What is a payment gateway?

A payment gateway is technology that authorizes debit or credit card payments for eCommerce sites, as well as brick and mortar stores.

It acts as the middleman between merchants and customers to ensure that every transaction is fast and secure. 

Payment gateways are at the front-end of each payment. Ultimately, it’s the payment gateway which communicates whether a transaction has been approved or declined.

How do payment gateways work?

Although brick and mortar stores can just about get by with a traditional cash register, any business planning to take distant or online payments needs a payment gateway. 

When you purchase something online, the transaction speed is usually lightning fast. But a payment gateway accomplishes a lot in those few seconds.

Here’s a guide to how payment gateways work:

1. The customer goes to make a purchase

For an online payment, the customer will need to enter their debit or credit card information into a form on the website. 

If making a purchase in-store, the customer will either swipe, tap, or enter a pin for their card into a point of sale (POS) device. 

2. The payment gateway encrypts that information and sends it on

Security is paramount when it comes to point of sale and internet payments. 

So the customer’s debit card or credit card details are encrypted first, then the payment gateway routes all of that information to the acquiring bank via a payment processor for authentication.

Wait, what’s an acquiring bank?

Also called the merchant bank, it’s responsible for processing debit or credit card payments on behalf of the merchant’s bank account – also simply known as the merchant account.

3. The acquiring bank forwards the details onto the card network

Next up, the credit card scheme – for example Visa or Mastercard – will receive the encrypted payment data from the acquiring bank. 

It will perform an additional check for fraudulent activity before sending the card information on again up the chain.

4. The issuing bank receives an authorization request

After a series of further checks, the issuing bank will decide if the request is genuine. It’ll also check whether there are funds in the customer’s bank account to approve the transaction. 

It then sends that information back down the chain to the payment processor and on to the payment gateway.

So, what’s an issuing bank?

The issuing bank provides credit cards to customers on behalf of card networks, and approves funds for the acquiring bank to collect for the merchant account.

5. The payment gateway informs the merchant of the outcome

Whether the transaction has been authorized or declined, the payment gateway will notify the merchant. 

If the acquiring bank receives approval, it can then collect the funds for the merchant account in order to complete the transaction. 

Types of payment gateway

There are more ways than one to accept online payments – here are the three main types of payment gateway:

Redirects

Also known as simple checkout, this is where customers are momentarily redirected away from the merchant’s website to complete their transaction.

For example, the merchant might use PayPal as its payment gateway provider. Customers will be redirected to a PayPal page to complete payments, before being sent back to the merchant.

It’s an easy way for retailers to accept payments without implementing stringent security measures on their own site. Plus, they’re using a well-known payment portal.

That said, it disrupts the user experience when customers are redirected to a completely separate site. What’s more, using redirects means less control for merchants.

Onsite checkout, offsite payment

For this type of payment gateway, customers are still temporarily sent offsite to complete their transactions. But the user experience is less disrupted.

With onsite checkout, offsite payment, the hosted payment gateway looks like the merchant’s own website. The customer enters credit card information and returns to the merchant site.

It’s great for providing a more seamless shopping experience, while minimizing the merchant’s obligations for maintaining a secure payment gateway.

The downside though is that, once again, the merchant has little control over any potential quirks of the hosted payment gateway. 

Onsite payments

This is where everything happens in one place: the merchant’s own website. Onsite payments offer the most seamless user experience for shoppers.

All customers do is enter payment details on a secure form and the onsite payment gateway will work to complete the transaction. 

It sounds like the logical option, but onsite payment gateways require Payment Card Industry (PCI) compliance – to a rule called the Data Security Standard (DSS) – from all sellers. 

In a nutshell, the PCI DSS secures payment portals against data breaches. Small businesses might therefore prefer to cut out the hassle and opt for redirects instead.

Payment gateway vs payment processor

You might see the term ‘payment gateway’ used interchangeably with the term ‘payment processor’. But they’re describing different things.

