Payments Dialog Ep. 3: Why Use Multiple Payment Gateways with Shoresh Shafei

‍

Why Multiple Payment Gateways Make Business Sense

Each month, we process billions of transactions. And that data provides a wealth of insight into the core value of using multiple gateways as part of your payments stack.

In this Payments Dialog, Nathaniel chats with Spreedly's Data Scientist Shoresh Shafei about his findings in analyzing the benefits of transacting with multiple payments gateways. He dives deep into the business reasons uncovered during his analysis of the data.

Below is a rough transcript of their conversation. And be sure to subscribe to the Payments Dialog YouTube channel to stay current on our latest episodes.

Rough Transcript of Payments Dialog

Nathaniel

Thank you everyone for being here with me again for Spreedly's Payment Dialog. This time I have actually one of our own on the on the dialog with me I'm going to be talking today with Shoresh who works here at Spreedly on the data science team so it's great to have you on Shoresh and tell us a little bit about yourself.

Shoresh

Good morning thank you for having me. I am the data scientist at Spreedly and for the past two years analyzing data.

Nathaniel

So tell me like so data science it's a huge term lots of people are throwing it around these days I think different organizations it means often very different things so tell me a little bit more about what Data Science means at Spreedly.

Shoresh

At Spreedly we have a lot of transaction data. Where the transaction took place or if the transaction went through the client we know a lot about the Gateway that processes transaction we know about for example the latency rate and you have a lot of store data about payment methods like credit cards and debit cards what brands they are if they are a Mastercard or a Visa or Discover. What is their expiration date and also what Bank issued the card and other data like that.

Not only we have in terminal data but we also have access to extensive external database like for example we use bank identification number or BIN database and also for the industry data we use databases like the one in a Crunchbase for Datanyze.

So we leverage this data in three main categories one we are helping our internal team by providing insight it feels like for example we work on analysis we do some customer segmentation for outbound marketing or we do some lead scoring.

In the second main category we actually help our customers sometimes our customers are expanding to a new region and area and they want to know based on the real data what are the best performing currencies in those particular regions or areas but at the same time sometimes customers are thinking or considering picking gateway A or gateway B and we do some analysis to make some performance comparison between these two or multiple gateways and we allow them to pick the best based on what suit them.

The third main category which is my interest I'm really excited about this is the opportunity to do research and publish articles so because of the data we have at Spreedly we identify the problems in the payment space we try to translate these problems to data problems and we try to tackle these problems with the data that we have in Spreedly the past two blog posts about for example decline rates or credit cards versus debit cards or a result of these studies.

Nathaniel

Just real quick like what's your favorite blog post or analysis that you've done so far at Spreedly?

Shoresh

The first one I think early 2017 which was about decline rates and if between credit cards and debit cards and if the credit cards are worth their processing fees they've got a lot of attention I really worked very hard on that blog post but I did not expect this much attention it was really really exciting to see that people actually read it a lot we had a lot of visitors a lot of conversations around that blog post.

Nathaniel

Yeah I remember that it was it was it was really cool. So you touched on a lot of different topics the data science deals with and what I'd love to do is kind of dive in on one particular topic. So you mentioned specifically that sometimes we help customers do analysis of different gateways performance me because they're going to switch or they're going to add a new one.

I know you've recently been doing some analysis on the value of using multiple payment gateways and having access to multiple payment gateways so I'd love it if you could kind of talk me through like you know what analysis you've done on using multiple payment gateways and you know why a company might want to use multiple payment gateways?

Shoresh

First let's take a look at what people talk about one versus multiple payment gateways in literature there are a lot of studies a lot of poor that people actually have published online and they talk about the advantages the advantages are for example using multiple versus one gateway the main obvious reason is globalization when you are moving and when you're expanding your business and you're moving from one region to another region and you need the support for a particular currency that your current gateway does not support you need to think about for example using other gateways.

The second thing is the cost in some currencies as some areas using some gateways are less costly and more economic for your business the other obvious reason that people talk about in literature online is basically the technical reasons it happens and it has happened in the past and it will happen in future where the particular get react just shuts down or underperforms in a particular currency so it's better to have a safe backup.

The other reason is that people talk about is flexibility when you actually give your customers choice so sometimes you are working with other merchants and these merchants are already using a gateway or currency that you don't support that's why you need to add another payment gateway and or gateways and at the same time sometimes you want to allow your customers use multiple or different payment methods and because of that you need to for example many people have people accounting they want to use a PayPal you need to provide the right infrastructure the right gateways in order to process those payments.

