What is a Payment Gateway?

Written by

Darren DeMatas



Written by

Darren DeMatas


Reviewed By Our team of writers and content creators are experts in ecommerce and we fact-check every claim in our work to ensure it’s accurate and up-to-date. (Learn about our editorial guidelines.).

A payment gateway is technology merchants use to accept debit and card payments from customers. It refers to the physical card readers you see in brick-and-mortar stores. It also refers to the online portals used to collect online payments. 

The payment gateway is the consumer-facing interface that collects payments. In physical stores, it’s the point-of-sale (POS) terminal where the card is swiped or a phone is tapped. In ecommerce stores, it’s the checkout page where customers enter their credit card information. Or in the case of PayPal, where the customer enters log-in information.

How a Payment Gateway Works

what is a payment gateway

The payment gateway is only one piece of the puzzle required to accept payments digitally. The front-end technology sends customer information to the merchant’s acquiring bank (business bank account) for processing.

Technology continues to evolve and improve the way we handle transactions. Terminals once accepted cards with magnetic strips then required the purchaser to sign a piece of payment. Chip technology removed the signature part of the equation. Now, customers enter a personal identification number (PIN) in the terminal. 

Today’s near-field communication (NFC) technology makes contactless payment possible. You no longer have to carry the plastic card as long as the data is stored in your phone or smartwatch.

The architecture of the payment gateway varies depending on whether it is used in-store or online. Online payment gateways use APIs to communicate between websites and payment processing networks. In-store gateways use a POS terminal to connect to the payment processing network (see our article on Shopify vs. Lightspeed’s POS systems). The connection occurs either through a phone line or over the internet.

The entire three-step process takes place in a matter of seconds.


The encryption process encodes information that’s transmitted between a browser and a server. This privatizes the data for exclusive use between the two parties.


The payment process gets approval from the bank or credit card company to proceed with the transaction. If the request is rejected, the transaction is denied and doesn’t continue.


Once the gateway gets authorization, the website and interface proceed to the next action. 

Beyond collecting payments, payment gateways can also:

  • Screen orders
  • Calculate taxes
  • Use geolocation to handle location-specific actions.

Different Types of Payment Gateways

Payment gateways generally fall into one of three categories.


If a gateway takes a customer to a third-party payment page to finish the transaction, it is known as a redirect. 

It’s a simple way for the retailer to handle accepting online payments. Use a redirect payment gateway to get the safety and security of a major platform. However, it translates to an additional step for customers and less control over the merchant’s process.

Checkout on Site, Payment Off-Site

This is how Stripe works. The front-end checkout (what the customer sees) occurs on your ecommerce site. But, the actual payment processing occurs behind the scenes through Stripe’s back end.

This approach ensures that your customer’s card data is collected on a third-party site. Your site never handles sensitive information. With SSL on your site, the connection between your site and the payment gateway is always encrypted. 

As with redirected payment gateways, you do have some advantages. There’s no additional step for your customers. The data is secure elsewhere, and you don’t have to worry about much. You won’t control the user’s experience from start to finish, so you’ll be at the mercy of the off-site gateway.

On-Site Payments

Generally reserved for large-scale businesses that can invest in the necessary security and encryption, this method takes care of everything on its servers. All the checkout and payment processing happens on your site. 

With this approach, you’ll have complete control over the entire customer experience. But, with that comes the additional responsibility of protecting sensitive transaction data from hackers. If the information is leaked because of a data breach, your company could be liable.

Examples of a Payment Gateway

If you’re searching for the right payment service provider to help you process payments, you have plenty of options. 


Send Money Pay Online or Set Up a Merchant Account PayPal 1024x526 1

One of the most popular payment gateways worldwide, PayPal’s redirect payment gateway is a great option. PayPal includes a free payment gateway they host for you. If you want more customization features, you can pay $25 a month. These features give you more control over the customer experience.

Both services include fraud protection security at no additional charge. You know your payment gateway is safe and can handle threats that may come up. 

With PayPal, you’ll pay 2.9% + 30 cents per transaction in transaction fees. There are no monthly fees (unless you opt for the additional features.) 

If you set up your account to accept international payments, you can accept multi-currency payments. You’ll be able to house multiple currencies in a single account – and handle currency conversion, too.

Amazon Pay

Amazon Pay

Amazon Pay is similar to PayPal. It allows people to log in to their Amazon account and use their stored payment methods to pay. If you use this online payment gateway, you can accept payments from a variety of issuing banks. 

Amazon Pay charges 2.9% plus 30 cents per transaction on all domestic transactions. The international transaction rate increases to 3.9%.

Apple Pay

Apple Pay

This payment gateway focuses on mobile payments. With it, merchants can accept payments from customers using Touch ID and Face ID. Customers can maintain a digital wallet on their mobile phones.

Apple Pay charges a processing fee of 3%. There are no additional fees or hidden fees for merchant accounts.

Google Pay

Google Pay Screenshot

This payment gateway is Android’s answer to Apple Pay. In addition to working with Android devices, it also works with iOS and the web. You can make online payments, in-person payments, and person-to-person payments. 

