Types of payment gateways: A quick guide for businesses

Payments
Payments

Accept payments online, in person, and around the world with a payments solution built for any business – from scaling startups to global enterprises.

Learn more 
  1. Introduction
  2. How do payment gateways work?
  3. Types of payment gateways
  4. How different types of payment gateways compare
    1. Integration ease
    2. Pricing and fees
    3. Transaction speed
    4. Security
    5. Customer experience
  5. How to choose the right payment gateway for your business
    1. Assess your business model and volume
    2. Consider technical capabilities
    3. Evaluate the total cost of ownership
    4. Prioritise security and compliance
    5. Understand integration with your payment environment
    6. Focus on customer experience
    7. Review global and local capabilities
  6. How Stripe can help
    1. Security
    2. Integration
    3. Ease of use

Payment gateways are technology platforms that authenticate and process financial transactions for online businesses. They are an intermediary between a business's website and the financial institutions involved in the transaction. As global e-commerce revenue is projected to exceed US$3 trillion in 2023, reliable payment gateways will continue to play an important role in this sector.

Payment gateways operate by verifying customer payment details, ensuring adequate funds are available and enabling businesses to receive the money. They also incorporate security measures to prevent fraud. This includes encrypting sensitive data – such as credit card numbers – to securely transmit information between the customer, the business and the payment processor.

Below, we'll cover what businesses need to know about payment gateways, including how they work, the various types that exist and how these types of gateways compare. We'll also explain how to select a payment gateway to serve the unique needs of your business and your customers, including how and where you accept payments and the payment methods your customers prefer.

What's in this article?

  • How do payment gateways work?
  • Types of payment gateways
  • How different types of payment gateways compare
  • How to choose the right payment gateway for your business
  • How Stripe can help

How do payment gateways work?

Payment gateways act as intermediaries in online transactions. Here's a summary of the payment process and how payment gateways are involved:

  • Collection: When a customer places an order from an online store, they enter their payment details on the website's checkout page.

  • Encryption: The gateway encrypts the data collected from the customer's browser, which keeps the transaction details confidential.

  • Authorisation request: The payment gateway forwards the encrypted data from the website to the business's server via Secure Sockets Layer (SSL) connection. The payment gateway then sends a transaction request to the payment processor associated with the business's acquiring bank.

  • Processing: The payment processor receives the request and passes it to the card network (e.g. Visa, Mastercard). The card network routes the transaction to the issuing bank (the bank that issued the customer's card) to request transaction authorisation.

  • Authorisation response: The issuing bank receives the request, verifies the transaction validity and confirms if the customer has sufficient funds or credit. It then sends back an approval or denial response to the payment processor.

  • Communication of transaction status: The processor forwards the authorisation response back to the payment gateway. If approved, the business fulfils the order, and the gateway tells the website to proceed with completing the transaction.

  • Settlement: After authorisation, the payment processor transfers the funds from the issuing bank to the merchant account, a process known as settlement. This usually occurs on a scheduled basis – not immediately with each transaction.

Types of payment gateways

There are several types of payment gateways, and each is suitable for different business needs. These types include:

  • Hosted gateways
    These are provided by third-party services. When customers make a payment, they are redirected to the payment service provider's platform, where they enter their payment details and complete the transaction. After the payment is processed, customers are sent back to the business's website. These gateways are typically easy to integrate and have strong security, as the data is processed on the provider's servers. However, businesses have less control over the customer experience since the payment process occurs off-site.

  • Self-hosted gateways
    With these gateways, the transaction data is collected on the business's own website. Businesses have full control over the checkout process and customer experience. Because businesses host this type of gateway, they are also required to handle payment data securely and to comply with data protection standards such as the Payment Card Industry Data Security Standard (PCI DSS). Businesses that choose this option typically want a fully customised payment experience and are capable of managing the accompanying security responsibilities.

  • API-hosted gateways
    These provide a simple checkout process directly on the business's website or app. The payment details are collected via an application programming interface (API). This option provides a smooth and integrated customer experience, but it requires the business to have a secure cardholder data environment to meet data protection standards.

