Licensed precious-metals dealers

Gold payment system for licensed bullion dealers, on one orchestration API.

topropay orchestrates card, ACH, SEPA and wallet acceptance for licensed precious-metals merchants — with a hosted payment SDK, smart routing tuned to high-ticket bullion purchases, and a unified reconciliation feed across every connected acquirer.

Bullion
licensed precious-metals dealer acceptance
300+
methods on the same unified API
Hosted SDK
drop-in checkout with PCI L1 vault
1 ledger
across every connected provider

Key benefits

Why licensed bullion merchants pick this hosted payment sdk shape

Four properties that show up the moment high-ticket precious-metals acceptance stops living in a single-gateway integration and moves onto an orchestration layer.

Card, ACH and bank rail on one integration

Licensed bullion merchants accept Visa, Mastercard, Amex, Discover, ACH (US), SEPA (EU) and regional wallets on the same hosted checkout. Smart routing across the connected acquiring panel lifts approval on high-ticket precious-metals purchases.

Hosted payment SDK with PCI L1 vault

The hosted payment sdk drops into the merchant's website or app and captures card details straight into topropay's PCI DSS Level 1 vault. PAN never lands on the merchant origin; the merchant's PCI scope shrinks to SAQ A.

Smart routing tuned for high-ticket verticals

Per-BIN, per-country and per-amount scoring picks the acquirer most likely to clear a large gold-purchase authorisation. Soft declines cascade to the next ranked lane inside the same auth — no manual retries on a customer who already committed to a bullion order.

Chargeback-aware dispute handling

The unified dispute queue tracks the merchant's position vs Visa VDMP / VAMP and Mastercard ECP thresholds per acquirer. Evidence-pack templates prefilled with delivery, insurance and provenance metadata speed representment on precious-metals chargebacks.

How the payment gateway request flow works

From KYB to one Reconciled ledger row in five steps

What happens between a licensed bullion merchant submitting KYB documents and a settled row in the reconciliation feed.

  1. 01

    KYB & underwriting

    The licensed bullion merchant submits KYB documents — dealer licence, AML posture, supplier chain evidence — through the platform's onboarding flow. Approval typically runs 5–15 business days for high-ticket verticals.

  2. 02

    Integrate the hosted payment SDK

    The hosted payment sdk installs on the merchant's website or mobile app. Card capture uses hosted iframes; PAN captures straight into the PCI L1 vault; a vault token drives refunds and repeat purchases.

  3. 03

    Route each authorisation

    The routing engine scores the authorisation on BIN, scheme, country pair and amount, then ranks the connected acquiring panel. Soft declines cascade to the next ranked lane inside the same authorisation.

  4. 04

    Capture & fulfilment metadata

    Capture is triggered on shipment; delivery tracking, insurance policy IDs and dealer provenance references attach to the vault token, ready for future dispute defence.

  5. 05

    Reconcile in one feed

    Settlement files from every connected acquirer normalise into one ledger; daily exports tagged by provider, scheme, currency and routing policy for the merchant's finance system.

Specialty scenarios

Other specialty payment gateway products the platform covers

Six edge-case scenarios the platform handles alongside precious-metals acceptance — hosted SDK, mobile money, Korea, voice payment, WooCommerce and automation testing.

  • SDK

    hosted payment sdk on web and mobile

    Drop-in hosted SDK for React, Vue, iOS and Android surfaces the same platform vault across web and native. PCI scope stays at SAQ A regardless of surface.

  • Mobile money

    mobile money payment system where supported

    Mobile-money rails (M-Pesa in Kenya, MTN MoMo in West Africa, GCash in the Philippines) reachable via partner connectivity in supported markets — surfaced as a method inside the same unified API.

  • Regional

    korea payment gateway connectivity

    South-Korean acceptance via licensed Korean partner acquirers — KakaoPay, Naver Pay and card acceptance inside the same integration. Partner-licensed connectivity keeps the merchant off a separate KR contract.

  • Voice

    voice payment system via partner DTMF

    PCI-compliant DTMF voice-payment capture delivered through a partner MPoC-aligned telephony provider. The merchant's call-centre agents never hear or see card digits; the tones tokenise straight into the vault.

  • Plugin

    high risk woocommerce payment gateway

    For licensed high-risk WooCommerce merchants (subscriptions, travel, ticketing, licensed gaming) the platform ships a WooCommerce plugin that routes card authorisations across the connected acquiring panel with chargeback-aware routing.

  • Testing

    payment gateway automation testing

    Full sandbox with programmable BIN behaviours, scheme-specific 3DS scenarios and webhook replay tooling for merchants running CI-style payment gateway automation testing against every release.

Platform features

Capabilities behind the secure payment gateway posture

Ten capabilities the platform ships once and reuses across every connected provider — the primitives that make the connected panel feel like one product.