The other things that some people talk about is things like for example backing up the data by using multiple payment gateway to make sure that your data is safe if whatever happens for one particular gateway.

Nathaniel

Out of all those different areas or folks things that people talk about I'm really curious like what your perspective is after having done analysis inside of Spreedly these data set like which are the ones of those that actually matter in which are which are the ones... that are maybe I mean we've had these discussions before I know a lot of times you're like "well I can't tell you for sure because I'm a scientist and I'm just giving you is likely these are just hypotheses that we're testing" but I mean your best guess is you look at these these different things out of this Spreedly data or what you know so far which of these actually matter which may not actually be of import?

Shoresh

Well to answer this question I actually looked at the data that you have in the past couple of month and I extracted about around 100 million transactions around is a transaction about 70% of them are purchases and 30% of them authorizations. We extracted about 90 percent of the domestic transaction and 10% of these data or international transactions and we found that for example our customers have used about 114 different gateways for processed transaction in 106 different currencies.

We also decided to do sort of some further analysis I take a look at it for example how do these gateways do with regard to decline rates and at the same time how is the latency of these gateways when they are processing transactions for example authorizations check transaction or purchase transaction domestic transactions versus international transactions. And obviously before we start digging more I need to point out that payment gateways are only one part of the payment infrastructure and there are many players in this area.

So it was a statistic couple of probably years ago it was publish and it was shown that about 44% of decline rates happening due to the insufficient fund in customers' card so that has nothing to do but at the same time when you're looking at this data I think we still can identify some trends for the gateways something that hopefully you'll find it insightful.

One of the things that I can for example talk about is that we realize that on average gateways process transactions in six different currencies. And so despite the fact that the top gateway process transactions about ninety six currencies what is important is that you should note is that fifty percent of the gateways transacted in only one or two currencies and in fact 48 gateways transacted in only one currency. So if you are using one of these 48 different 48 gateways that are transacting in only one currency and you are thinking about expanding we definitely need to consider other options or using multiple payment gateways.

At the same time currencies do not get the same share in the gateways for example U.S. dollar is the most popular currency among gateways the gateways are transacting about 85 different gateways are transacting in US dollar but if we have for 50 percent of the currency that you looked into three or less gateways are processing in those currencies and I should note that when I'm talking about currencies here in particular I'm talking about successful transactions currencies so if you have we have a handful of gateways where they're making couple of unsuccessful transactions and they did not take them into account.

Nathaniel

Right right I mean because if you can't transact in the currency you can't transact in the currency. It seems like there would be some bias in Spreedly's data set just because we started out as a US company so in terms of the U.S. dollar-centricness of the data set you know.

How much how much do you think that sort of affects the output of your analysis and I'm also curious about you know if you kind of look just at the non US dollar transactions you know how does that shape up so thinking about a US company already transacting in U.S. dollars but then going internationally and needing to start transacting in other currencies it's really kind of a different evaluation than evaluating US dollar success rates?

Shoresh

Well the good news is that when I'm talking about international versus domestic I'm not talking about a U.S. dollar versus other currencies we actually have this ability to find the international and domestic transaction in each currency giving present you these numbers this is the aggregate of all currencies that's so that our main customer mostly for example transacting the US dollar but the analysis is correct for all other currencies because we have this ability to take into account domestic versus international transactions in those particular currencies as well.

Nathaniel

Are you doing that via BIN analysis?

Shoresh

So if our customers are interested in if the audience are interested in knowing how we do this basically we get we map the currency of the transaction with the currency of the country of the cardholder so for this we have our own database we have BIN database and we also have some other external databases. But basically they give us for example the currency versus the country.

The trick here is that there are some countries that all of them are using one particular or one currency so we need to be careful about that but again I want to actually remind you that you know talking about international versus domestic it's not only about US dollar is about all currencies your international currencies and domestic transactions.

Nathaniel

And just real quick can you tell people what a BIN actually is?

Shoresh

A BIN is a bank identification number based on the first six digits of your credit card we can learn about your the credit card brand we can learn about the credit card issuing bank and also we know about the type of the card for example if you are using a classic card versus a reward card versus travel card and stuff like that. So the first six digits of credit cards are stored in a database that are called BIN and then provide this type of information that I mentioned.

Nathaniel

So going back to thinking about you know how like what how does your analysis sort of directly impact a company who's thinking about for instance expanding from the US into other countries should they be considering other currency should they be considering other gateways?

Shoresh

So when you take a look at the data that we have you actually broke the analysis down into four parts first we wanted to focus on for example purchase and authorization and at the same time wanted to focus on domestic versus international so in case you have four different categories domestic purchase domestic authorization international purchase and international authorization.

