PayCafe Review – Their Payment Gateway Tested
Taking credit and debit card payments from your customers in a secure and cost-effective manner is a very important part of running a business online.
Today there are a number of payment gateway services available, all offering a range of features with different pricing structures. For the small business owner, the choice can often be overwhelming.
Online reviews are useful. In that regard, PayCafe, a relative newcomer to the payment gateway space has been doing very well lately. There’s a good buzz about them. So much so we decided to give their services a trial, to see how they hold up to closer scrutiny.
What follows is an in-depth look into PayCafe’s payment gateway services, plus some of my thoughts on the good and bad points of using them for your online business.
Who is PayCafe?
PayCafe was founded in 2016 as a provider of merchant account services for e-commerce firms. Later, it provided secure and optimized virtual terminals that integrated a shopping cart with secure transaction processing.
This was then associated with data security (of confidential merchant information, especially payment card information), as well as protection against data breaches.
Also, this confidential merchant data could be migrated out of the data servers maintained by the merchant and moved into secure servers run by PayCafe, thus allowing for card data received from online transactions to go straight to PayCafe’s database rather than be stored in the merchant’s database.
This serves to reduce the liability exposure of the merchant because the merchant is no longer responsible for the protection of card data.
The provision of payment gateway, cybersecurity, payment processing, and data migration services allowed PayCafe to develop the card payment suite that it currently offers. The current head of the company is Yury Shenon, and it is headquartered in Los Angeles, California.
A Quick Overview of PayCafe Services
PayCafe is a payment service provider that offers a proprietary card payment suite that bundles card payment solution along with a shopping cart and a virtual terminal, as well as data and transaction security, real-time-reporting, fraud protection, customer service, and a dispute resolution system.
It deploys a regulatory-compliant SaaS payment suite on eCommerce portals to process cashless transactions made using payment cards, including debit cards, charge cards, and credit cards.
It also provides an integrated (account and payment) receivables management platform that provides for fraud protection, performance reporting, payment support, and management of card payments, along with the provision of customer support and a unified dispute management system.
As a PSP, PayCafe deploys an integrated network architecture that provides a payment gateway, a merchant account, and a payment processor, and optimizes its transaction processing quality, partly through accelerated turnaround time and low transaction costs.
It also leverages payment tokens in data security and limitation of the liability exposure of the merchant. Likewise, it provides sitewide HTTPS and 128-bit SSL certificate to a merchant so that the merchant can use its own domain name as the web address of the online shop.
Regarding fees, they are usually levied as a percentage of the transaction cost, with this percentage being as low as 2.49%.
Who is the service designed for?
PayCafe is a PPSP that offers a proprietary card payment suite that provides settlement services for merchants who sells their products in e-commerce markets and accept payments made using payment cards. Its goal is to make these cashless transactions simple, dependable, and consistent.
PayCafe has packaged its payment solution for online transactions into a service bundle that offers a credit card payment solution along with a shopping cart and a virtual terminal, as well as data and transaction security, real-time-reporting, fraud protection, customer service, and a dispute resolution system.
This service bundle is supported by an integrated receivables management platform (IRMP) that synchronizes and implements some of the services offered, as well as ensures that payments are made in an easy, reliable, secure, and cost-efficient manner.
The provision of a shopping cart and transaction security allows PayCafe to offer payment gateway services, while the provision of card payment solution, fraud protection, and dispute resolution allows PayCafe to provide payment processing services. It also provides a merchant account.
Therefore, PayCafe offers both payment gateway and payment processing services, as well as provides a merchant account hence making it a payment service provider (PSP). Payment gateway and payment processors are described later.
Features of PayCafe
The features that make PayCafe stand out among its PSP peers are described below. Most of these features have already been mentioned above.
Easy Setup and Integration
PayCafe payment suite can be easily set up and integrated into the website of the merchant, and one does not need to do any programming.
If one needs help to integrate the PSP SaaS into his/her online shop, one can request help from PayCafe’s support team. This setup and integration can be done quickly, and one can start receiving payments via PayCafe.
Integrated Network Architecture
As mentioned earlier, the 3 elements needed to transfer money during a cashless card transaction are the payment processor, merchant account, and the payment gateway.
These 3 forms the network architecture of an online payment system. Usually, 3 different service providers provide this architecture, with each provider specializing in one element and each provider charging its own fee.