  • Unified payment gateway API One REST contract across card, ACH, SEPA, wallets and regional rails; SDKs for web, mobile and server.
  • Hosted payment SDK Drop-in hosted checkout that keeps card data off the merchant origin; PCI scope stays at SAQ A.
  • PCI DSS Level 1 vault Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across the connected panel.
  • Smart routing & cascade Per-transaction scoring on BIN, scheme, currency, country pair and amount; ranked routes across the connected panel.
  • 3DS2 / SCA orchestration Selective EMV 3DS2 per PSD2 exemption logic; frictionless where possible; step-up on issuer or amount.
  • Signed webhooks Replay-safe lifecycle events per authorisation, capture, settlement and dispute.
  • Unified dispute queue One queue across providers; evidence-pack templates per vertical; automated representment for select scheme types.
  • One reconciliation feed Settlements, fees, refunds and chargebacks across every connected provider normalised into one ledger.
  • Multi-currency settlement Settlement per currency per acquirer where the connected acquirer supports it; treasury sees per-currency positions.
  • Sandbox & test harness Full sandbox with programmable BIN behaviours and webhook replay for payment gateway automation testing.

Industry relevance

Licensed bullion merchants across EU, UK, APAC and LATAM

topropay's precious-metals posture targets licensed dealers operating across Europe, the UK, APAC and LATAM — bullion sellers with the right operating licences and transparent supplier chains, alongside adjacent high-ticket verticals (numismatic coin dealers, licensed watch-and-jewellery dealers, licensed diamond merchants) that share the same acquiring and dispute posture.

Compliance boundary

Search phrases that don't map to topropay's product

Four common search phrases where the platform explicitly does NOT operate — noted here so search visitors can save the enquiry and route to a fit provider elsewhere.

high risk 2d payment gateway
'2D' means non-3DS acceptance — bypassing SCA. In jurisdictions where SCA is required (EU / UK PSD2), the platform does not offer 2D-only routing. Selective 3DS2 with frictionless-first exemption logic is the correct approach.
medicaid payment system
US Medicaid / CMS claim-adjudication payment systems sit inside HIPAA-covered healthcare workflows, which is a separate regulatory domain. topropay is not a HIPAA-covered entity and does not operate in healthcare claim adjudication.
lottery payment gateway (unlicensed)
Unlicensed lottery operators are out of scope. Licensed national-lottery operators or licensed state-lottery agencies with the relevant operating licence in each jurisdiction can be considered under the licensed-gaming vertical, subject to full underwriting.
payment gateway without ssn
Non-US-resident merchants can onboard without a US SSN; a US EIN or the merchant's home-jurisdiction business registration is used instead. KYB and KYC are still mandatory — 'without SSN' is not shorthand for 'without identity verification'.

Trust & compliance

Compliance posture across every connected provider

One audited environment plus scheme-programme positions surfaced per acquirer. Sub-merchants inherit the relevant posture without carrying separate certifications themselves.

PCI DSS Level 1
Annual on-site assessment plus quarterly ASV scans; sub-merchants inherit the posture across every connected acquirer.
SCA & PSD2
Selective 3DS2 on the authorisation path keeps approval high in Europe without skipping the SCA bar. The platform does not offer 2D-only bypass in jurisdictions where SCA is required.
Sanctions & AML alignment
Sanctions screening at onboarding; AML monitoring tuned per merchant vertical, volume and country mix. KYB and KYC are mandatory and non-negotiable across every merchant type.
Scheme programme posture
Visa VDMP / VAMP / VFMP and Mastercard ECP / EFMP positions surfaced per connected acquirer; routing weights can rotate around at-risk lanes.
Licensed verticals only
Licensed precious-metals dealers, licensed gaming, regulated financial services and other compliance-bound verticals supported only where current operating licences exist. Grey and black-market verticals are out of scope.

Ready for a bullion-vertical review

Bring licensed precious-metals acceptance onto one orchestration API.

A 30-minute bullion-vertical review covers the connected acquirers relevant to your geographies, routing weights tuned to high-ticket authorisations, and a sandbox to test against before any commercial commitment.

Frequently asked

Buyer questions about the gold payment system and adjacent scenarios

Definitions, hosted SDK mechanics, sandbox automation, regional coverage and the compliance boundary between what topropay does and doesn't handle.

  1. 01

    What does gold payment system mean on topropay?

    Gold payment system on topropay describes the acceptance stack for licensed precious-metals and bullion dealers: card, ACH, SEPA and wallet acceptance through the unified API, a hosted payment SDK that shrinks PCI scope to SAQ A, smart routing tuned to high-ticket transactions, and a unified dispute queue tuned to chargeback patterns in the precious-metals vertical.

  2. 02

    Which merchants qualify for the gold acceptance vertical?

    Licensed precious-metals and bullion merchants qualify: dealers with a valid operating licence in their jurisdiction, transparent supplier chain, and a compliant AML posture. Unlicensed grey-market bullion trading and mineral-source-uncertain flows are out of scope regardless of ticket size.

