The Ultimate Payment Gateway Guide: Everything You Need to Know (A-Z)

3D Secure

Think of 3D Secure as a digital bodyguard for online payments. It’s an extra layer of protection designed to reduce fraud. The "3D" refers to three parties involved in this process: the bank, the merchant, and the technology provider that connects them. If you’ve ever had to confirm an online purchase by entering a code sent to your phone, you’ve already met 3D Secure in action!

A

Acceptance

This is simply the act of saying “yes” to a payment. When a customer tries to pay with their card, your payment system has to "accept" it. A higher acceptance rate means more successful payments and happier customers.

Acquirer

If we think of the issuer as representing the customer in the transaction, then the acquirer, are financial institutions that provide a company with the tools needed to collect payment from issuers. Acquirers do what their name implies: they acquire the money from the issuer and ensure that it is deposited into the business’s account, allowing the transaction to be processed and completed.

API (Application Programming Interface)

APIs let different systems talk to each other. For example, if your online store needs to connect to a payment gateway, an API helps them work together seamlessly.

Arbitration

Arbitration is the final step in resolving a chargeback dispute. If a merchant and a cardholder can't reach an agreement after going through the initial dispute process, the card network (like Visa or Mastercard) steps in to review the case. They assess the evidence from both sides and make a final decision on who is responsible for the charge. Since this is the last stage, the outcome is final and can't be appealed further.

Authorization

The first step in a payment transaction, where the cardholder’s bank (the issuer) approves or denies the payment based on the account’s status and available funds. If approved, the bank provides an authorization code as proof.

B

Bank Identification Number (BIN)

The first four to six digits of a payment card are like its ID badge, identifying which bank issued the card. For instance, if a customer pays with a Visa card from Bank A, the BIN ensures the payment is routed to the right place. It’s also known as the "Issuer Identification Number (IIN).

Batch

In payments, a "batch" is the total collection of transactions you process in a specific time period, ready to be sent to the bank for settlement.

Bank Transfer

This one’s easy: it’s when money is sent directly from one bank account to another. No cash, no cards—just bank-to-bank.

Buy Now, Pay Later (BNPL)

A popular alternative payment method that allows customers to split their purchases into smaller installments, often with no interest. BNPL services, like Klarna or Afterpay, make big purchases more manageable for customers.

C

Cardholder

The person who owns the payment card being used—simple as that.

Card Issuer

The bank, credit union, or other financial institution through which a cardholder obtains a card.

Card Network

A card network is like a bridge connecting banks, businesses, and customers during a payment. Well-known names like Visa, Mastercard, and UnionPay set the rules for how payments move from a customer’s card to a business’s account. They don’t issue cards or process payments themselves but make sure everything runs smoothly and securely between all the parties involved.

Card Present (CP) Transaction

A payment where the customer physically presents their card to the merchant (e.g., swiping, inserting, or tapping their card at a terminal).

Card Not Present (CNP) Transaction

A transaction where the card isn’t physically present, such as online, phone, or mail-order payments. Since fraud risk is higher in CNP transactions, merchants often use tools like CVV verification.

Card Verification Value (CVV)

This is the 3- or 4-digit security code on a credit or debit card (found on the back for most cards, or the front for American Express). It helps verify that the person making a transaction physically has the card.

Chargeback

A chargeback happens when a customer disputes a payment, and the bank takes the money back from you. Think of it as a way for banks to protect customers from fraud or errors.

Chargeback Period

The time frame during which a customer can dispute a transaction and request a chargeback. This is usually capped at 120 days, but the exact time frame can vary depending on the card network and the type of transaction.

Client-Side Encryption

A security technique where sensitive data (like card details) is encrypted on the sender’s side before being sent to a server, to prevent data breaches.

Contactless Card Payments

Payments made by tapping a card, phone, or wearable device on a payment terminal without physically inserting the card. This uses Near Field Communication (NFC) technology.

Cross-Border Payment

A payment where the customer’s payment method is issued in one country, and the merchant is located in another. Also known as an “international payment,” this process can be more complex due to currency conversion, regulations, and fees.

Cryptocurrency

A type of digital currency, like Bitcoin or Ethereum. It doesn’t exist in physical form, but customers can use it to pay for goods or services online if your business accepts it.

D

Data controller

The data controller is the one in charge of deciding how personal data is used and why. If a business collects customer info—like names or payment details—they’re responsible for keeping it safe and following privacy rules.

