What is a payment gateway and how does it work?

For consumers, completing a transaction – whether in person or online – is generally a seamless process. From quickly swiping or inserting your credit card into a point-of-sale system or entering your payment details on a website’s checkout screen, a transaction can be authorized and completed in seconds.

But behind the scenes, several sophisticated steps and precise systems are working together to move funds from buyer to seller – and a payment gateway is part of that magic.

Whether you’re new to the world of payment processing or a seasoned business owner looking to overhaul or expand your checkout options, read on to learn what a payment gateway is and how it works. Plus, get tips to help you choose a payment gateway integration for your operation.

What is a payment gateway?

A payment gateway is a digital service that facilitates secure and encrypted transactions between a merchant and their bank and/or processor after a purchase is made. In other words, it’s the bridge that enables the transfer of funds from the customer's preferred payment method to the merchant.

In the same way that a point-of-sale terminal at a brick-and-mortar cash register looks at a card's chip to check if the card is valid, an online payment gateway helps ensure payments are legitimate. Since you can't access the physical card when processing an online order, the payment gateway handles the work for you.

How does a payment gateway work?

Here’s a quick rundown on how the payment gateway process works:

  1. Collect: Customers enter their payment details, such as their credit card information, and hit the payment button on your website.
  2. Transfer: The payment gateway securely transmits the encrypted payment information to the payment network.
  3. Verify and Authorize: The payment gateway sends an authorization request to the payment network, requesting approval to process the payment. Items such as the billing address and the card security code (CVV) can also be verified by the payment network.
  4. Complete: The payment gateway transmits the response from the payment network back to the merchant’s website or application notifying them if the transaction was successful or not.

Example of a payment gateway

Payment gateway providers include financial institutions (e.g., banks), dedicated payment service providers, and specialized fintech companies.

One example is Payflow, the PayPal payment gateway. Payflow gives you two gateway options depending on the level of customization you need on your checkout page:

  • Payflow Link: With Payflow Link, your customers enter their payment details at checkout on a secure, PCI-DSS-compliant template hosted by PayPal. You can integrate an embedded template that sits right on your website, or you can use a customizable full-page template.
  • Payflow Pro: This option is fully customizable, letting you build a unique checkout experience that helps meet the exact needs of your business and your customers. From language and layout to page sequence and PCI-DSS compliance options, you can control almost everything.

More details regarding Payflow, and its additional services can be found on the PayPal Developer Portal.

What is a payment gateway vs. payment processor?

You'll often hear the terms payment gateway and payment processor used interchangeably, but there are some major differences between them.

One of the biggest is that a payment processor alone doesn't help securely authorize a transaction. On the other hand, a payment gateway can both process and authorize a transaction:

  • A payment processor is responsible for the movement of the funds between customer and merchant. It does that by passing the customer's credit card information to the issuing bank to request a hold of funds on the credit card being used. Once the transaction is approved and submitted for settlement, it connects the issuing bank with your merchant account to transfer the funds. While a payment processor is a requirement to process the transaction, a payment processor alone doesn't help securely authorize the transaction.
  • A payment gateway is the “gateway” between merchant and payment processor and is responsible for obtaining the customer’s credit card information and payment data from the merchant. It passes this data to the payment processor securely to be processed. Being the gateway for your transactions, Payflow allows you to use one integration to reach many different banks and processors, including those that work with your existing merchant account. Both are needed for online sales.

What are the different types of payment gateways?

As a merchant, you should be aware of three main types of payment gateways: on-site payments; redirects; and checkout on-site, payment off-site.

On-site payments

When a business uses on-site payments, customers don’t have to leave a retailer’s website when completing a transaction, which creates a more seamless checkout experience.

This option is ideal for larger businesses that want to control the entire checkout experience via their own systems and servers. To that end, on-site payments give companies – particularly enterprise-level corporations with the means and support – more control and flexibility over payment processing.

