First, I want to take a moment to say that we appreciate the positive reviews that have been posted in this thread for ChargeLogic. After reviewing your questions, I would like to provide some feedback regarding the differences between payment gateways and payment processors as well as about PCI compliance.
Payment gateways act as coordinators between simple payment applications or web sites and payment processors. The application makes a request to the payment gateway, and the gateway takes the request and formats it for the user’s particular payment processor and submits it for approval. The processor then responds back to the gateway, which reads the response and constructs a result message to send back to the application. The payment gateway then takes care of the end-of-day batch settlement submission to the processor (usually at or around midnight).
Because of the introduction of a third party into the mix, using a payment gateways usually adds to the per-transaction cost of accepting credit cards. For high-volume NAV users, this additional transaction fee can become quite costly. Gateways also usually charge a monthly fee for their services.
By comparison, ChargeLogic is certified directly with all of the major payment processors in the US and many in Canada. Because we deal directly with the processor, no gateway is required. In the US, there are not very many payment processors (approximately 10), but there are hundreds of payment gateways. Each of these gateways just front-ends for one or more of the major processors. They usually do a good job of hiding what particular processor they are talking to, but if you call and ask, they will give you the names of the payment processors that they support. They will most likely be the same ones that are on the ChargeLogic list.
Since ChargeLogic talks directly to the payment processors, the end-of-day batching can occur within ChargeLogic (i.e., it is a full-fledged payment application). This also means that there is no possibility of getting out of sync with the host, which is a problem when using a third-party gateway.
Finally, I wanted to address your concern about PCI-compliance. ChargeLogic routinely undergoes rigorous PCI audits by a QSA (Qulified Security Assessor) in order to make sure that our adherence to the PCI specification is complete. This step of QSA validation of the payment application is required by Visa and MasterCard. A list of validated payment applications can be found on the PCI Security Standards Council site at https://www.pcisecuritystandards.org/security_standards/vpa/. In order to insure that your payment processing service remains uninterrupted, we recommend that you check the PCI site to make sure that each link in the chain has been validated (this includes the payment application, the payment gateway (if one is in use), and the payment processor). Visa has begun to set deadlines for compliance. The next one is July 1st, 2010, after which new merchants will not be allowed to process on Visa’s network unless they are using a validated payment application.
I know that the payment processing industry is complicated and the answers to seemingly simple questions aren’t always clear, so if you have additional questions, please feel free to contact me.