fraud Screening provide an effective fraud solution with minimal integration effort and help our customers achieve the lowest possible chargeback rate (less than 0.3%):
- Ability to process a large volume of transactions through multiple channels and geographies
- Compatibility with Payment and Data Security Services
- Automated transaction screening with option of real-time, on-time comprehensive rules or a combination of the two
- Provide unbeatable precision around identification of fraudulent transactions with access to merchant specific and global negative data sharing community
- Reliable risk decision engine processes large volume of transactions 24 hours a day
- Fraud Screen option for all global payment and transaction types
- Risk Management Interface to manually review high risk transactions
- Web-based reporting tool and risk management interface
- Option to use sector specific rules and a global view of data with assistance from team of risk experts
Elite Fraud Screening
An end-to-end, highly customised fraud and risk solution designed to meet the needs of businesses that process significantly large volumes of transactions across a diverse geographic footprint. Our Elite Fraud Screening provides a multi-dimensional defence to ensure the total protection needed to fight fraud coupled with the intelligence necessary to keep legitimate sales:
- Fraud Scoring and Modelling Services with real time and/or offline screening and rule categories
- Custom made, sector specific rules
- Payment Security Services featuring 3-D secure authentication, address verification, security code verification and age & identity verification
- Automated real-time and on-time comprehensive transaction screening
- Reliable Risk Decision Engine available 24 hours a day
- Fraud Alerts and Incident Management for in-depth analysis of high risk transactions
- Regular chargeback and rules performance management
- Knowledgeable risk experts to assist with queries
- Web-based, sophisticated management reporting tools
Integrating with Elavon’s Global Gateway
Elavon’s Global E-Commerce Gateway solution is easily integrated with any existing website, call centre or mobile app, allowing retained control of look, feel and branding. Furthermore their customers don’t feel they are being moved to another site to make a payment.
All interfacing to Elavon’s Global Gateway is ultimately based around the exchange of XML messages, via a secure data connection (HTTPS internet / MPLS private connection). Elavon offers a range of integration options, including fully-hosted payment pages and advanced API access.
Types of Payment Gateways
There are two primary types of payment gateways based on the location of the transaction processing code:
- A Secure Hosted Payment Solution (HPS)
The most common implementation solution, this option redirects consumers to the website of the payment gateway provider. After the payment is processed, the consumer is returned to your website. Elavon offers two variations to the Hosted Pages Solution – HPS and HCC – both are detailed below.
- Merchant Side API
With API access, the transaction processing code resides on your server and accesses the payment gateway by using an API (Application Programming Interface).
1. The Hosted Payment Solution (HPS)
Elavon’s Hosted Pages Solution captures and transmits sensitive card data from within the merchant’s usual checkout process. The Hosted Payment Solution provides merchants with a secure form, hosted by Elavon, where your customers can enter their sensitive payment information, thereby lessening the responsibility of complying with PCI DSS.
The Hosted Payment Solution is a complete, one-stop-shop for payment processing where Elavon’s Gateway manages the provision, capture and settlement of card and security data within a single API call, including 3-D Secure authorisation if required. The response of the transaction event is then returned to our customers system (via a return URL), allowing them to complete the shopping session.
HPS - Benefits at a Glance
- Securely hosted by Elavon, so you will not require an SSL certificate and the PCI DSS burden is reduced
- You are given the flexibility to display this page using a pop-up, redirect or iframe model
- Customisable - change the look and colour to match your website and choose what fields to display. Elavon can provide a default page template as a guide
- Requires basic knowledge of HTML to integrate and is best suited to customers with basic processing requirements and/or limited development capabilities
- Can be configured to automatically email transaction receipts to you and/or your customers
- Simplest solution for our E-Commerce customers, since once the Gateway session and page request is made, the rest of the process is managed entirely by Elavon’s Global E-Commerce Gateway *
2. The Hosted Card Capture solution (HCC)
The Hosted Card Capture solution, the most popular solution for the largest cross section of Gateway clients, sees the card details captured on a webpage hosted by Elavon, rather than on your own website. This means that the responsibility for complying with PCI DSS is reduced - as your websites are not storing or transmitting card details.
Similar to HPS, the Hosted Card Capture solution will provide you with a payment page or iframe, but one specifically to capture only the card / security data. Once this has been completed, a transaction token is provided back to you, allowing you to systematically drive the remainder of the transaction events directly with full control of the transaction session with your customers via Direct XML.
You may want to accept multiple payments from your customer's bank card, without the PCI DSS burden of requesting and retaining the card number for every transaction. With Elavon’s HCC solution you have the option of submitting encrypted data (a 'token' or a 'reference') associated with your customer's card number or previously authorised transaction. The token or reference number can then be submitted for all subsequent payment requests, thus removing the burden of storing sensitive card data internally and reducing PCI DSS compliance requirements.
HCC - Benefits at a Glance
- Securely hosted by Elavon, so you will not require an SSL certificate
- You are given the flexibility to display this page using a pop-up, redirect or iframe model
- Customisable - change the look and colour to match your website and choose what fields to display. Elavon can provide a default page template as a guide. Placeholders are available to allow you to display dynamic fields on their payment page – e.g. customer name, or product name
- You maintain complete control during the entire transaction flow
- Acceptance of an extensive range of global and local alternative payment methods (i.e. PayPal)
- No card data to capture as tokens are supported. Based on the token’s generated, your system then has the capability to remove the requirement for repeat shoppers to rekey card data, by simply providing the CSC and 3DS data / API’s invocation in subsequent visits with the token matched to the customer profile (which locates the required card data from the Gateway databases)
- Support for detailed query messaging, so the interfacing system is completely aware and managing the various stages of the customer interaction (unlike HPS where the Gateway needs to respond once the entire card transactions and any subset processes such as 3DS have completed). This prevents your customers from dropping into black holes and the subsequent blocking of tickets / goods / service availability, prior to the successful completion of payments
- Transaction results can be returned to your website for post-processing. This gives you the option to levy different charges based on the card scheme
Hosted Pages (HPS)
Hosted Card Capture (HCC)
|Dynamic Capture Fields -
|Dynamic Capture Fields -
Can display up to nine dynamic capture fields on the capture page.
Used to capture additional information from the Card Holder which is
returned as part of the query transaction.
|Card Type identification -
Available for limited use
Card type identification is possible post authorisation but
it is not possible for you to levy different charges based on
|Card Type Identification -
Facilitates the determination of card Scheme prior to the authorisation
process. This gives you the option to levy different charges based
on the card scheme.
Authorisation process -
Elavon manages authorisation process, including
Authorisation process -
You control theauthorisation process by managing the flow of XML