The market value of global e-commerce sales is projected to grow to US$6.35 trillion by 2027. As customers increasingly prefer digital transactions, businesses that fail to adapt risk being left behind, losing potential customers and revenue to competitors.
Online payment experiences can affect how many transactions are completed successfully by customers. In a survey of online shoppers, 18% of abandoned baskets were attributed to an inefficient or cumbersome checkout process. And as e-commerce grows, cybercrime related to online payments is also rising. Businesses need to address both issues by creating a simple and efficient online payment experience for customers, which is also highly secure and equipped to combat evolving fraud attempts.
Payment gateways play a key role in achieving this complex and important goal. Below, we discuss what businesses need to know about what payment gateways are, how they work, their pivotal role in e-commerce and how they operate in a broader payment processing system.
What's in this article?
- What are payment gateways?
- What does a payment gateway do?
- What's the difference between a payment gateway and a payment terminal?
- What's the difference between a payment gateway and a payment processor?
- How does a payment gateway work?
What are payment gateways?
A payment gateway is a technology platform that acts as an intermediary in electronic financial transactions. It enables in-person and online businesses to accept, process and manage various payment methods – such as credit cards, debit cards and digital wallets – in a secure and efficient manner. The payment gateway bridges the gap between the customer, the business, and their respective financial institutions in one platform, typically charging a fee every time a transaction is processed.
What does a payment gateway do?
A payment gateway performs several important functions to ensure that payments are secure, efficient and accurate:
Encryption
When a customer submits their payment information during online checkout, the payment gateway encrypts the data. This protects it from unauthorised access or theft while it is transmitted between the customer's device, the business's server and the financial institutions.Connection with payment processor
The payment gateway connects a business's customer-facing checkout and the payment processing provider.Authorisation
The payment gateway forwards the encrypted transaction data to the business's acquiring bank, which then sends the information to the customer's issuing bank or the relevant payment processor. The issuing bank or payment processor verifies the transaction details, including the customer's account balance and the validity of the payment method, before approving or declining the transaction. The payment gateway receives the response and sends it back to the business.Data collection and reporting
Payment gateways often provide businesses with valuable data that can help them analyse and manage their transactions. This may include transaction history, refund management and other data points to help businesses identify trends and improve their payment operations.Fraud detection and prevention
To minimise the risk of fraudulent transactions, payment gateways use advanced security measures, such as fraud-detection algorithms, address verification systems (AVS) and card verification value (CVV) checks. These measures help identify and block potentially fraudulent transactions before they can be processed.
What's the difference between a payment gateway and a payment processor?
Payment gateways and payment processors are two key components of electronic financial transactions, particularly in e-commerce – but they serve different functions. Here's an explanation of their differences:
Payment gateway
Role: A payment gateway acts as an intermediary between the customer, the business and their respective financial institutions during an online transaction. It transmits sensitive payment information securely and facilitates transaction authorisation.
Main functions: The payment gateway encrypts transaction data, forwards it to the business's acquiring bank or payment processor, receives the transaction approval or decline response, and communicates the transaction status to the business's website or app.
Security: Payment gateways employ security measures to prevent fraudulent transactions and protect payment data as it enters the business's payments system. Payment gateways do this by using measures such as encryption protocols (SSL or TLS) and fraud-detection algorithms, as well as AVS and CVV checks, to protect sensitive data and prevent fraudulent transactions.
Integration: Payment gateways typically integrate with e-commerce platforms, websites or mobile apps using APIs or prebuilt plugins.
Payment processor
Role: A payment processor, sometimes referred to as a merchant services provider, is a business that handles the processing of the transaction. This includes the authorisation and settlement of funds between the customer's issuing bank, the business's acquiring bank and the relevant payment networks (e.g. Visa, Mastercard).
Main functions: The payment processor verifies the transaction details, checks the customer's account balance and the validity of the payment method, approves or declines the transaction, and facilitates the funds transfer between the customer's and the business's accounts during the settlement process.
Security: While payment gateways focus more on verifying transactions and preventing payment fraud at the point of sale, payment processors employ security measures to uphold the highest standards of protection for payment data. Payment processors must comply with PCI DSS requirements, which ensure the secure handling and storage of cardholder information.