Thus, the standard architecture can be described as follows; the merchant has an online shop that features a point-of-sale SaaS Software – provided by the payment gateway service provider – that captures transaction details and card data, which are then forwarded to an aggregator who relays the information to the card network that liaises with a bank to approve or decline a transaction.
The aggregator services are provided by the payment processor service provider, while the merchant account that receives payment is provided by another service provider.
This is where PayCafe stands out as compared to its peers, as PayCafe provides all the 3 elements – payment gateway, merchant account, and payment processor – in an integrated network architecture, which not only minimizes transaction fees but also streamlines the process of transaction verification and authorization hence making the process of purchasing a product from the online shop to be simple and dependable.
Data Security, Tokenization, and Encryption
When using PayCafe, data integrity and security are assured through the use of payment tokens.
As explained earlier, the buyer enters his/her card details into the e-commerce website and this allows the merchant to access and store his/her card details, hence creating a great risk and liability exposure if the website is hacked and its database accessed by hackers.
In this case, they will be able to exfiltrate the payment card details and thus leave the merchant to cover for the loss of the card data, as well as for exposing their customers to risky transactions.
To avoid this, PayCafe does not allow the merchant to keep the details of the payment card, even for recurring subscriptions.
It does this by collecting the payment card details from the buyer and then using this data to generate a unique set of customer/consumer identifying information (CII) which can be used in place of the card data.
This CII is then given to the merchant and it serves as the placeholder of the card details while allowing for recurring payments based on subscriptions to be made automatically.
This set of payment-enabling CII information is called the payment token. The process of generating and verifying the payment token is called tokenization, and it allows PayCafe to provide the merchant with a unique token for each customer so as to support automated processing of charges and refunds, as well as voiding of transactions.
Moreover, tokenization and use of payment tokens ensure that the merchant complies with the data security standards (DSS) set by the payment card industry (PCI) for merchants engaged in online trading.
Also, PayCafe’s PSP SaaS provides point-to-point encryption of transaction data so as to ensure that the card details of the buyer are never transmitted as clear text that can be read by hackers in case the merchant website suffers a data breach.
This encryption converts that cleartext card details that the buyer entered into the transaction webpage into a ciphertext. Relatedly, PayCafe provides sitewide HTTPS and 128-bit SSL certificate to a merchant so that the merchant can use its own domain name as the web address of the online shop.
The provision of data integrity, transaction encryption, and data and transaction security services form the cybersecurity service package provided by PayCafe.
Regarding PCI-DSS compliance, PayCafe provides Level 1 PCI-DSS compliance which is the highest security standard currently articulated by PCI.
As expected, the payment gateway which provides the shopping cart for the online shop is hosted on a secure server that features a 256-bit SSL certificate for encrypting the data is hosts and receives from the online shop. This server is provided and maintained by PayCafe.
Chargebacks and Dispute Management
The acquiring bank, or acquirer, who provides the merchant account accepts some degree of risk from the merchant, with the main source of this risk being fund reversal.
According to PayCafe, fund reversal can occur in 3 forms: card refund, card reversal, and card chargeback, with chargeback posing the greatest reputation risk for both the acquirer and the merchant.
Card refund simply means that the merchant voluntarily returns the payment made by the buyer back to his/her payment card, while card reversal means that the merchant cancels an authorized transaction before the back-end payment processor transfers funds from the issuing bank to the acquirer.
As noted, the merchant initiates the card refund or card reversal. However, for card chargeback, it is the buyer who initiates a dispute against the validity of an authorized transaction that has been settled by the front-end payment processor.
Usually, the chargeback request is made via the issuing bank. Also, the card association penalizes the acquirer by charging a fine for each successful chargeback.
In turn, most acquirers pass this fine to the merchant. Therefore, disputing a chargeback and successfully preventing this chargeback saves both the acquirer and the merchant from refunding the cardholder and paying a fine.
For PayCafe, the merchant is provided with a dispute management system that allows for easy settlement of chargeback disputes and reducing the frequency of successful chargebacks.
A merchant who is likely to be subjected to frequent chargebacks is described as a high-risk merchant. Usually, a chargeback rate of more than 1% of all completed transactions is enough for Mastercard and Visa card associations to consider the merchant as a risk, and the acquirer is penalized for taking such a risky merchant as its client.
This explains why some e-commerce traders find it difficult to get a payment processor and merchant account if they are considered as high-risk merchants who will attract lots of chargebacks.
Fortunately, PayCafe comes with a solid dispute management system that allows high-risk merchants to handle chargebacks well, and for this reason, PayCafe can take high-risk merchants as clients and provide them with merchant accounts, along with payment gateways and payment processing services.
