A virtual terminal is a type of online application that lets businesses manually enter and process credit card transactions over the internet. It’s typically used by businesses that need to handle transactions in which the card is not physically present, such as over the phone or through mail orders. Virtual terminals are accessed through a website provided by a payment processor and require the user to input the card details and transaction information manually.

A payment gateway is a technology used by businesses to accept debit or credit card purchases from customers. It acts as the intermediary between a business’s website (or point-of-sale (POS) system) and the payment networks involved with processing the transaction.

With global ecommerce revenue projected to exceed $4.1 trillion in 2024, virtual terminals and payment gateways are increasingly important for business operations. This guide will compare the two and explain how to implement each for your business.

What’s in this article?

• How do virtual terminals work?
  
• How do payment gateways work?
  
• Virtual terminal vs. payment gateway: Similarities and differences
  
• Virtual terminal vs. payment gateway: Implementation
  
• Virtual terminal vs. payment gateway: Security concerns and best practices
  

How do virtual terminals work?

Virtual terminals let businesses enter payment information into an online interface to process transactions in which the card is not physically present. They are especially useful for businesses that do not have physical stores, those that take orders via phone or email, or those that need to process payments in various locations. Virtual terminals can integrate with other business systems for invoicing, accounting, and inventory management, making them a versatile tool for handling business transactions.

Here’s a brief overview of how virtual terminals work:

• Login: The business logs in to the virtual terminal through a secure web portal provided by its payment processor.

• Data entry: The business manually enters the customer’s payment details (e.g., credit card number) and the transaction amount into the virtual terminal interface.

• Processing: The virtual terminal sends the information through a payment gateway for authorization.

• Authorization: The payment gateway encrypts and forwards the transaction data to the card network and issuing bank for approval.

• Confirmation: The issuing bank sends back an approval or denial, which is relayed through the payment gateway to the virtual terminal.

• Completion: The business completes the sale, and the transaction details are recorded for reconciliation and recordkeeping.

How do payment gateways work?

A payment or digital gateway is an intermediary that facilitates payments. It transmits sensitive credit card details from the customer to the issuing bank and then transmits the bank’s approval or denial for the transaction back to the business.

Here’s how it typically works:

• Transaction initiation: A customer enters their credit card details on a business’s website or POS system. The payment gateway collects this information.

• Encryption: The gateway encrypts the data, protecting the data from potential fraud.

• Authorization request: The gateway sends the encrypted data to the payment processor used by the business’s bank. The processor forwards this transaction data to the card network (e.g., Visa, Mastercard), which then routes it to the cardholder’s issuing bank for authorization.

• Response: The issuing bank approves or denies the transaction, sending this response back through the card network to the payment processor and then back to the payment gateway.

• Transaction completion: The gateway receives the response and relays it back to the website or POS system. If approved, the transaction is completed, and the funds are later settled into the business’s bank account.

Virtual terminal vs. payment gateway: Similarities and differences

Though virtual terminals and payment gateways both process electronic payments, they cater to different needs and transaction types. Virtual terminals require manual entry and work best for business-entered transactions. Payment gateways automate the process and are more suitable for customer-driven online purchases.

Here’s a quick overview of their main similarities and differences:

Similarities

• Secure transaction processing: Virtual terminals and payment gateways encrypt transaction data to ensure secure transmission of sensitive payment information over the internet.

• Payment network integration: Both interact with various payment networks and banks to authorize and process payments.

• Card-not-present (CNP) transaction support: Both support payments that occur when the cardholder is not physically present, such as online or over-the-phone payments.

Differences

Virtual terminal

• Functionality and usage: Virtual terminals are primarily used by businesses to enter payment details into an online interface when the cardholder is not present. They are ideal for telephone or mail orders and do not require the customer’s direct interaction.

• User interaction: Virtual terminals require an employee of the business to manually input payment details into the system.

• Technology integration: Virtual terminals are typically a standalone system accessed through a web browser. They can sometimes integrate with other business systems for accounting or inventory.

• Target user: Virtual terminals are used by businesses that do not necessarily have ecommerce platforms but still need to process payments remotely. These might include professional services or wholesale businesses.

Payment gateway

• Functionality and usage: Payment gateways connect a business’s website and the financial systems involved in processing the payment.

• User interaction: Payment gateways operate automatically and are designed for customer-initiated transactions. Customers enter their payment details on an ecommerce site or app. They require minimal interaction with the business during the transaction.

• Technology integration: Payment gateways are highly integrated into websites, apps, and online shopping carts.

• Target user: Payment gateways are required for ecommerce businesses and any businesses that sell goods or services online directly to customers.