Relationship with the business: Payment processors often have a direct contractual relationship with the business that includes providing it with a merchant account. This type of bank account allows businesses to accept and process electronic payments.
A payment gateway is a tool that securely transmits and facilitates the authorisation of online transactions, while a payment processor is a business that partners with merchants to handle the processing, including the authorisation and settlement of funds between the involved parties. For example, PayPal is a payment processor but not a payment gateway. Both components work together to ensure smooth, secure and efficient electronic financial transactions.
|
Payment gateway |
Payment terminal |
|
|---|---|---|
|
Primary environment |
Online and digital payments |
In-person, brick-and-mortar payments |
|
Where it’s used |
Ecommerce websites, mobile apps, digital platforms |
Retail stores, restaurants, and physical locations |
|
Transaction type |
Card-not-present and online transactions |
Card-present and contactless transactions |
|
How it processes payments |
Acts as an intermediary that encrypts data, authorizes transactions, and routes payments between the customer, business, and banks |
Reads cards or contactless devices, sends transaction data for authorization, and completes the payment in person |
|
Hardware required |
No physical hardware required |
Requires a physical POS or card terminal |
|
Security measures |
SSL/TLS encryption, fraud detection, AVS, CVV checks |
PCI DSS compliance, encrypted card data, EMV chip and contactless security |
|
Integration and setup |
Integrated via APIs or plugins into websites or apps |
Installed as a physical device and connected to a POS system or network |
|
Typical use case |
Online checkout and digital payments |
In-store checkout and face-to-face transactions |
Where each solution is used
Payment gateway: A payment gateway is primarily designed for online transactions, and caters mainly to ecommerce websites, mobile applications, and other digital platforms.
Payment terminal: Also known as a point-of-sale (POS) terminal or credit card terminal, a payment terminal is a physical device used in brick-and-mortar stores, restaurants, and other in-person retail environments. It allows customers to make payments using credit cards, debit cards, or contactless payment methods such as smartphones with near-field communication (NFC) technology.
While payment gateways are typically used for online transactions, they can also be integrated with in-person transaction systems, depending on the provider and their offerings. In such cases, payment gateways can facilitate electronic transactions in physical retail environments.
How payments are processed behind the scenes
Payment gateway: The payment gateway serves as an intermediary between the customer, the business, and their respective financial institutions during an online transaction. It encrypts sensitive data, facilitates transaction authorization, and streamlines funds settlement.
Payment terminal: A payment terminal mostly does the same job as a payment gateway, but it supports in-person rather than online transactions. It reads the customer’s payment card or contactless payment device, communicates with the relevant financial institutions for transaction authorization, and prints receipts. It connects to the business’s acquiring bank or payment processor through a phone line, internet connection, or mobile network.
How payment gateways and terminals protect transaction data
Payment gateway: To ensure the security of online transactions, payment gateways employ encryption protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS), fraud detection algorithms, AVS, and CVV checks.
Payment terminal: Like payment gateways, terminals use security measures such as encryption of card data and compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements, while also supporting security measures for card-present transactions, such as EMV chip technology.
How each option is set up and integrated with your business
Payment gateway: Set up varies depending on whether a business chooses a hosted gateway or an integrated gateway. A hosted gateway redirects customers to a page managed by the payments provider and requires less technical setup. An integrated gateway is fully embedded in the business’s site and provides more control over user experience. Integrating a payment gateway into an ecommerce platform, website, or mobile app typically requires technical knowledge and the use of APIs or prebuilt plugins.
Payment terminal: Setting up a payment terminal is usually a more straightforward process, involving physical installation of the device and connection to the business’s POS system, internet, or phone line.
What’s the difference between a payment gateway and a payment processor?
A payment gateway is a tool that securely transmits and facilitates the authorization of online transactions, while a payment processor is a business that partners with merchants to handle the processing, including the authorization and settlement of funds between the involved parties.