PayCafe provides 24/7 customer support to merchants who use its card payment SaaS suite. Its clients (the merchants) can call the support desk at any time and receive immediate support, or use the chatroom, or even send an email. The support staff is based in the US.
Currently, PayCafe provides a proprietary payment technology that is deployed using the software-as-a-service (SaaS) model.
This deployment model cuts the costs of deployment of the payment suite, as well as ensures that PayCafe adheres to the required regulatory requirements.
As expected, the SaaS software is run on a remote server owned and operated by PayCafe, and deployed through the cloud so as to process card payments made regardless of the area of origination (the place where the buyer is located) of the transaction, as well as allow the merchant to access the IRMP.
This management platform provides for fraud protection, performance reporting, payment support, and the management of account receivables (usually the card payments), as well as allows for the provision of customer support and a unified dispute management system.
PayCafe benefits from the technology developed by the pioneers of payment processing. The first payment processing company is Confinity, Inc., which was established in 1998. Confinity was later re-branded as X.com in 1999 when it merged with an online bank founded by Elon Musk called X.com.
Later, this merged product was branded as PayPal in June 2001 and was subsequently bought by eBay a few months later.
Confinity introduced the concept of online payment processing to the market, and since then payment processing has grown into an ecosystem that incorporates payment gateways, card companies, payment software, digital wallets, data protection systems, peer-to-peer payment systems, eCommerce partnerships, and automated customer engagement tools, as well as contactless payment methods.
As expected, the PayCafe payment suite features most of these components and elements (of the payment processing ecosystem).
There are different brands of payment cards such as Visa, Mastercard, Discover, and American Express (Amex). The network of acquiring and issuing banks that process cashless card payments made using a specific brand of payment card is described as a card association.
PayCafe supports all major card associations in the US, including Visa, Mastercard, Amex, and Discover. Likewise, as a PSP, PayCafe abides by the regulations set by the supervisory body of US-based online PSPs, the Financial Crimes Enforcement Network (FinCEN) which falls under the Department of the Treasury.
Payment Processing – the Process and the Technology
There are 3 elements needed to transfer money from the issuing bank to the acquiring bank during a cashless card transaction.
These 3 are the payment processor, merchant account, and the payment gateway, and no card transaction can be completed without all three. Likewise, these 3 elements must operate together in a synchronized manner to allow for this transaction.
The payment gateway
The payment gateway provides a portal that accepts card payments. Also, it processes the transaction so as to arrive at the price that the buyer needs to pay.
For an e-commerce business with a website, the payment gateway provides the electronic portal (e-portal) that allows the cardholder to enter his/her card details so that they can be processed by the payment processor for the purchase to be authorized.
Expectedly, this gateway authorizes the e-commerce website to accept card payments. Thereafter, the gateway feeds the card data (input) along with the transaction details to the payment processor.
The payment processor links the gateway to the merchant account and provides the payment processing services that are needed to move the money from the cardholder’s account in the issuing bank to the merchant account in the acquiring bank.
The merchant account is the specialized business account authorized to receive card payments.
If a conceptual stacked model is used to explain how these 3 elements relate to each other, then it can be said that the payment gateway is stacked on top of the payment processor, while this processor is stacked on top of the merchant account.
This vertically stacked conceptual model describes the flow of data and money from the payment card into the merchant account. So, how does this apply to PayCafe?
Cashless card transactions
PayCafe is appointed to handle cashless card transactions for a merchant, and the appointing authority is the merchant.
This means that the merchant must first express the need for using PayCafe payment processing services, and this is done by the merchant signing up for these services.
The signup process is simple and straightforward and can be done via the online signup portal provided by PayCafe on its official website.
Next, PayCafe needs to accept the merchant as its client, and upon this acceptance, the merchant is assigned an e-commerce account and is provided with an online merchant portal that can be accessed via a unique pair of login details, the username/email, and password.
Likewise, the payment suite is set up in the e-commerce website of the merchant so that it can receive and process card payments.
Back-end and the Front-end processors
There are 2 types of payment processors, the back-end and the front-end processors. As a front-end payment processor, PayCafe can send requests and receive feedback from the card association that provides the payment card. This card association provides a link between PayCafe and the issuing bank.
This allows PayCafe to authorize or decline a payment depending on the feedback provided by the issuing bank.
The backend payment processor receives the payment settlement from the front-end processor (in this case, PayCafe) and then ensures that this payment is settled by guaranteeing and safeguarding the transfer of money from the cardholder’s account to the merchant account.