  • Local bank integration
    This type of payment gateway connects directly with the bank's own payment system. This can be particularly useful for businesses that are targeting customers in a specific region or country, where the local bank is a trusted and familiar entity. The effectiveness of local bank integration largely depends on a given bank's technology and the level of support it can provide for online transactions.

How different types of payment gateways compare

When comparing different types of payment gateways, assess how each performs in relation to key business needs. Then weigh any trade-offs and select the payment gateway that aligns with your business's operational capabilities, financial considerations and customer experience goals. Here's an overview of how different types of payment gateways perform in a few key areas:

Integration ease

  • Hosted gateways: These are the simplest form of integration. Businesses typically just need to embed a link or button on their website that redirects customers to the payment service provider.

  • Self-hosted gateways: This type requires substantial technical expertise for initial setup and integration, as the business must manage the payment interface and data capture.

  • API-hosted gateways: These also require technical know-how for integration, especially for API calls and handling responses within the business's own application.

  • Local bank integration: Ease of integration with this type can vary greatly, and it is often dependent on the bank's technology infrastructure. Some banks may offer plug-and-play modules, while others may require more complex efforts.

Pricing and fees

  • Hosted gateways: These generally charge per transaction, often with no initial setup fee, making them cost-effective for smaller businesses or those with sporadic sales.

  • Self-hosted gateways: This type may involve higher initial setup costs, including buying software and ongoing expenses for compliance and security updates.

  • API-hosted gateways: Pricing models for these can range from per-transaction fees to monthly charges, with some gateways offering tiered pricing based on transaction volume.

  • Local bank integration: Costs for this type can include setup fees, monthly service charges and transaction fees. These might be negotiable based on business size and transaction volume, but that will depend on individual banks' policies.

Transaction speed

  • Hosted gateways: These can contribute to slower transaction times due to redirecting customers to an external website.

  • Self-hosted gateways: Speed for this type is highly dependent on the business's server and infrastructure, which can be optimised for faster processing.

  • API-hosted gateways: These typically enable quick processing since payments are conducted on the business's website or app, allowing for real-time transactions.

  • Local bank integration: Speed for this type depends on the bank's processing times, which may not be as fast as other gateways that are optimised specifically for quick transaction processing.

Security

  • Hosted gateways: These generally provide strong security and compliance due to the provider's secure servers, removing much of the security burden from the business.

  • Self-hosted gateways: This type places the responsibility of maintaining a secure and compliant environment entirely on the business, requiring it to invest in security measures.

  • API-hosted gateways: Security is a shared responsibility for these. Businesses need to secure the transaction data on their end, while the gateway provides secure endpoints through its API.

  • Local bank integration: Like hosted gateways, these take much of the responsibility off of the business by providing robust security through the local banking partner.

Customer experience

  • Hosted gateways: The redirect with these can disrupt the shopping experience, potentially affecting conversion rates. However, hosted gateways often provide a familiar checkout process that customers trust.

  • Self-hosted gateways: This type allows for a fully customised and streamlined checkout experience, keeping customers on the business's website throughout the transaction.

  • API-hosted gateways: With the ability to customise the look and feel to match the business's branding, these provide a smooth and integrated payment experience.

  • Local bank integration: Customers may find this gateway type particularly trustworthy due to the bank's reputation, but it can be less customisable compared to other types.

How to choose the right payment gateway for your business

Like any other aspect of your payments infrastructure, choosing the right payment gateway for your business requires analysing your specific needs, operational capabilities and customer expectations. Here's how to make an informed decision:

Assess your business model and volume

  • Startup or small business: If you're just starting out or have a low volume of transactions, a hosted gateway might be the most practical. It's usually quick to set up and requires less maintenance, allowing you to focus on growing your business.

  • Growing business with increasing transactions: As your transaction volume increases, consider an API-hosted gateway. This can offer a better customer experience and potentially lower costs per transaction.

  • Large or established business: For businesses with a high volume of transactions and the need for a custom payment experience, a self-hosted gateway may be the best fit. It provides control and can be optimised for your specific needs.

Consider technical capabilities

  • Limited technical resources: If you're working with a small team, choose a hosted gateway that manages most of the technical complexities for you.

  • Technical team on board: If you have a dedicated technical team, an API-hosted or self-hosted gateway could be managed in-house, giving you greater control over the transaction process.