This credit card processor is different. It substitutes your actual credit card details with a virtual one. This offers added security. In addition to payment services, Google Pay also includes a gift card and loyalty program management. 

Google does not charge customers fees when using a debit card to make payment. Customers are charged a 2.9% fee when using a credit card. Google may charge a merchant account a merchant fee of up to 4% for in-store payments. That means customers could pay up to 6% extra just for using their credit card through Google Pay.


Sell Online Build a Free Online Store or eCommerce Website Square 1024x566 1

Square is a payment gateway provider, credit card processing company, and ecommerce platform well known for the card readers that attach to your smartphone. They are great for businesses that need to accept online payments and in-person payments. 

A drawback to Square is that they charge a premium for manually entered transactions. You’ll pay 2.75% for swiped transactions and 3.5% plus 15 cents for manually entered credit card transactions.



Stripe is another popular payment gateway. They focus on mobile ecommerce, platform-based payments, non-profits, and software as a service (SaaS).



Merchants who want to simplify their payment acceptance options may wish to use Authorize.net. They offer an all-in-one payment provider option. With it, you can accept PayPal, Apple Pay, most major credit cards, and more. Authorize.net offers echeck payments, too. It is one of the best omnichannel payment solutions on the market today.

Their transaction fees are in line with PayPal and Amazon Pay, charging 2.9% plus 30 cents per transaction.

Payment Gateway vs. Payment Processor

You may hear the term payment gateway used interchangeably with “payment processor.” Though the two are similar, there are some crucial differences between them. 

Payment processors analyze and transmit the traction data. It sends relevant information to the issuing bank. This includes the debit card number that links to a bank account. 

The payment gateway not only processes the payment. It also authorizes the funds’ transfer between the two parties. Many payment gateway providers are both a payment gateway and a payment processor. 

When you swipe or tap your card, that’s the processor. Like a payment gateway, it can include both hardware and software components – or just software components. That’s why the two are often confused.

Limitations of Payment Gateways

From the payment gateway examples above, it’s clear that none of the platforms are created equally. Choosing the ones you want to use means you’ll need to understand and accept limitations. Many limitations are simply part of the way payment gateways work.

Most Payment Gateways Only Accept a Few Payment Options

You won’t find a solution that accepts all types of cards and payments. They advertise how universal their gateways are. But, they won’t mention that they cannot accept payments from certain card issues or a specific payment portal.

International Customers May Not Have a Payment Solution

PayPal isn’t the most popular option around the world. Other countries may have preferred methods they use.

Some Security Flaws

There are still consumers out there who don’t like to place online orders because of security concerns. High-quality payment gateways offer strong security and maintain PCI compliance. However, there are always vulnerabilities. 

Take, for instance, mobile payment issues. You may control most of the security at the transaction itself, which is good. But, you don’t control who has access to the customer’s device.

TLS encryption keeps credit card details secure during processing. However, the data may be at risk once it’s on the server. 

Malware that reads passwords and makes its way into user accounts can still send transactions that look authentic.  

Why You Need Multiple Payment Processing Options

You can reduce and possibly eliminate some of these weaknesses by offering more than one payment gateway. By using multiple payment gateways, you maximize options for your customers… which ultimately makes it easier for you to accept card payments.

Let Customers Choose

Your customers should be able to choose what they want to use, and when they want to use it. A payment gateway that processes Visa and Mastercard will cover the majority of your customers

But there are customers with alternative cards like Discover and American Express. And even though they may have a Visa, they may want to pay with their Discover card account.

The goal is to make things as easy as possible, even if it means more merchant account fees. No matter which merchant account you use, you’re only processing one transaction per customer at a time. All the money makes its way into your business bank account.

Provide a Second Option

Many people don’t have credit cards. That’s why it makes sense to offer something like PayPal, Venmo, or Apple Pay, too. Support as many options as possible, so customers can make purchases with whatever payment method they want.

Choosing Your Secure Payment Gateway

To make sure you’re working with a trustworthy, secure payment gateway, ask yourself:

What Do Your Customers Use?

What are your customers already using to make credit card payment transactions online? By stacking multiple payment gateways with various payment types, you’ll be able to mitigate security risks while also running into fewer problems overall.

How Much Does it Cost to Accept Credit Card Payments?

Transaction fees are common and relatively similar across the board. Some will charge a monthly fee, while others won’t. You’ll need to be sure that what you’re paying is something that you can afford. 

How Secure is the Encryption?

If the company isn’t PCI compliant, skip them. The Payment Card Industry Data Security Standard (PCI DSS) is a collection of standards designed to uphold security for all digital and electronic transactions. Before you decide to make any payment gateway work, always make sure they maintain compliance.

Do They Have a Good Reputation?

In the ecommerce business, reputation is everything. If they aren’t known for:

  • Stellar customer service
  • Strong security to protect cardholder data
  • Quality

Then you don’t need to associate your business with them.

Your Payment Gateway is Never Set in Stone

If you start working with one and decide the company isn’t what you expected it to be, you can always change to another. Switching may mean investing in new POS equipment, but for a strictly ecommerce store, that’s nothing to worry about. 

Start small with just two or three options, and add or change them as needed.

Featured on

The Next Web