Virtual terminal vs. payment gateway: Implementation

Virtual terminals and payment gateways have different implementation needs and processes, and the choice of which to use depends on the needs of a business. Virtual terminals are less technology-intensive, have minimal setup, and are easier to implement quickly. They’re ideal for businesses that process payments manually. Payment gateways require more technical expertise to implement and are better suited for businesses that need a comprehensive, integrated online payment system capable of handling large volumes of transactions.

Here’s how businesses can implement virtual terminals and payment gateways:

Implementing virtual terminals

• Accessibility: Virtual terminals are designed to be simple and accessible. They are typically web-based applications that require no additional software installation. Users simply log in to an online platform using a browser.

• Setup and configuration: Setting up a virtual terminal often involves minimal technical configuration. Businesses typically need to set up an account with a payment processor that provides the virtual terminal as part of its service. Once the account is established, the business might need to configure some basic settings such as security features and user permissions.

• Hardware requirements: Typically, there are no specific hardware requirements beyond a computer or mobile device with internet access. Businesses that also need to handle physical card transactions can integrate hardware such as card readers with some virtual terminal solutions.

• User training: Virtual terminal staff training is typically straightforward, and usage does not require extensive technical skill. Users should understand how to securely enter payment information, process transactions, and manage receipts.

Implementing payment gateways

• Technical integration: Payment gateways require more complex technical integration than virtual terminals. They must be integrated into websites, ecommerce platforms, or mobile apps, and the gateway application programming interface (API) must be configured to work with the existing digital infrastructure.

• Security: Implementing a payment gateway requires strict adherence to security standards such as the Payment Card Industry Data Security Standard (PCI DSS) to ensure the safe handling of sensitive credit card information. This might involve setting up encryption protocols, secure data storage, and other cybersecurity measures.

• Customization: Payment gateways offer more options for customization, letting businesses create a user experience that matches their online presence.

• Scalability: Gateways can be scaled to handle high volumes of transactions and can support various payment methods and currencies.

• Developer resources: Deployment of a payment gateway typically requires access to developer resources. Developers must integrate the gateway using APIs provided by the payment processor and conduct extensive testing to ensure the gateway works correctly under all expected transaction scenarios.

Virtual terminal vs. payment gateway: Security concerns and best practices

Whether you’re working with a virtual terminal or payment gateway, certain best practices will help your business effectively process payments.

• Educate employees on security best practices, including how to spot phishing scams and how to handle sensitive customer data.

• Develop and enforce clear security policies for payment processing and data handling.

• Have a plan to respond to security incidents quickly and effectively.

• Inform customers about how to protect themselves from online fraud.

Specific security concerns and best practices associated with virtual terminals and payment gateways are outlined below.

Virtual terminal security concerns

• Manual data entry: The biggest risk with virtual terminals is related to manually entering card details. This can lead to human error and potential data exposure.

• Data storage: If not properly secured, stored card data can be a target for hackers.

• CNP fraud: Transactions entered manually are considered CNP transactions, which have a higher risk of fraud.

Virtual terminal best practices

• PCI DSS compliance: Virtual terminal providers must be PCI DSS compliant. This set of security requirements is designed to protect cardholder data.

• Strong passwords: Use strong, unique passwords for your virtual terminal account, and change them regularly.

• Limited access: Give virtual terminal access to only trusted employees. Limit their permissions based on their roles.

• Encryption: Make sure to encrypt sensitive cardholder data during transmission and storage.

• Fraud prevention: Use tools such as address verification service (AVS) and card verification value (CVV) verification to reduce fraud risk.

• Regular updates: Keep your virtual terminal software up to date with the latest security patches.

Payment gateway security concerns

• Data breaches: Though payment gateways have strong security measures, they are not immune to data breaches.

• Phishing attacks: Customers can be tricked into entering their payment information on fake websites designed to look like that of your store.

• Fraudulent transactions: Fraudulent actors might try to circumvent the gateway’s security measures.

Payment gateway best practices

• PCI DSS compliance: Payment gateways must be PCI DSS compliant and regularly undergo security audits.

• Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption: Payment gateways must use strong SSL/TLS encryption to protect data during transmission.

• Tokenization: Payment gateways should incorporate tokenization, which replaces sensitive card data with unique tokens that are useless to fraudulent actors.

• 3D secure authentication: Payment gateways should consider implementing 3D Secure (e.g., Verified by Visa, Mastercard SecureCode) for an extra layer of authentication.

• Fraud monitoring: Payment gateways should have fraud detection and prevention tools such as velocity checks and machine learning algorithms.

• Regular security reviews: Payment gateways should conduct regular security reviews and penetration testing to identify and fix vulnerabilities.