What is a payment gateway and how does it work?

What is a payment gateway?

Think of a payment gateway as the secure technology that provides a bridge between your business and your customer.

In the same way that a point-of-sale terminal at a brick-and-mortar cash register looks at a card's chip to ensure the card is valid, a payment gateway helps ensure a payment is legitimate. Since you can't access the physical card when processing an online order, the payment gateway helps do that work for you.

How does a payment gateway work?

Here’s a quick rundown on how the payment gateway process works:

• Step 1: Once a customer hits the Buy Now button on your website, your payment gateway jumps into action.
• Step 2: It securely sends your customer's credit card information from your website to the credit card payment network for processing.
• Step 3: It then returns the transaction details and response from the payment network back to your website to tell you if the charge is authorized, allowing the order to be completed.

What is a payment gateway vs. payment processor?

You'll often hear the terms payment gateway and payment processor used interchangeably, but there are some major differences between them. The biggest one is a payment processor alone doesn't help securely authorize a transaction. Instead, a payment gateway has the ability to both process and authorize a transaction.

• A payment processor passes along the customer's credit card information to the issuing bank. Once the transaction is approved, it connects the issuing bank with your merchant account to transfer the funds. While a payment processor is a requirement to process the transaction, a payment processor alone doesn't help securely authorize the transaction.
• Similar to a payment processor, a payment gateway also passes along the customer's credit card information and connects accounts together. But it also securely authorizes the transaction, ensuring you'll get paid. You need both for online sales — but using a payment gateway that’s different from your payment processor can give you flexibility to go with your preferred provider.

What are the different types of payment gateways?

As a merchant, there are three main types of payment gateways you should be aware of, including on-site payments; redirects; and checkout on site, payment off-site.

On-site payments

When a business uses on-site payments, customers don’t have to leave a retailer’s website when completing a transaction, which creates a more seamless checkout experience. This option is ideal for larger businesses that want to control the entire checkout experience via their own systems and servers. To that end, on-site payments give companies — particularly enterprise-level corporations with the means and support — more control and flexibility over payment processing.

Redirects

When a company allows alternative payment methods during checkout, say the option to pay with PayPal or Apple Pay, that’s what is known as a redirected payment gateway. Small businesses might choose to use a third-party payment gateway to offer customers more varied ways to pay, as well as increased security of a larger payment platform.

Checkout within site, complete payment off-site

As the name suggests, the front-end checkout process occurs on a merchant’s site, while the payment processing happens through a separate back-end system. Similar to redirects, this option can offer increased security and convenience for customers.

What to look for in a payment gateway?

Not all payment gateways are created equal. If you want to accept online payments, it's worth taking the time to research your options and find one that best fits the unique needs of your business. Here's what to look for:

Security

As a merchant, you need to protect your customers' credit card data. If a customer doesn't trust your website with their information, they're unlikely to complete the sale. If you want to accept credit cards online, ensure your payment gateway is PCI compliant.

Hosted versus self-hosted

A hosted payment gateway will send customers to a different website to enter payment details. This can make it easy to get started and helps ensure PCI compliance, but it doesn't allow you to control the whole customer checkout experience. A self-hosted payment gateway collects the credit card information from your site, providing a holistic customer experience. But since this option puts responsibility for security on you, you'll need a self-hosted option that can provide PCI compliance.

Customer experience

While security is important, you don't want your customer to go all the way through the checkout process only to realize your website won't accept their preferred payment method. You need to make sure your payment gateway lets you process the payment types your customers prefer to use so they don't get frustrated or take their business elsewhere.

Implementation

Your payment gateway needs to connect your website and merchant bank account together with other processors. Choose a provider that makes it simple to implement and connect everything without a lot of hassle.

International capabilities

When you sell online, there's no reason to limit yourself to only your local market. As e-commerce becomes more global, you may need to attract, nurture, and sell to customers internationally. That means your payment gateway should make it simple to accept more than just your local currency.

Optional features

Depending on your business, you may need extra features that other merchants don't, like additional fraud protection, buyer authentication or the ability to process recurring payments like membership fees.

Do you need a payment gateway?

As long as you accept (or want to accept) credit card payments online or on a mobile device, you’ll need a payment gateway. Without it, you won't be able to verify a customer's credit card information, process payments, or finalize the sale.

If your business is brick-and-mortar only, you might not need a payment gateway. Your point-of-sale terminal will authorize the credit card payment using the chip reader. But if you plan to offer a hybrid of online and offline sales, it can make sense to incorporate a payment gateway into both your e-commerce and real-world checkout process.

Payment gateway fees

Average payment gateway fees can vary widely, depending on the provider and your requirements. Review and understand fees before choosing your provider.

How to use PayFlow, PayPal’s payment gateway

If you already have a payment processor, you can add Pay Flow, which is PayPal's payment gateway. Payflow gives you two gateway options depending on the level of customization you need on your checkout page:

• Payflow Link: With Payflow Link, your customers enter their payment details at checkout on a secure, PCI-DSS compliant template hosted by PayPal. You can choose to integrate an embedded template that sits right on your website, or you can use a customizable full-page template.
• Payflow Pro: This option is fully customizable, letting you build a unique checkout experience that helps meet the exact needs of your business and your customers. From language and layout to page sequence and PCI-DSS compliance options, you can control everything.

With both the PayPal Commerce Platform and Payflow, you get everything you may need in a payment.