The market value of global e-commerce sales is projected to grow to US$6.35Â trillion by 2027. As customers increasingly prefer digital transactions, businesses that fail to adapt risk being left behind, losing potential customers and revenue to competitors.
Online payment experiences can affect how many transactions are completed successfully by customers. In a survey of online shoppers, 18% of abandoned baskets were attributed to an inefficient or cumbersome checkout process. And as e-commerce grows, cybercrime related to online payments is also rising. Businesses need to address both issues by creating a simple and efficient online payment experience for customers, which is also highly secure and equipped to combat evolving fraud attempts.
Payment gateways play a key role in achieving this complex and important goal. Below, we discuss what businesses need to know about what payment gateways are, how they work, their pivotal role in e-commerce and how they operate in a broader payment processing system.
What's in this article?
- What are payment gateways?
- What does a payment gateway do?
- What's the difference between a payment gateway and a payment terminal?
- What's the difference between a payment gateway and a payment processor?
- How does a payment gateway work?
What are payment gateways?
A payment gateway is a technology platform that acts as an intermediary in electronic financial transactions. It enables in-person and online businesses to accept, process and manage various payment methods – such as credit cards, debit cards and digital wallets – in a secure and efficient manner. The payment gateway bridges the gap between the customer, the business, and their respective financial institutions in one platform, typically charging a fee every time a transaction is processed.
What does a payment gateway do?
A payment gateway performs several important functions to ensure that payments are secure, efficient and accurate:
Encryption
When a customer submits their payment information during online checkout, the payment gateway encrypts the data. This protects it from unauthorised access or theft while it is transmitted between the customer's device, the business's server and the financial institutions.Connection with payment processor
The payment gateway connects a business's customer-facing checkout and the payment processing provider.Authorisation
The payment gateway forwards the encrypted transaction data to the business's acquiring bank, which then sends the information to the customer's issuing bank or the relevant payment processor. The issuing bank or payment processor verifies the transaction details, including the customer's account balance and the validity of the payment method, before approving or declining the transaction. The payment gateway receives the response and sends it back to the business.Data collection and reporting
Payment gateways often provide businesses with valuable data that can help them analyse and manage their transactions. This may include transaction history, refund management and other data points to help businesses identify trends and improve their payment operations.Fraud detection and prevention
To minimise the risk of fraudulent transactions, payment gateways use advanced security measures, such as fraud-detection algorithms, address verification systems (AVS) and card verification value (CVV) checks. These measures help identify and block potentially fraudulent transactions before they can be processed.
What's the difference between a payment gateway and a payment terminal?
Payment gateways and payment terminals both facilitate payment processing, but they cater to different environments and transaction methods. Here are the primary differences between the two:
Transaction environment
Payment gateway: a payment gateway is primarily designed for online transactions, mainly catering to e-commerce websites, mobile applications and other digital platforms.
Payment terminal: also known as a point-of-sale (POS) terminal or credit card terminal, a payment terminal is a physical device used in brick-and-mortar shops, restaurants and other in-person retail environments. It allows customers to make payments using credit cards, debit cards or contactless payment methods, such as smartphones with near-field communication (NFC) technology.
While payment gateways are typically used for online transactions, they can also be integrated with in-person transaction systems, depending on the provider and their offerings. In such cases, payment gateways can facilitate electronic transactions in physical retail environments.
Payment processing
Payment gateway: the payment gateway serves as an intermediary between the customer, the business and their respective financial institutions during an online transaction. It encrypts sensitive data, facilitates transaction authorisation and streamlines funds settlement.
Payment terminal: a payment terminal mostly does the same job as a payment gateway, but it supports in-person rather than online transactions. It reads the customer's payment card or contactless payment device, communicates with the relevant financial institutions for transaction authorisation and prints receipts. It connects to the business's acquiring bank or payment processor through a phone line, internet connection or mobile network.
Security measures
Payment gateway: to ensure the security of online transactions, payment gateways employ encryption protocols, such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS), fraud-detection algorithms, AVS and CVV checks.
Payment terminal: in the same way as payment gateways, terminals use security measures – such as the encryption of card data and compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements – while also supporting security measures for card-present transactions, such as EMV chip technology.
