How Payment Gateways Actually Work: An Engineer's Perspective
From building EDC systems and payment gateways at Kartuku, an honest technical breakdown of the fintech plumbing most people never see.
The Fintech Plumbing
Before digital payment applications and slick checkout screens, there is an intricate network of systems communicating within milliseconds to transfer money from a buyer's bank to a merchant's bank.
During my time at Kartuku, I worked directly on electronic data capture (EDC) systems and the payment gateways that handle these transactions. Here is how the process actually works:
1. Authorization Request
When you tap your card, the EDC machine encrypts your card data and sends a request to the Payment Gateway. The gateway forwards this payload to the Card Processor (Visa, Mastercard, etc.), which determines if you have sufficient funds.
2. Clearings and Settlement
Authorization only reserves the funds. The actual transfer of money happens during a batch process called "Settlement," typically at the end of the day. All transaction receipts are packaged and submitted to the banks for clearing.
3. Security and Compliance (PCI-DSS)
Because financial data is highly sensitive, every element in this system must follow PCI-DSS standards. Keys are stored in hardware security modules (HSMs) and communications utilize multi-layer encryption.