Data Processing Agreement (DPA)

A DPA is a formal agreement between a business and a service provider that processes personal data for them. It lays out the rules for how the data should be handled, kept secure, and used responsibly. If a business works with outside services to process payments or manage customer data, a DPA helps keep everything in check and compliant with privacy laws.

Data processor

A data processor helps handle personal data but doesn’t make the big decisions. They simply process the data based on the controller’s instructions. For example, if a business uses a payment provider to handle transactions, that provider is a data processor, making sure payments go through securely.

Debit

An amount withdrawn from an account.

Digital Wallet

Ever used Apple Pay or Google Pay? That’s a digital wallet! It stores your card info securely so you can pay online or in person with your phone or other devices.

Dispute

A formal complaint from a customer to their bank saying, “Hey, this charge doesn’t look right!” Disputes can lead to chargebacks, so keeping records of your sales can help you resolve them quickly.

E

eCommerce

Short for "electronic commerce," this simply refers to buying and selling goods or services online. Whether you’re selling homemade candles or offering subscription services, if it happens online, it’s eCommerce.

Encryption

A security method that scrambles sensitive payment data so that only authorized parties can read it. Think of it as turning sensitive info into a secret code to protect customers and businesses from fraud.

F

Fraud/Fraudulent

Fraud happens when someone tries to make a payment or transaction in a dishonest way—like using stolen card details or pretending to be someone else. Businesses put security measures in place to spot and prevent fraud, helping keep payments safe for everyone. If a transaction looks suspicious, it might get flagged or blocked to protect both the customer and the business.

Friendly Fraud

Despite the name, it’s anything but friendly! Friendly fraud happens when a customer disputes a legitimate charge—either by mistake or to unfairly get their money back while keeping the product or service.

G

Gateway

A payment gateway is a technology that securely transmits payment data between your store, the customer’s bank, and the acquiring bank. It’s the backbone of online payments, ensuring transactions happen smoothly and safely.

Geo-Location

This technology identifies and tracks the physical location of a customer’s device. It’s used in fraud prevention, like flagging payments made from unexpected locations.

I

In-app Payments

Payments made directly within a mobile app. For example, when customers buy an item in your app without being redirected to a browser.

Interchange

The fees charged between banks when processing a card payment. For example, when a customer uses their card, the bank that issued the card charges the acquiring bank an interchange fee.

Issuer (Issuing Bank)

The bank or financial institution that issues a credit or debit card to a customer. They’re responsible for approving or denying transactions and billing customers for their purchases.

K

Know Your Customer (KYC)

A process required by payment regulations where businesses verify their customers' identities before offering services or payouts. This helps prevent fraud, money laundering, and other financial crimes.

Know Your Merchant (KYM)

KYM is how payment providers make sure a business is legitimate before allowing them to accept payments. It’s like a background check for merchants—verifying their identity, business details, and financial history. This helps prevent fraud and keeps the payment system safe for everyone.

M

Marketplace

An eCommerce platform that connects buyers and third-party sellers. Payments are typically handled by the marketplace itself (think Etsy, Amazon, or Airbnb).

Merchant

A merchant represents a company that sells goods or services online or in physical locations. Merchants may operate in various industries, such as retail, hospitality, travel, eCommerce, gaming, etc.

Merchant Identification Number (MID)

A unique number assigned to your business by your payment processor or acquirer. It identifies your business during transactions.

Merchant Services Agreement

A contract between a merchant and a payment service provider and/ or acquirer that enables the merchant to accept cards through them. It contains the merchant's and acquirer's respective rights, duties, and warranties concerning acceptance of the card transactions and matters related to transaction activity.

Money Laundering

Money laundering is when someone tries to hide the source of illegally obtained money by passing it through legitimate businesses or transactions. It’s like trying to make “dirty” money look “clean.” Payment providers and banks have strict checks in place to spot and prevent money laundering, helping keep the financial system safe.

mPOS (Mobile Point of Sale)

A mobile point-of-sale system allows merchants to accept payments using a smartphone or tablet equipped with a card reader.

Mobile payments

The use of a mobile device to pay for goods or services.

N

Near Field Communication (NFC)

A contactless technology that lets two devices communicate when placed close together. NFC powers tap-to-pay transactions with cards, phones, or smartwatches.

O

Omnichannel Payment Solution

A system that connects all your sales channels—online, in-app, and in-store—into one seamless payment experience. For example, customers can buy online and return in-store with no hassle.

One-Click Payments

A super-fast checkout option that allows returning customers to pay with a single click. One-click payments allow returning customers to complete a purchase in just one step, without the hassle of re-entering their payment details every time. Their card details are securely stored from a previous purchase, and all they need to do is enter their CVV to complete the transaction.