Evaluate the total cost of ownership

  • Understand all fees: Look beyond transaction fees. Consider setup fees, monthly fees, compliance costs and any additional charges for chargebacks or international payments.

  • Consider long-term costs: A gateway with no setup fee but higher transaction costs could be more expensive over time, especially as your sales volume grows.

Prioritise security and compliance

  • Data protection standards: Ensure the gateway is compliant with the necessary security standards, such as PCI DSS, to protect customer data.

  • Security infrastructure: If you lack the infrastructure to securely handle payment data, a hosted or API-hosted gateway that provides strong security features is a better idea.

Understand integration with your payment environment

  • Compatibility with current systems: Your gateway should integrate well with your current website, accounting software and other systems.

  • Support for required payment methods: Ensure the gateway supports all the payment methods your customers prefer, including credit cards, digital wallets, and alternative payment methods.

Focus on customer experience

  • Simple checkout process: A payment gateway should provide a smooth checkout experience to help maximise conversion rates.

  • Customisation: An API-hosted or self-hosted gateway typically allows for greater customisation to match your brand and design a user-friendly interface.

Review global and local capabilities

  • Currency and language support: If you serve an international market, look for a gateway that supports multiple currencies and languages.

  • Local bank integration: For businesses focusing on a specific market, integrating with a local bank may have advantages in terms of customer trust and, potentially, lower fees.

By considering these factors, you can select a payment gateway that aligns with your business objectives, provides the features you need and delivers a positive experience to your customers. Also note that the decision isn't permanent: as your business evolves, your choice of payment processing solutions might change.

How Stripe can help

Stripe's payment gateway solution provides top-tier security features, adaptable integration options and a user-friendly experience – catering to the specific needs of businesses and customers. Here are some of the main features that make Stripe's payment gateway such a strong option for businesses:

Security

  • Encryption
    Stripe employs both symmetric and asymmetric encryption, using industry-standard protocols such as SSL and Transport Layer Security (TLS) to ensure secure data transmission between customers' browsers, business websites and payment platforms. This robust encryption protects sensitive customer data and financial transactions from unauthorised access, tampering and theft.

  • Tokenisation
    Stripe's tokenization process replaces sensitive payment information with unique tokens, which have no intrinsic value if compromised. This significantly reduces the risk of unauthorised access and data breaches.

  • Authentication
    Stripe uses various authentication methods – including single-factor, two-factor and multifactor authentication – adding protection against unauthorised transactions.

  • Fraud detection and prevention
    Advanced techniques such as machine learning algorithms, behaviour analysis and risk scoring help identify and prevent fraudulent transactions.

  • PCI DSS compliance
    Adherence to PCI DSS ensures a secure environment for processing, storing and transmitting credit card information​​.

  • Uptime and reliability
    The payment gateway's high uptime and reliability are important for uninterrupted transaction processing. Downtime is minimal due to regular monitoring, redundancy measures and a robust infrastructure​​.

Integration

  • Integration flexibility
    Stripe provides multiple integration options to suit different business needs. These include no-code versions using the Stripe Dashboard and low-code offerings for businesses that want more control over payments.

  • Checkout and payment element
    Stripe Checkout allows businesses to add an embeddable payment form or a redirect to a Stripe-hosted checkout page. Stripe's Payment Element is a UI component for embedding into websites or apps, configurable through the API or the Dashboard.

  • Dynamic display of payment methods
    Stripe automatically displays the most relevant payment methods to customers based on currency, location and transaction-specific factors. This presentation enhances customer experience and conversion rates.

Ease of use

  • User-centric design
    The payment gateway is designed with user experience in mind, providing a simple, intuitive interface for both businesses and customers.

  • Customisable integration
    Businesses can customise how they want to integrate the gateway, depending on their specific requirements and technical capabilities.

  • Comprehensive support
    Stripe provides thorough documentation and support to help businesses refine their payment gateway setup and resolve any issues efficiently.

Learn more about Stripe's payments platform.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.
Payments

Payments

Accept payments online, in person, and around the world with a payments solution built for any business.

Payments docs

Find a guide to integrate Stripe's payments APIs.