What we found out was that if one particular gateway is for example doing a fantastic job in domestic purchase they do not necessarily doing a great job in domestic authorization or international purchase. So we hope that the outcome of these analysis will help organizations to actually think about optimizing the payment processing experience.

Nathaniel

And then beyond currency what did you find any other factors or have you been able to analyze any other factors that impact sort of using multiple gateways or why companies would want to do that?

Shoresh

Well aside from the other factor that I mentioned about for example  globalization or shutting down a gateway shutting down technical issues or a gateway not supporting particular currency areas we have other another factor which is basically latency. And in Spreedly we define latency as the time between submitting the information to a gateway and hearing back from them. Basically when you're talking about latency it obviously takes into account the processing time required for Gateway and the payment processors to process the payment. Those who are not separated here but at the same time when you're looking at the trends we can get some interesting information about those latencies.

Why latency is important because the amount of time that you really need to hear from the payment processor is important for example if you are processing tens of thousands or hundreds hundreds of thousands of transactions in a short period of time the latency becomes very important.

Nathaniel

And so what's the data show in terms of latency? Do gateways vary?

Shoresh

Right absolutely so again based on domestic international transactions or purchase versus authorizations it varies not only it actually varies it own it varies also for one gateway in different type of transactions. Or that I mentioned at the same time there are anomaly that we observed. We noticed that some gateways are actually getting better over time. When you looked at the data in the past couple of month some gateways are getting worse. I want to point out that when you're talking about gateway latencies we are talking about the time in the order of seconds so in the past couple of months we have noticed some gateways are actually improving. For example from 3 to 4 milliseconds to 2 millisecond and some gateways are actually the opposite direction. And sometimes we actually can see a gateway shutting down or there obviously they are dealing with some technical difficulties because for some period of time the latency doubles triples and we can identify the problem with the gateway through those identifying those anomalies.

Nathaniel

So I guess my next question would be why does latency matter? How does it actually affect beyond obviously merchants who might for instance have on sales and need to push a lot of transactions through all at one time I think they're the the impact of latency is pretty clear but is there any kind of correlation between latency and success and failure whether transactions going to ultimately succeed how are those related?

Shoresh

That's a statistical question that requires some analysis I have not done that but actually I was thinking about it this morning. But the other thing is that when you are actually processing payment your merchants what whoever is using basically your system to make a payment.

When your customer is waiting for seconds and seconds and seconds for processing their payments it actually is an unpleasant experience and I my guess is that it lowers the conversion rate or it actually lowers the retention rate for the customer to come back again and do the same purchase again.

Nathaniel

Right so it's almost I mean I think we could pretty clearly tie it into a brand effect right where it reflects poorly on your brand if you're regularly taking really long times to process transactions regardless of maybe that particular transaction gets through but you lose the next one?

Shoresh

Right, imagine someone on eBay are purchasing things on a daily basis and every single time they have to get a couple of extra seconds to basically for the payment to process. The unpleasant experience and probably think some of them to consider other alternatives.

Nathaniel

Yep all right Shoresh well thanks for coming on appreciate you talking through this. I have a hunch we'll have future Payments Dialogs about other analyses that you do. You're always churning out interesting topics to talk about so thank you everyone for watching Payments Dialog again with us here at Spreedly and we look forward to seeing you next time. Thanks, Shoresh.

Shoresh

Thank you.

If you're an online merchant or e-commerce provider by now you know you should use an iFrame based payment form to minimize your PCI compliance burden. And, in general, you're in luck! Since PCI DSS 3.0 is almost two years old by now, most payment gateways and payment processors have iFrame-based payment forms available for use. 

However, all is not rosy in the payment form landscape. Just because your gateway offers a payment form that has "iFrame" somewhere in the description does not mean it fulfills the spirit of the PCI guidelines, nor does it mean it's the right choice for your business. 

Because Spreedly integrates to over a hundred separate payment gateways, we see a lot of payment form implementations and can offer a unique perspective for online merchants choosing the right iFrame payment form.

Before we dive in, keep in mind this is mainly a cautionary tale meant to reinforce that you, the e-commerce merchant, are responsible for choosing the tools that adhere to your stated level of PCI certification. Just because you use a gateway X, and that gateway X provides an iFrame payment form, doesn't mean your PCI assessor or the brands themselves will let you abdicate that decision. You're on the hook, so you need to be able to defend your position.

Below we discuss choosing an iFrame payment form across three different axes, starting with the most obvious – adherence to the PCI specification.