Although they serve different functions, payment gateways and payment processors are two key components of electronic financial transactions, particularly in ecommerce. Here’s an explanation of their differences:
|
Payment gateway |
Payment processor |
|
|---|---|---|
|
Primary role |
Acts as an intermediary that securely transmits payment data and facilitates transaction authorization |
Handles the actual processing of transactions, including authorization and settlement of funds |
|
What it does |
Encrypts payment information, sends transaction data to the processor or acquiring bank, and returns approval or decline messages |
Verifies transaction details, checks account validity and funds, approves or declines transactions, and moves money between banks |
|
Where it operates |
At the point of online checkout (websites and apps) |
Behind the scenes within the payment network and banking infrastructure |
|
Security focus |
Protects payment data at entry using encryption (SSL/TLS), fraud detection, AVS, and CVV checks |
Ensures secure processing and storage of card data and compliance with PCI DSS requirements |
|
Integration method |
Integrated into ecommerce platforms or apps via APIs or prebuilt plugins |
Integrated through a merchant account and backend payment infrastructure |
|
Relationship with the business |
Typically a software service used by the business |
Often has a direct contractual relationship with the business and provides a merchant account |
|
Handles fund settlement |
No |
Yes |
|
Typical examples |
Online checkout gateways embedded in ecommerce sites |
Merchant services providers that process card payments and bank transfers |
How does a payment gateway work?
Here is a step-by-step explanation of how a payment gateway operates during an online transaction:
1. Transaction initiation
The customer selects the products or services they wish to purchase on the business’s site or app and proceeds to the checkout page. They enter their payment information, such as credit card details or digital wallet credentials.
2. Payment data encryption
Once the customer submits their payment information, the payment gateway encrypts the data using SSL or TLS protocols. This encryption ensures that sensitive information is protected from unauthorised access or theft during transmission.
3. Data transmission to the business’s server
The encrypted payment information is then sent to the business’s server, which securely stores and forwards the data to the payment gateway for further processing.
4. Forwarding transaction details
The payment gateway receives the encrypted transaction data from the business’s server and forwards it to the business’s payment processor and acquiring bank, which is the financial institution responsible for processing the payment on behalf of the business.
5. Transaction verification
The acquiring bank routes the transaction data to the customer’s issuing bank or the appropriate payment processor for authorisation. The issuing bank or payment processor verifies the transaction details, including the customer’s account balance and the validity of the payment method.
6. Transaction approval or decline
Based on the verification, the issuing bank or payment processor approves or declines the transaction. This response is sent back through the acquiring bank and payment gateway to the business’s server.
7. Communication of transaction status
The payment gateway sends the transaction status (approved or declined) to the business’s website or app, which then displays the appropriate message to the customer. If the transaction is approved, the business proceeds with order fulfilment. If declined, the customer is informed and may be prompted to try an alternative payment method.
Payment gateways facilitate and secure the online transaction process by encrypting data, obtaining transaction authorisation, settling funds, and providing reporting tools to the business.
Payment gateway fees
Using a payment gateway comes with fees. Here are a few particularly common payment gateway fees to keep in mind:
Transaction fees
Transaction fees are charged each time the payment gateway processes a credit card transaction. This fee can be a set percentage of the sale amount, a fixed amount per transaction, or both.Setup fees
This is typically a one-time fee charged when a business first sets up an account with the payment gateway. It’s intended to cover the cost of configuring and integrating the payment gateway with the business’s system.Monthly fees
Some payment gateways charge a monthly fee, also called a service fee, for using their services, regardless of how many transactions the business processes per month.
How Stripe Payments can help
Stripe Payments provides a unified, global payments solution that helps any business—from scaling startups to global enterprises—accept payments online, in person, and around the world.
Stripe Payments can help you:
- Optimize your checkout experience: Create a frictionless customer experience and save thousands of engineering hours with prebuilt payment UIs, access to 125+ payment methods, and Link, a wallet built by Stripe.
- Expand to new markets faster: Reach customers worldwide and reduce the complexity and cost of multicurrency management with cross-border payment options, available in 195 countries across 135+ currencies.
- Unify payments in person and online: Build a unified commerce experience across online and in-person channels to personalize interactions, reward loyalty, and grow revenue.
- Improve payments performance: Increase revenue with a range of customizable, easy-to-configure payment tools, including no-code fraud protection and advanced capabilities to improve authorization rates.
- Move faster with a flexible, reliable platform for growth: Build on a platform designed to scale with you, with 99.999% historical uptime and industry-leading reliability.
Learn more about how Stripe Payments can power your online and in-person payments, or get started today.
The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.