P

Payment Card Industry Data Security Standard (PCI DSS)

Industry-wide guidelines that merchants and payment providers follow to protect cardholder data from fraud.

Payment Entity

A payment entity is any bank or financial service that helps process payments. This includes issuing banks, acquiring banks, e-money providers, and other payment services that move money between customers and businesses.

Payment Facilitator (PayFac)

A payment facilitator (or PayFac) makes it easier for businesses to accept payments without needing their own direct agreement with a bank. Instead of each business setting up its own merchant account, PayFac handles the setup and processing for them—think of it as a shortcut to getting payments up and running.

Payment Gateway

A payment gateway securely moves payment information between customers and financial institutions. When customers make a purchase, the gateway first scrambles their sensitive payment details using advanced encryption. It then acts as a messenger, safely carrying this encrypted data from the shopper's computer or phone to the merchant's bank (the acquiring bank). The gateway waits for two important approvals - one from the bank that issued the customer's card and another from the merchant's bank. Once both banks give the green light, the gateway sends a confirmation back to the store, completing the sale. This entire process happens within seconds, creating a secure and efficient way to handle online payments.

Payment Link

A simple yet powerful way to accept payments without needing a website. Merchants can generate secure payment links through their PSP’s back office and share them via social channels, text, or email. Customers click the link and are directed to a secure payment page, making the process fast, convenient, and secure.

Payment Processor

A payment processor acts as the go-between for merchants, banks, and card networks. They handle the technical side of card transactions.

Payment Service Provider (PSP)

Your all-in-one solution for payment processing. A PSP consolidates services, saving time and money by eliminating the need for multiple providers.

Pay Out

A payout happens when money moves from a company's payment system into a merchant’s bank account. Common examples include when online stores receive their sales money, when freelancers get paid for their work, or when marketplace sellers collect their earnings. While payouts can be any size, they usually combine multiple transactions into a single transfer, making it more efficient than sending many smaller payments.

Point of Sale (POS)

This is simply where customers pay—whether at your shop, online, or on the go. It’s the final step in sealing the deal with your customers. A POS system refers to the hardware and software used to process payments.

Point-to-Point Encryption (P2PE)

This is a high-tech way of keeping card data safe. As soon as a customer enters their card info, it gets encrypted (think of it as scrambled into code). It stays that way until it reaches the bank, protecting it from prying eyes.

Prepaid Card

A type of payment card preloaded with funds. Customers can only spend the amount loaded on the card, making it different from a credit or debit card.

Primary Account Number (PAN)

The 16-digit number printed on the front of most payment cards. This number uniquely identifies the cardholder's account and is used to process transactions.

R

Refund

A refund happens when a customer cancels their purchase after payment. The merchant returns the money to the customer.

Rebate

In the payment industry, a rebate refers to a refund or incentive offered by a payment service provider (PSP) to merchants as part of a promotional campaign. For example, PSPs may offer rebates on transaction fees or provide cashback incentives to encourage merchant adoption or reward high transaction volumes.

Recurring Payments

This payment model is like a "set it and forget it" system. Customers authorize merchants to automatically charge their accounts at regular intervals. After the first payment, the merchant securely stores the payment details as a token to make future payments seamless and safe.

Representment

This is a merchant’s chance to dispute a chargeback. If you believe the customer’s claims aren’t correct, you can submit evidence to defend your case and try to reverse the chargeback.

Reputational Risk

This is when bad publicity—whether true or not—damages confidence in a business. For banks and financial institutions, reputational risk is especially critical since it can lead to lost trust and customers, often caused by customer-related issues or illegal activities.

Remittance

Think of this as money on the move. A remittance is a payment sent for goods or services, often across borders, to settle outstanding bills.

Risk Management

In payments, risk management is all about keeping transactions safe. Payment processors use advanced tools, techniques, and big data to spot and stop risky transactions before they cause trouble. This keeps businesses and customers secure.

S

Server-to-Server Integration

This integration method lets two systems communicate with each other directly, exchanging payment data without relying on a third-party interface. For businesses, this means greater control and flexibility over payment flows, but it also requires top-tier compliance with PCI DSS Level 1 standards to secure sensitive information. This setup is ideal for large-scale enterprises that need robust, tailored payment solutions.

Settlement

Settlement is the final step in getting paid! It’s when the funds from processed transactions are transferred to your bank account. How quickly you receive these funds depends on your agreement with your PSP. For businesses, understanding settlement cycles can help manage cash flow effectively. Fast settlement options can even give you a competitive edge by speeding up access to funds.