 

PCI Compliance

PCI compliance, which all online merchants must adhere and attest to, is a beast of certification. Vague guidelines, competing interpretations, and lots of misinformation make it really hard to know what's required of your business. Fortunately, a series of updates to the original version 3.0 (now at 3.2) and some

We now know, unequivocally, that to qualify for SAQ A
‚load all payment content from a PCI DSS compliant service provider‚Äù. This means the form fields that collect the credit card number and CVV, any accompanying javascript libraries, and the submission of the payment data itself, must both originate and return back to the payment provider itself. This might seem obvious, but in reality it's difficult to know if this is really what your provider is doing since there are often layers of abstraction between your use of the provider's client libraries and the actual representation in-browser.

We now know, unequivocally, that to qualify for SAQ A your iFrame payment form must load all payment content from a PCI DSS compliant service provider.

Here's an easy way to tell if your provider's iFrame form is adhering to this aspect of the PCI guidance.

1. In your browser, navigate to a page that utilizes the provider's iFrame payment form (this could be a demo site, or a known customer).

2. Using your browser's developer tools, inspect the credit card number field.

3. In the rendered document view that comes up in your browsers' developer tools, look to see if the credit card number HTML form element (usually an input field) is rendered within an iFrame (e.g. there's an iFrame anywhere in its parent hierarchy). This is what it looks like when the field is not contained within an iFrame, meaning that sensitive field is not served directly from your provider and you are exposed to additional PCI compliance burden (taken from a production site using a popular gateway's payment form):

‍

By contrast, this is what it looks like when a PCI-sensitive field like the credit card number is served directly from the payment provider within an iFrame:

This might seem like an arcane technical detail but don't dismiss it! It has a direct effect on your ability to self-assess using the 4 page SAQ A vs. the 40 page SAQ A-EP and it is your, not your payment gateways, responsibility to make the final PCI determination.

 

Brand Continuity

Ugly, unusable, downright hostile payment forms are not only death to your conversion rate ‚ they also have a particularly insidious effect on your brand. Not a day goes by without someone taking to their preferred social media channel to vent about what great inconvenience your site has caused them. Do you want this kind of shame retweeted and liked over 2,000 times for your brand?

As an online merchant, store, or e-commerce brand, it is your responsibility to craft the best experience for your users. Though this might take more time than just slapping your current payment provider's stock form on your site, the fact is that it's a commercially justified effort. Not only will your users have a delightful checkout experience, you will walk away with more $$ in your pocket from the non-trivial increase in checkout rates.

Things to look for in an iFrame payment form are the ability to customize both the look and feel of the form as well as the structure of the form itself. This often manifests as the ability to position the credit card number and CVV fields independent of one another and set custom CSS properties on these fields, even though they live inside your provider's iFrame. While a more complex implementation for the merchant, this results in a better checkout rates for online merchants and better brand experience for the customers.

 

Documentation

Old-school payment companies tend to be cut of a different cloth than modern technology or developer tooling companies. Large institutions can be secretive and protective of their technical documentation, which can meaningfully delay your integration effort. Thankfully, this divide is closing. But you should accept nothing less than publicly available integration guides, technical
documentation, and self-service test credentials.

Having documentation is very different from having good documentation. Your provider’s developer documentation should be clearly organized both by purpose (mobile payments, etc…) and product (iFrame form, etc…). Additionally, the API documentation should be very clearly separated from the general guides. Guides are good for walking developers new to the toolset through the features and tend to be prose-oriented. API docs are good for when you know what you’re looking for and just need to see the raw technical details. These are two very different purposes best served by two different structures.

 

iFrame Payment Form Comparisons

At Spreedly, it's our job to provide integrations to over a hundred payment gateways. As a result, we have a lot of relevant experience with iFrame payment forms. We have
as well. Let's look at how a few popular gateways' iFrame forms stack up by these characteristics:

Options

If your payment gateway provides a really clean iFrame payment form that adheres to all the points raised here, then lucky you! However, chances are if you're using any but the top 3-5 developer-oriented gateways, your iFrame payment form options will be lacking. What to do in that case? Switching payment gateways is always an option, but many times there are business reasons to keep your existing processor. 

That's where Spreedly comes into play. Spreedly modernizes your antiquated gateway. Spreedly's tooling, built by developers for developers as part of a modern payment stack, lets you integrate with the payment gateway of your choice.
I hope this guide was helpful. Please sign up for a free developer account at Spreedly if you're not happy with your gateways' tooling. You can also view the Spreedly iFrame documentation if you want a point of comparison.

*See the latest updates regarding iFrames here*

‍

Download the Multiple Payment Gateways eBook Below