Government Payment Gateway (GPG)
The Government Payment Gateway (GPG) is a Software as a Service (SaaS) based platform offered by MITA, which allows the Government of Malta to accept online payments. It is an eGovernment Shared Service acting as a centralised payment service, that meets the highest industry security levels to provide citizens with a consistent and uniform experience while effecting payments online. The GPG is a provider-initiated online payments model, whereby transactions are processed through a singular, centrally Hosted Payment Page (HPP). This method of payment ensures that Service Providers have no access to card details submitted by citizens during an online payment process. The HPP is certified to be Payment Card Industry Data Security Standard (PCI DSS) compliant, a requirement mandated by all banks and is the standard method for the processing of online payments. In 2024, a total of 1,180,934 transactions were effected having a total value of €335,790,833.
The payment page is centrally hosted within a PCI-DSS certified data centre which allows a high level of security and meets industry standards. The platform offers transaction processing, REST API integration, retrieval of payment status, refunds, settlement of payments, 3D Secure enabled transactions, card wallets, reporting facilities and a back-office transaction management portal.
Integration to the service is facilitated by the provision of an Application Programming Interface (API) that provides line of business applications and websites with the necessary functionality to:
- Process an online payment – Allow clients to enter credit card details and complete a transaction.
- Retrieve payment details – Verify payment by retrieving the status and all relevant information about the payment.
- Refund processed payments – Refund functionality can be implemented to revert the funds back to the client’s account.
- Settle Payments – Settle Pre-Authorised Payments so that the funds are withdrawn from the clients account once a condition is met.
The payment page can also be invoked either in English or in Maltese by passing EN or MT as required.
To encourage portability, the GPG is responsive to fit all kinds of devices be it desktop, tablet or mobile.
Different Types of Transactions
GPG provides two main types of transactions that can be used in the Provider-Initiated Online Payments Process Flow. These Include:
Sale
When using the Sale as a payment method, the funds are immediately withdrawn from the client’s bank account and deposited into the Merchant’s bank account, as long as, the payment status is successful. Service Providers can still refund the payment should the need arise either through the GPG reporting portal or through direct integration of the refund functionality.
Pre-Authorisation
When using the Pre-Authorisation, the funds are not immediately withdrawn from the client’s bank account. Instead, funds are withheld by the bank until a specific condition is met. During this period, the client cannot make use of the withheld funds as these are unavailable for withdrawal. The Service Provider can then settle (complete the transaction and withdraw the funds) or cancel the payment (release the funds and make them available back to the client) according to the business needs.
When using Pre-Authorisation, the bank will release any withheld money from the client’s bank account after 7 days’ pass (including weekends and public holidays) from when the transaction was originated. Any settlements attempted after this 7-day period will be unsuccessful and the transaction will have to be initiated once again by the client. This is to ensure that the money is not withheld indefinitely by a Service Provider.
3D Secure
The GPG also supports 3D Secure with the following colour coding used in the reporting portal:
- Green (
) – 3D Secure Fully Processed and hence transaction went through a full 3D Secure authentication.
- Red (
) – 3D Secure Eligible hence card used during the transaction is issued by a bank that supports 3D Secure but for some reason, the client’s bank bypassed the 3D Secure process. Merchant is not liable for any fraud.
- Black (
) – 3DS Not Eligible as the card issued by a Non-3DSecure supported Bank.
- Orange (
) – Enrolled thus user closed the page or took too long to complete the 3DS process.
NB: MITA is in no way responsible for reconciliation activities to any Government or third-party entity. MITA shall only provide access to reporting data provided by GPG, however, the use of such data for reconciliation is the Provider Account’s own responsibility.
Registering for GPG Service Provider Account
The first procedure that needs to be done to integrate with GPG is to create the Merchant Accounts with the bank/s of your choice (BOV and/or HSBC). It is essential to always ask the banks for a 3D Secure enabled account. Such merchant accounts tend to take a considerable amount of time to be created, thus it is highly advised to initiate this process as early as possible.
Once the Merchant Account details are available from the bank, the Government entity is to raise an eRFS to create a merchant account and link it with the users who will be granted different roles to this account.
For any other queries contact [email protected]