Payment processors do exactly what they sound like they do: process payment requests. And they do this by mediating between the merchant and financial institutions.

A payment processor is an entity which payment gateways connect to the merchant account during a transaction. 

As well as being critical in facilitating payments online, payment processors also provide brick and mortar retail businesses with point of sale machines for debit or credit cards.

When it comes to payment processing, both of these similar-sounding elements are key components in enabling the merchant to accept payments.

Payment processors facilitate payments by transmitting the request, where payment gateways communicate per transaction whether the request has been accepted or denied.

Examples of popular payment gateways

If a business wants to accept credit or debit card payments, being able to support payment processing is vital. 

And fortunately when it comes to choosing a payment gateway, online retailers have several options to choose from. 

Here are some of the top payment gateway providers available to merchants:

PayPal

Maybe the most well-known payment system of all, PayPal operates worldwide and has its own payment gateway called PayFlow.

There are two options for sellers: the first is the free PayFlow Link. With this ‘redirects’ type of gateway, payment happens on a separate page to the merchant’s own website. 

Or businesses can choose the ‘onsite checkout, offsite payment’ PayFlow Pro, where the seller payment page is fully customizable. This option costs $99 to set up, then $25 per month.

Stripe

Much like PayPal, Stripe offers to simplify the PCI compliance process for merchants by providing two payment gateway integrations.

The conversion-optimized Stripe Checkout is a hosted payment gateway which tracks the payment method used for each transaction. It works globally on any device.

There’s also the fully-customizable Stripe Elements, which comes with pre built user interface components. Both payment gateways come with fees per transaction, but zero setup costs.

Square

Square’s Payments platform is designed for businesses selling both online and offline. Sellers are able to accept contactless, chip and pin, and even invoiced transactions.

Like other payment gateways, Square promises an effortless user experience for both merchant and customer. The fees are calculated per transaction rather than upfront.

Plus, transaction money lands in the seller’s bank account the next business day. So no need for merchants to worry about managing their own payment processing system.

SecurePay

The clue is in the name with this payment gateway: SecurePay prides itself on providing a completely secure payment platform for merchants and customers alike.

SecurePay offers enhanced security measures, 24/7 user support, and payment gateways for all kinds of businesses from online stores to street vendors.

Similar to the Square and Stripe payment gateways, SecurePay boasts zero setup or monthly fees. Instead, each transaction comes with a fluctuating commission payment.

Worldpay

Offering simple, single integration and expert support, Worldpay is a great option for businesses of all sizes. 

The payment processing system is committed to helping merchants scale their operations and boasts the most up to date payment products.

It also charges fees per transaction – both a commission rate and a one-off payment of around $0.30. Like other payment gateways, sellers can get started with no upfront payments. 

How to choose a payment gateway for an eCommerce business

If you’re setting up shop as an online retailer, you’ll need to be ready to accept debit and credit card payments.

Before you get started, consider your business needs. What is a payment gateway going to have to offer your store besides a payment processing system?

• Security. If you hadn’t already noticed, having a secure payment gateway is crucial to any business. Every merchant must be PCI compliant, but it can take some time and effort to get that right. So choosing a bigger payment operator and redirecting your customers can be a smart move.

• User experience. You don’t want to build a website that looks perfect to then ruin it with a poor payment gateway. Your online customers should be able to see that your payment page is secure but that it also represents your brand. Opt for a gateway which is speedy and slick, and consider whether you need a customizable template.

• Versatility. It pays to use a gateway which can help you scale your business. Whether you’re purely online or you have brick and mortar outlets, too, find a platform which supports global commerce. Bear in mind that you might also want to empower customers to purchase from multiple devices.

• Reasonable fees. Like everything in business, payment gateways cost money to implement and run. It’s vital to consider the budget you can afford to work to before setting up a gateway with a third party processing system. Do you want to cover monthly fees or accept commission cuts on every transaction?