Shopping Cart

An online shopping cart isn’t just a virtual basket; it’s a crucial part of the customer journey. It simplifies the buying process, allowing customers to review their choices, adjust quantities, and proceed to checkout. A well-designed shopping cart can reduce cart abandonment by showing clear pricing, shipping details, and an easy path to payment.

Social Commerce

Social commerce is more than turning social media profiles into virtual storefronts—it’s about blending shopping with engagement. Platforms like Instagram and Facebook now allow customers to browse, shop, and pay without ever leaving the app. For merchants, this means creating shoppable content that inspires action, turning followers into loyal customers. The convenience of buying directly on social media boosts conversion rates while keeping the experience fun and intuitive.

Software Development Kit (SDK)

An SDK is like a toolkit for developers. It includes everything needed to build specific software features into an app. For example, a payment SDK can embed a card entry form directly into a mobile app, enabling customers to pay seamlessly on their phones without leaving the app environment.

Surcharge

A surcharge is an additional fee merchants may charge when customers pay with certain methods, like credit cards, to offset the higher transaction costs. For instance, credit card payments typically come with higher merchant service fees than cash or debit cards, and this fee helps cover those expenses.

Suspicious Transaction

A transaction that looks unusual or doesn’t match normal spending behavior. This could mean a sudden large payment, multiple failed attempts, or activity from a strange location. When flagged, it may be reviewed or paused to prevent fraud and keep payments secure.

T

Tap to Pay

Tap to Pay offers customers a faster, more secure way to complete purchases without physical contact. By simply tapping their card, smartphone, or even a smartwatch on a terminal, transactions are processed instantly. The magic behind this is NFC (Near-Field Communication), a technology that securely transfers payment data over short distances. For merchants, Tap to Pay reduces checkout times and enhances customer convenience, creating a seamless payment experience for today’s fast-paced world.

Terminal

A terminal is your payment hub. Whether it’s a physical device in a store or a virtual setup for online payments, a terminal allows merchants to process transactions securely and efficiently. In face-to-face environments, it reads card details to complete payments, while virtual terminals or gateways power eCommerce businesses by enabling secure remote transactions.

Terminal ID (TID)

A Terminal ID is like a digital fingerprint for your payment terminal. Assigned by your payment processor, it tracks the source of each transaction, ensuring accountability and transparency. For merchants, understanding your TID is key to reconciling payments and resolving any issues quickly.

Tokenization

Tokenization is the ultimate shield for sensitive data. It works by replacing details like card numbers or account credentials with unique tokens that are meaningless on their own. For instance, a customer’s 16-digit card number is swapped with a token during payment, making it useless to hackers. Merchants benefit from added security while reducing the risks of data breaches, all without impacting the customer experience.

True Fraud

This happens when a stolen card or payment details are used without the real cardholder’s knowledge. Since the actual owner didn’t authorize the transaction, they can dispute it, and the business usually ends up covering the loss. Strong fraud prevention measures help catch these transactions before they go through.

U

Underwriting

Underwriting is like a financial health check for your business. It’s the process payment providers use to evaluate your business model, finances, and risks before approving your merchant account. This step ensures you’re prepared to handle issues like chargebacks or refunds and can process payments securely. It starts during the application process and helps build a strong foundation for smooth payment operations.

User Interface (UI)

The user interface (UI) is how people interact with technology—it’s the “look and feel” of the tools you use. A great UI is intuitive, easy to navigate, and makes every action feel effortless. For merchants, a well-designed UI in payment systems ensures fast checkouts, fewer errors, and happier customers. Think of it as the bridge between the user and the system that turns complexity into simplicity.

V

Value Added Tax (VAT)

In Thailand, VAT is a consumption tax applied to most goods and services at every stage of production and distribution. Currently set at 7%, VAT is collected by businesses from customers and submitted to the Revenue Department. Businesses registered for VAT must issue tax invoices and file VAT returns regularly, making it a key part of managing compliance in the Thai market.

VisaNet

VisaNet is like the powerhouse behind Visa payments. It’s a global network that processes credit, debit, prepaid, and commercial card transactions securely and efficiently. Whether it’s a local swipe or an international purchase, VisaNet ensures the money moves quickly and accurately between banks, merchants, and customers.

Void

A void is like hitting the "undo" button on a transaction before it’s finalized. If a payment has been authorized but hasn’t yet been processed (settled), a void cancels it completely. Once the transaction settles, though, you’ll need to issue a refund instead of a void. It’s a quick way to correct errors or handle cancellations on the spot.