How to Build Your Ideal Payment Stack

Merchants strive to have a seamlessly integrated payment flow for customers. From the outside looking in, many may assume that this is achievable through a light and simple payment stack that ties together just one or two solutions in total that easily pass information back and forth.

For most scaling companies, however, it isn’t as simple as choosing a single payment partner to handle everything and quickly going live: they’ll have to work with several different payment service providers to manage payments.

And, hopefully, to integrate them together in a user-friendly way in the form of an interoperable payment stack. 

What is a Payment Stack?

A company’s payment stack includes the services, systems, and software that interact with one another to accept and process payments. In many cases, these parties work behind the scenes, invisible to visitors and consumers.

Each component plays a different, but important, role in successfully completing the stages of payment processing.

What are the Components of Payment Stacks?

Just as no two companies are alike, each merchant will likely require a payment stack unique to its needs. Generally speaking, however, payment stacks often include the following solutions:

• Payment processor
• Payment gateway
• Checkout page and flow
• Security and compliance
• Fraud management
• Reporting

We’ll dive into what role each of these play and how these elements work together for successful payment processing.

Payment Processor

A payment processor acts as an intermediary to transmit data from a merchant’s point-of-sale system (virtual or in-person) to the card networks and banks involved in the transaction. Processors execute transactions by transmitting data between the merchant, the issuing (customer’s) bank, and the acquiring (merchant’s) bank for payment.

All businesses, whether online or brick-and-mortar, require some form of payment processor if they plan on accepting credit card or ACH payments. 

In many cases, a payment processor may also supply a brick-and-mortar business with credit card machines and other equipment used to accept in-person credit card payments. For virtual businesses, such equipment is unnecessary as this process can be completed entirely online. 

Popular payment processors include:

• Stripe
• Adyen
• Worldpay

Payment Gateway

A payment gateway is a specialized payment processor that serves the unique needs of a specific merchant vertical group. Payment gateways are designed to provide a seamless and secure payment experience for customers, while also offering specialized features and services specific to the needs of different industries, such as hotels, restaurants, and airlines. These features may include fraud prevention tools, recurring billing options, and support for multiple payment methods. 

The most common examples of payment gateways are those designed for online businesses to allow online merchants to connect to the proprietary formats and systems of acquiring processors and help mitigate the unique fraud risks associated with online payments. Gateways help verify that a customer’s card is legitimate - essentially acting as the virtual version of a point-of-sale chip reader that can protect both your shoppers’ payment data and decrease your risks of fraud. 

A gateway also serves a pivotal role in online subscription-based businesses that process card-not-present transactions, as is often the case with recurring subscription payments.

Payment gateways, unlike payment processors, are not required for most merchants to function. However, larger merchants often experience benefits from using both a payment gateway and processor in tandem.

Popular payment gateways include:

• PayPal
• 2checkout
• Authorize.net
• Stripe (technically both a gateway and processor)

Checkout Page and Flow

The overall checkout flow is the customer-facing portion of your payment stack. Through the checkout flow, customers can review their purchases, select preferred payment methods, and complete the transaction. 

Depending on the payment gateway selected, a checkout page may be offered as part of the gateway’s technology stack.

• On-site payment gateways give merchants significant control over the payment experience but this flexibility means they must build their own checkout flows.
• Hosted payment gateways (or redirects) send customers to a third-party site for checkout and payment processing, as is commonly done with PayPal checkout. While these gateways are generally simple to implement, the merchant has very little control over the payment experience.
• On-site checkout, off-site payments is where customers can check out on a merchant’s website while payment processing takes place at the gateway’s back end, giving the merchant partial control over the experience.

If a merchant chooses to self-host the checkout flow, a solution like Basis Theory Elements offers a fast, dynamic, and secure way to seamlessly collect information within applications without exposing any systems to the underlying sensitive data. Elements are completely customizable, giving merchants complete control over the user experience while also keeping systems outside of PCI compliance scope.

Security and Compliance

While all-in-one payment processors usually offer a suite of compliance tools, specialized PSPs may not. Many merchants building a custom payment stack choose to manage compliance through a trusted third-party solution.

The Payment Card Industry Data Security Standard (PCI DSS) outlines hundreds of requirements for storing, processing, and transmitting cardholder data. Any entity that accepts card payments from any of the major networks (i.e., Visa, Mastercard, Discover, etc.) must comply with the PCI DSS and assess their compliance annually. 

As a merchant, if you’re coming into contact with sensitive cardholder data, it’s your organization’s responsibility to protect it and comply with the over 300 requirements of the PCI DSS. However, the effort required to implement, maintain, and prove the necessary controls depends on your approach to managing the cardholder data and how many transactions you’re processing each year. 

This can become challenging to maintain and third-party service providers can drastically decrease the effort and expense necessary to achieve PCI compliance. Basis Theory is one such vendor, and extends an independently assessed and approved cardholder data environment to customers. This also includes a suite of configurable tools, services, and tokens companies can use to collect, secure, and share credit cards without bringing their systems into scope. This approach allows companies to avoid the costs and distractions associated with 95% of the requirements of PCI DSS while retaining complete control over their cardholder data.

Fraud Prevention and Management

While merchants could monitor fraudulent activity on their own, this task becomes especially cumbersome when processing thousands of transactions daily. Many solutions on the market today are especially good at using AI and sophisticated algorithms to:

• Monitor historical performance for trends that could signal attacks 
• Identify and flag - and, sometimes, even prevent - suspicious activity in real-time
• Manage disputes as they come in and flag any emerging trends

While these solutions do come at a cost, many merchants consider these to be necessary expenses, because fraudulent and errant disputes could mean the difference between a smooth running business and one that ceases to operate.

Companies like FraudLabs Pro, Kount, and Feedzai, to name a few can be seamlessly integrated into a company’s payment stack. 

Reporting

An in-depth analysis of your payments data can provide additional insights into the health of your business that you would be unlikely to find when reviewing simply at face value.

You will start to understand customer behavior, improve operational efficiency, detect patterns and issues, and grow the bottom line as you become more familiar with payments reporting.

Most payment service providers will provide merchants with a number of payment-related metrics in a dashboard by default, including:

• Payment types and methods
• Transaction amounts and values
• Transaction volume and velocity
• Transaction failure rates and disputes
• Authorization rate

However, larger merchants will also want to review disputes, drop-off rates, time-to-purchase, and more to get a more complete understanding of purchase trends.

This data often comes through dashboards offered with each solution of a chosen payments stack, or through in-house reporting.

Integrating All Elements Together, Seamlessly

While it may be anticipated, and oftentimes expected, by each solution in the payments process that other partners will also be involved, integrating them together can be challenging. Some tools may have overlap in features and functionality, and may be intentionally difficult to integrate with the other partners in the payment stack.

Programmable payments vaults offer a great solution to tie the stack together, securely and seamlessly.

Working with a programmable payments vault like Basis Theory allows merchants to:

• Create engaging ecommerce flows 
• Connect with any partner
• Effortlessly manage compliance
• Keep control of payments data

Merchants can stand up a vault in as little as 5 minutes, and begin migrating card data, connecting with partners, and controlling payment flows.