  3. 03

    How does the hosted payment sdk work in practice?

    The hosted payment sdk installs on the merchant's website or app and renders card-capture fields as hosted iframes. Cardholder PAN never touches the merchant's own JavaScript or server — capture goes straight into topropay's PCI DSS Level 1 vault, which returns a vault token the merchant stores instead. Refunds, retries and repeat purchases reference the token.

  4. 04

    What payment gateway information can we share with buyers on the checkout?

    Payment gateway information on the checkout typically covers the accepted schemes (Visa, Mastercard, Amex, Discover), the wallets available, the presence of 3DS security, and the branded gateway name ('topropay'). Buyers don't see connected-acquirer identities; those surface only on statement descriptors and dispute case files per scheme rules.

  5. 05

    Are payment gateway products bundled or picked à-la-carte?

    Payment gateway products on topropay are configured per merchant from a common set of primitives — hosted checkout, hosted fields, low-level SDK, unified vault, smart routing, dispute queue and reconciliation. A precious-metals dealer typically uses the hosted SDK plus recurring for their subscription-buyback programme; a marketplace uses the low-level SDK. Nothing is a rigid bundle.

  6. 06

    What does a payment gateway request look like on the API surface?

    A payment gateway request on topropay is a POST to /v1/authorizations with the amount, currency, buyer identifier and vault-tokenised credential. The response carries the authorisation status, the routing lane that cleared it, and the vault-token reference for downstream refunds, retries and recurring.

  7. 07

    Do you support merchants who want a payment gateway without ssn?

    Non-US-resident merchants onboard using their home-jurisdiction business registration and personal-identity documents; a US SSN isn't required. KYB and KYC remain mandatory — 'without SSN' isn't shorthand for anonymous onboarding, and the platform does not support identity-avoidance flows regardless of vertical.

  8. 08

    How does topropay compare with other secure payment gateway companies?

    Secure payment gateway companies in the market fall into two shapes: single-provider gateways (one API, one acquirer relationship) and orchestration layers (one API in front of many acquirers). topropay sits in the second shape — the security posture is PCI DSS Level 1 across the platform, but the merchant gets multi-acquirer routing, cascade and unified reconciliation on top, which single-gateway competitors typically don't.

  9. 09

    Does the platform expose a voice payment system?

    Voice payment system flows — where a call-centre agent or IVR captures a card over the phone — are delivered through a partner MPoC-aligned DTMF telephony provider. Agents never hear the digits; DTMF tones tokenise straight into topropay's vault. This keeps the merchant's contact-centre PCI scope at SAQ A.

  10. 10

    What about high risk 2d payment gateway acceptance?

    '2D' payment gateway acceptance means routing card authorisations without 3DS authentication. In EU / UK jurisdictions under PSD2, SCA is required for most transactions — 2D-only routing violates SCA and is not offered on topropay. Selective 3DS2 with frictionless-first exemption logic is the correct approach: SCA-compliant, high-approval, and buyer-friendly.

  11. 11

    Can WooCommerce merchants integrate a high risk woocommerce payment gateway through topropay?

    Licensed high-risk WooCommerce merchants (subscriptions, travel, ticketing, licensed gaming, nutraceuticals) can integrate the platform's WooCommerce plugin. The plugin surfaces the connected acquiring panel behind one 'topropay' entry in the WooCommerce checkout; smart routing and cascade run server-side.

  12. 12

    What does korea payment gateway connectivity cover?

    Korea payment gateway connectivity covers card scheme acceptance plus KakaoPay and Naver Pay through licensed Korean partner acquirers. Merchants selling to Korean buyers don't run a separate KR integration — the same unified API surfaces the KR method list when the buyer's origin is detected.

  13. 13

    What lottery payment gateway framing does topropay support?

    Only licensed lottery operators — typically national or state lotteries with the relevant operating licence — can be considered under the licensed-gaming vertical, subject to full underwriting. Unlicensed lottery, sweepstakes-in-lottery-clothing or grey-market lottery-adjacent operators are out of scope regardless of routing shape.

  14. 14

    Is a medicaid payment system in scope?

    No. US Medicaid / CMS claim-adjudication payment systems sit inside HIPAA-covered healthcare workflows — a separate regulatory domain from card-and-bank-rail payments. topropay is not a HIPAA-covered entity, does not process PHI, and does not operate as a healthcare-claim payment system.

  15. 15

    How does payment gateway automation testing work in the sandbox?

    Payment gateway automation testing in the topropay sandbox uses a full test environment with programmable BIN behaviours (approve / decline / soft-decline / step-up), scheme-specific 3DS flows (frictionless, challenge, reject), webhook replay for state-machine tests, and idempotency-key semantics identical to production. CI pipelines can hit the sandbox from every merge without operator involvement.