Normally, this bank-to-bank transfer is facilitated by the Federal Reserve Bank, which is also the core of the FRS. Relatedly, if the front-end processor declines a transaction, that transaction is not registered nor processed by the back-end processor.
Expectedly, PayCafe being a front-end processor ensures that declined transactions are never processed by the back-end processor.
How does PayCafe facilitate online cashless transactions?
Customer places order
To begin with, the customer, who is the cardholder, needs to visit the e-commerce website of the merchant, pick a product, and then place an order which takes the cardholder to the order webpage.
In the order webpage, the cardholder enters the address details, personal details, and chooses card payment as the payment option, and afterward enters the card details and thereafter clicks on SUBMIT ORDER.
The order webpage is the transactions webpage of the payment gateway, and upon reception of the SUBMIT ORDER command, PayCafe encrypts the transaction details and converts the card data into ciphertext.
Encryption of payment details
Encryption is initially done using the secure socket layer (SSL) standard, and this allows for data from the order webpage to be sent by the payment gateway to the payment processor.
This ensures that the card data input made by the cardholder into the merchant’s webserver (the order webpage is hosted on a webserver) is not transferred into the merchant’s database, but is instead directly transmitted to the payment processor.
Therefore, PayCafe ensures that cardholder’s card data bypasses the merchant’s database, hence reducing the liability exposure of the merchant as the merchant stores no card data.
The payment gateway converts the ciphertext transaction data into an EFT-compatible ISO 8583 data format that can be received and processed by the payment processor.
PayCafe provides the payment processor and thus provides payment processing services. To start, it receives the ISO8583-formatted transaction data and then subjects it to anti-fraud measures and thereafter forwards the data to the card association for verification of card details.
After verifying the card details, the card association issues an authorization request to the issuing bank. The issuing bank receives this authorization request and confirms if the cardholder has enough funds in his/her debit account or line of credit.
Verifying Available Funds
After verifying the funds available, the issuing banks return either one of 2 response codes: APPROVED or DECLINED.
This response code is received by the card association which does one of 2 things:
If the response code received is APPROVED, the card association places the funds on hold and deducts it from the cardholder’s account.
This transaction is then subjected by PayCafe to additional anti-fraud filters, and if it fails to pass through the anti-fraud system, then the transaction is DECLINED and the held funds are returned to the account of the cardholder.
If the transaction passes through the anti-fraud system and is APPROVED as LEGITIMATE, then the APPROVED transaction is AUTHORIZED to be relayed to the payment gateway.
If the response code is DECLINED, the transaction is terminated or declined.
The payment gateway receives the transaction APPROVED AUTHORIZATION status, and forwards it to the payment page of the merchant’s website, which then processes the payment and provides the cardholder with a receipt or invoice for a successful purchase.
This procedure of processing an AUTHORIZED transaction and providing a proof of purchase (the receipt or invoice) is called transaction authorization, or simply, Auth. The merchant is then expected to clear the transaction by giving the cardholder the purchased product.
After payment has cleared
The afore-described processes are the processes of the front-end payment processor. After the transaction is cleared, PayCafe enters the successful transaction into a batch, which is the sum of all cleared transactions that can be forwarded to the acquiring bank for settlement.
This transfers the settlement process from the front-end payment processor – i.e PayCafe – to the backend payment processor.
The backend payment processor forwards the batch received by the acquiring bank to the card association, who forwards the individual transactions to their respective issuing banks (that authorized the transactions of the cardholders).
The issuing banks then settle the batch by transferring money from the accounts of the cardholders to the merchant account, and in the process deducts their fees and charges, as well as taxes. At this stage, it is said that the approved funding of the batch has been completed, and hence the batch has been settled.
Auth and invoice/receipt
The duration from placing the order and receiving the Auth and invoice/receipt usually takes 3 seconds or less. This shows that transactions done via PayCafe have a very short turnaround time.
On the other hand, the settlement of the batch by the backend payment processor can take up to 3 days. Therefore, the merchant who uses PayCafe as its appointed PSP can receive funds within a week after the transaction was cleared.
It is also evident that PayCafe not only forwards the transaction details and the card details to both the card association and the issuing bank, but it also subjects the transaction to a series of anti-fraud filters so as to flag fraudulent transaction and terminate them before both the cardholder and merchant suffer a financial loss and reputational damage.
The Pros and Cons of Using PayCafe