Redirects

When a company allows alternative payment methods during checkout that’s what is known as a redirected payment gateway.

Small businesses might choose to use a third-party payment gateway to offer customers more varied ways to pay, as well as increased security of a larger payment platform.

Checkout within site, complete payment off-site

As the name suggests, the front-end checkout process occurs on a merchant’s site, while the payment is through a separate back-end system.

Payment gateway integration

Depending on the type of payment gateway, your website's platform, and any additional features or customization your business needs, the payment gateway integration process will vary.

That said, it will typically involve these steps:

  1. Obtaining API credentials: You may need to obtain API credentials (e.g., API keys or merchant IDs) that allow your website to communicate securely with the payment gateway's servers.
  2. Integrating the payment gateway: This may involve using pre-built plug-ins or libraries, integrating APIs directly into your website's code, or utilizing third-party ecommerce platforms with built-in payment gateway support.
  3. Deploying the payment gateway: Once you’ve thoroughly tested and validated everything, you’re ready to deploy the payment gateway on your live website.

What to look for in a payment gateway?

Not all payment gateways are created equal. If you want to accept online payments, it's worth taking the time to research your options and find one that best fits the unique needs of your business.

Here's what to look for:

Security

As a merchant, you must protect your customers' credit card data. If customers don't trust your website with their information, they're unlikely to complete the sale. If you want to accept credit cards online, ensure your payment gateway is PCI-compliant.

Hosted versus self-hosted

A hosted payment gateway will send customers to a different website to enter payment details. This can make it easy to get started and helps ensure PCI compliance, but it doesn't allow you to control the whole customer checkout experience.

Alternatively, a self-hosted payment gateway collects the credit card information from your site, providing a holistic customer experience. But since this option puts responsibility for security on you, you'll need a self-hosted option that can provide PCI compliance.

Customer experience

While security is essential, you don't want your customer to go through the checkout process only to realize your website won't accept their preferred payment method. It’s important to ensure your payment gateway lets you process the payment types your customers prefer so they don't get frustrated or take their business elsewhere.

Implementation

Your payment gateway needs to connect your website and merchant bank account with other processors. Choose a provider that makes it simple to implement and connect everything without unnecessary hassle.

International capabilities

When you sell online, there's no reason to limit yourself to only your local market. As ecommerce becomes more global, you may need to attract, nurture, and sell to customers internationally. That means your payment gateway should make it simple to accept more than just your local currency.

Optional features

Depending on your business, you may need extra features that other merchants don't provide, like additional fraud protection, buyer authentication, or the ability to process recurring payments like membership fees.

Do you need a payment gateway?

As long as you accept (or want to accept) credit card payments online or on a mobile device, you’ll need a payment gateway. Without it, you won't be able to verify a customer's credit card information, process payments, or finalize the sale.

If your business is brick-and-mortar only, you might not need a payment gateway. Your point-of-sale terminal will authorize the credit card payment using the chip reader. But if you plan to offer a hybrid of online and offline sales, it can make sense to incorporate a payment gateway into both your ecommerce and in-store checkout process.

What is an international payment gateway?

An international payment gateway (or global payment gateway) enables businesses to accept payments from customers in different countries.

It facilitates transactions by handling currency conversions, complying with international regulations, and helping secure and seamless payment processing for businesses selling to customers worldwide.

Payment gateway fees

Average payment gateway fees can vary widely, depending on the provider and your requirements. Review and understand fees before choosing your provider.

Ready to get started? With both the PayPal Commerce Platform and Payflow, you get almost everything you may need to accept payments including a full service solution or a gateway that works with your existing merchant account – learn more today.

FAQs

Was this content helpful?

Related content

Sign Up for the PayPal Bootcamp

In partnership with three expert business owners, the PayPal Bootcamp includes practical checklists and a short video loaded with tips to help take your business to the next level.

*Required fields.

We use cookies to improve your experience on our site. May we use marketing cookies to show you personalized ads? Manage all cookies