Financial industry that is integrated with technology is like a vast ocean where players can get astray if they do not know the position and direction of their business goals. Among the pool of technology solutions, payment gateways emerge as one of the business niches that found a firm ground in the middle of the vast ocean and contributes as one of the drivers of online business trends in Indonesia.
A payment gateway is a key component of an electronic payment processing system, and merchants use it to process cashless payments made by buyers. Processed payments do not include payments via physical cards such as debit and credit cards but also via virtual accounts and interbank transfers found in e-commerce services.
The payment gateway working principle is simple. It will act as a third-party software responsible for sending customer information to the merchant’s bank, where the transaction is then processed. In the process, the software will create pathways that can be used to transmit customer, bank, and merchant sensitive information.
Teknologi yang digunakan oleh layanan payment gateway juga selalu berkembang seiring dengan selera konsumen dan kapabilitas teknis yang berubah. Dahulu, sebuah terminal akan menerima pembayaran yang menggunakan kartu kredit/debit yang menggunakan pita magnetik dan memerlukan tanda tangan pelanggan.
Technology used by payment gateway services is also constantly evolving with changing consumer preferences and technical capabilities. In the past, a terminal would accept payments using credit/debit cards that used magnetic tape and required the customer’s signature.
Namun, teknologi tersebut kini sudah digantikan dengan kartu yang memiliki chip dan memerlukan pelanggan untuk memasukan PIN ke perangkat keras sebagai identifikasi. Dalam beberapa tahun belakangan, brick-and-mortar payment gateway juga telah berkembang dan dapat menerima pembayaran menggunakan kode QR seperti QRIS atau teknologi Near Field Communication (NFC).
However, this technology has changed to cards that have chips and require customers to enter a PIN into the hardware for identification. In recent years, brick-and-mortar payment gateways have also developed and can accept payments using QR codes such as QRIS or Near Field Communication (NFC) technology.
Arsitektur yang digunakan oleh payment gateway juga akan berbeda tergantung platform yang digunakan oleh pedagang. Jika pedagang menggunakan layanan online, antarmuka pemrograman aplikasi (API) diperlukan agar situs web yang bersangkutan dapat berkomunikasi dengan jaringan pemrosesan pembayaran yang mendasarinya. Sedangkan untuk layanan offline seperti di dalam toko, payment gateway akan menggunakan terminal Point of Sales (POS) yang terhubung ke jaringan pemrosesan pembayaran secara elektronik menggunakan saluran telepon atau koneksi Internet.
Payment gateway architecture will also differ depending on the platform used by the merchant. If the merchant uses an online service, an application programming interface (API) is required so that the respective website can communicate with the underlying payment processing network. As for offline services, such as in-store, the payment gateway will use a Point of Sales (POS) terminal connected to the payment processing network electronically using a telephone line or Internet connection.
Sistem keamanan yang harus dimiliki oleh payment gateway pun sangat ketat karena harus dapat melindungi informasi sensitif yang dikirimkan. Setidaknya, ada tiga standar keamanan yang harus dimiliki dalam sebuah layanan payment gateway, yaitu:
Payment gateway security system must also be firm because it must protect the sensitive information sent. At least three security standards must be present in a payment gateway service, namely:
- Address Verification System adalah sebuah sistem yang digunakan untuk memverifikasi tagihan pelanggan secara otomatis sesuai data yang dimasukkan seperti nomor telepon, email, kartu kredit, atau alamat penagihan lainnya. Dengan sistem ini, rincian tagihan akan diperiksa dan disesuaikan dengan yang data yang terdaftar secara resmi.
- Address Verification System is used to automatically verify customer bills according to data entered, such as phone numbers, emails, credit cards, or other billing addresses. Billing details will be checked and adjusted to the officially registered data with this system
- Card Security Code adalah sistem yang membuat transaksi hanya bisa diproses kalau memiliki tiga digit terakhir nomor kartu kredit/debit.
- Card Security Code is a system that makes transactions only processed if they have the last three digits of a credit/debit card number.
- 3D Secure Password adalah sistem keamanan berlapis yang melindungi kartu kredit/debit pelanggan dari penggunaan tidak sah dan dalam praktiknya akan memunculkan sebuah kotak dari penerbit kartu yang digunakan oleh pelanggan untuk memasukkan PIN atau kode khusus ketika melakukan pembayaran online di sebuah web.
- 3D Secure Password is a layered security system that protects the customer’s credit/debit card from unauthorized use. In practice, it will display a window from the card issuer used by the customer to enter a PIN or special code when making online payments on the web.
Payment gateway in Indonesia and its benefits for online business
When e-commerce began to develop in Indonesia, payment gateway services were almost nowhere to be found. Only one or two companies ran this line of business and assisted e-commerce services as the party authorizing credit card payments and other online transactions.
However, the rapid development of the internet and the e-commerce industry in Indonesia has ultimately encouraged the growth of other businesses, including the payment gateway. Various players from various parties with different scales originating from within and outside the country finally emerged and participated in the competition in this market.
The rapid growth of the payment gateway business is not without reason. Its presence in the Indonesian market is a breath of fresh air for customers and merchants because it offers the convenience of processing cashless payments, both using cards and online.
There are at least six benefits for merchants when they decide to use a payment gateway as a support for a cashless payment system, namely:
- Adding options for payment method that can be used
- Speed up the transaction process
- Guaranteed transaction security
- Expand market reach
- No transaction limit
- Allows multiple transactions to occur at one time
However, this rapid growth has also created problems of complexity and service fragmentation, which are contrary to the principles of interconnection and interoperability that Bank Indonesia wants to achieve. Therefore, Bank Indonesia and the payment system industry initiated the National Payment Gateway (GPN) in 2018 to create a national retail payment ecosystem optimally connected with the principles of interconnection and interoperability.
GPN is built through a set of rules and mechanisms (arrangement) to integrate various payment instruments and channels nationally. GPN is the basis for the implementation of switching interconnection, interoperability and interconnection of payment channels through ATM channels, Electronic Data Capture (EDC), agents, Payment Gateways (PG), and other payment channels, as well as interoperability of payment instruments in the form of ATM cards and/or debit cards, credit cards, electronic money, and other payment instruments.
The GPN organizers are divided into three agencies, Standard Agencies, Switching Agencies, and Services Agencies. The Standards Institute has the function of compiling, developing, and managing standards in order to ensure the interconnection and interoperability of payment instruments, payment channels, and switching, as well as security. Switching Institutions have a function to process payment transaction data domestically in the context of interconnection and interoperability. The Services Agency has the task of maintaining the security of payment transactions and the confidentiality of customer data, conducting reconciliation, clearing, settlement, and developing systems for fraud prevention, risk management, and risk mitigation.
One of the seasoned switching agencies that carry out switching activities for GPN is PT Jalin Payment Nusantara (Jalin). Since obtaining a license as a GPN switching agency in 2019, Jalin is always committed to ensuring seamless payment processing by providing leading payment system infrastructure and secure payment channels. This is in line with the principles of interconnection and interoperability that Bank Indonesia wants to realize so that people can connect to the financial ecosystem safely, easily, quickly, and efficiently.