Integration
Payment gateway: integrating a payment gateway into an e-commerce platform, website or mobile app typically requires technical knowledge and the use of APIs or pre-built plugins.
Payment terminal: setting up a payment terminal is usually a more straightforward process, involving the physical installation of the device and connection to the business's POS system, internet or phone line.
What's the difference between a payment gateway and a payment processor?
Payment gateways and payment processors are two key components of electronic financial transactions, particularly in e-commerce – but they serve different functions. Here's an explanation of their differences:
Payment gateway
Role: A payment gateway acts as an intermediary between the customer, the business and their respective financial institutions during an online transaction. It transmits sensitive payment information securely and facilitates transaction authorisation.
Main functions: The payment gateway encrypts transaction data, forwards it to the business's acquiring bank or payment processor, receives the transaction approval or decline response, and communicates the transaction status to the business's website or app.
Security: Payment gateways employ security measures to prevent fraudulent transactions and protect payment data as it enters the business's payments system. Payment gateways do this by using measures such as encryption protocols (SSL or TLS) and fraud-detection algorithms, as well as AVS and CVV checks, to protect sensitive data and prevent fraudulent transactions.
Integration: Payment gateways typically integrate with e-commerce platforms, websites or mobile apps using APIs or prebuilt plugins.
Payment processor
Role: A payment processor, sometimes referred to as a merchant services provider, is a business that handles the processing of the transaction. This includes the authorisation and settlement of funds between the customer's issuing bank, the business's acquiring bank and the relevant payment networks (e.g. Visa, Mastercard).
Main functions: The payment processor verifies the transaction details, checks the customer's account balance and the validity of the payment method, approves or declines the transaction, and facilitates the funds transfer between the customer's and the business's accounts during the settlement process.
Security: While payment gateways focus more on verifying transactions and preventing payment fraud at the point of sale, payment processors employ security measures to uphold the highest standards of protection for payment data. Payment processors must comply with PCI DSS requirements, which ensure the secure handling and storage of cardholder information.
Relationship with the business: Payment processors often have a direct contractual relationship with the business that includes providing it with a merchant account. This type of bank account allows businesses to accept and process electronic payments.
A payment gateway is a tool that securely transmits and facilitates the authorisation of online transactions, while a payment processor is a business that partners with merchants to handle the processing, including the authorisation and settlement of funds between the involved parties. For example, PayPal is a payment processor but not a payment gateway. Both components work together to ensure smooth, secure and efficient electronic financial transactions.
How does a payment gateway work?
Here is a step-by-step explanation of how a payment gateway operates during an online transaction:
1. Transaction initiation
The customer selects the products or services they wish to purchase on the business's site or app and proceeds to the checkout page. They enter their payment information, such as credit card details or digital wallet credentials.
2. Payment data encryption
Once the customer has submitted their payment information, the payment gateway encrypts the data using SSL or TLS protocols. This encryption ensures that sensitive information is protected from unauthorised access or theft during transmission.
3. Data transmission to the business's server
The encrypted payment information is then sent to the business's server, which securely stores and forwards the data to the payment gateway for further processing.
4. Forwarding transaction details
The payment gateway receives the encrypted transaction data from the business's server and forwards it to the business's payment processor and acquiring bank, which is the financial institution responsible for processing the payment on behalf of the business.
5. Transaction verification
The acquiring bank routes the transaction data to the customer's issuing bank or the appropriate payment processor for authorisation. The issuing bank or payment processor verifies the transaction details, including the customer's account balance and the validity of the payment method.
6. Transaction approval or decline
Based on the verification, the issuing bank or payment processor approves or declines the transaction. This response is sent back through the acquiring bank and payment gateway to the business's server.
7. Communication of transaction status
The payment gateway sends the transaction status (approved or declined) to the business's website or app, which then displays the appropriate message to the customer. If the transaction is approved, the business proceeds with order fulfilment. If declined, the customer is informed and may be prompted to try an alternative payment method.
Payment gateways facilitate and secure the online transaction process by encrypting data, obtaining transaction authorisation, settling funds and providing reporting tools to the business.
The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.