What is a hosted payment gateway? A guide for businesses

Connect
Connect

The world’s most successful platforms and marketplaces, including Shopify and DoorDash, use Stripe Connect to embed payments into their products.

Learn more 
  1. Introduction
  2. What is a payment gateway?
  3. Types of payment gateways
  4. How do hosted payment gateways work?
  5. Advantages and disadvantages of hosted payment gateways
    1. Advantages
    2. Disadvantages
  6. Hosted payment gateways vs integrated payment gateways
    1. Integration and setup
    2. User experience
    3. Security and compliance
    4. Customisation and flexibility
    5. Cost implications
  7. How hosted payment gateways affect the customer experience
  8. Hosted payment gateway security features
  9. Stripe Checkout customisation options

A hosted payment gateway is a service in which the payment transaction process is conducted on the payment gateway provider's platform rather than on the business's website. Hosted payment gateways are popular with small to medium-sized businesses because they simplify payment processing and reduce the security burden associated with handling payment information. In 2022, hosted payment gateways accounted for more than 57% of global payment gateway market revenue.

Below, we'll cover what you need to know about hosted payment gateways, including how they work, their advantages and disadvantages, and how they affect the customer experience.

What's in this article?

  • What is a payment gateway?
  • Types of payment gateways
  • How do hosted payment gateways work?
  • Advantages and disadvantages of hosted payment gateways
  • Hosted payment gateways vs integrated payment gateways
  • How hosted payment gateways affect the customer experience
  • Hosted payment gateway security features
  • Stripe Checkout customisation options

What is a payment gateway?

A payment gateway is a technology that businesses use to accept online credit and debit card payments from customers. It is an interface between a business's website and its acquiring bank, enabling payment information to be transferred securely. When a customer makes a purchase online and enters their payment details, the payment gateway encrypts the data and sends it to the acquirer to process the transaction.

Types of payment gateways

Payment gateways fall into three main categories based on how they integrate with user interfaces and handle transactions. Each type of payment gateway has different levels of integration difficulty, security responsibilities and control over the payment process.

  • Hosted payment gateways: These gateways redirect the customer to the payment service provider's platform to enter their payment details. Once the transaction is complete, the customer is redirected back to the business's website. This method is popular because it offloads the responsibility of handling sensitive payment information to the payment gateway provider, potentially reducing the business's requirements for compliance with standards such as the Payment Card Industry Data Security Standard (PCI DSS).

  • Self-hosted payment gateways: Also known as integrated gateways, these gateways collect payment details on the business's website, then send the data to the payment gateway's URL. This method gives businesses more control over the user experience, but it increases their responsibility for ensuring payment data security.

  • API-hosted payment gateways: These gateways allow businesses to integrate the payment processing features directly into their website or app via the gateway's application programming interface (API). This method provides a simplified user experience, because customers do not need to leave the business's platform to complete the transaction. Like self-hosted gateways, this method requires the business to handle the payment data.

How do hosted payment gateways work?

Hosted payment gateways redirect the customer from the business's website to the gateway's platform to process the payment. Here's a step-by-step breakdown of the process.

  • Checkout initiation: When a customer decides to purchase an item and begins the checkout process on the business's website, they choose a payment method and are redirected to the payment gateway's platform.

  • Payment information input: The customer is taken to a page hosted by the payment gateway provider, where they are asked to enter their payment details, such as credit card or bank account information.

  • Data encryption: The payment gateway encrypts the customer's payment information to transmit it online securely. This encryption helps protect sensitive data from being intercepted by unauthorised parties.

  • Payment authorisation: The payment gateway sends the transaction details to the payment processor or bank associated with the customer's card or bank account. The processor checks the transaction details with the customer's bank to confirm that the account contains sufficient funds and that the details are correct.

  • Transaction result: The customer's bank sends a response to the payment gateway, indicating whether the transaction was approved or declined. Typically, this process takes place in seconds.

  • Purchase completion: After receiving the response, the payment gateway redirects the customer back to the business's website. The business displays a message to the customer, indicating whether the transaction was successful.

  • Settlement: If the transaction is approved, the funds are transferred from the customer's bank to the business's bank account. This process may take a few days, depending on the banks and payment processors involved.

  • Transaction records: The payment gateway provides the business with details of the transaction for its records, which can be used for reconciliation, refunds or customer service purposes.

Advantages and disadvantages of hosted payment gateways

Here's a rundown of the advantages and disadvantages of hosted payment gateways, from a technical and business perspective.

Advantages

  • Security and compliance: Hosted gateways handle the storage, encryption and transmission of payment data, reducing the business's burden in complying with PCI DSS requirements. The gateway's security can provide strong protection against data breaches and fraud.

  • Simplified integration: Implementing a hosted payment gateway typically requires less development effort compared with self-hosted or API-based solutions. Businesses can integrate them by means of a simple redirect, minimising the need for extensive back-end payment processing infrastructure.

  • Infrastructure costs: As the payment gateway provider manages the technical and security aspects of payment processing, businesses can save on the costs associated with maintaining a secure, compliant payment infrastructure. This allows businesses to allocate resources to other growth-focused areas, such as product development, marketing and customer service.

  • Outsourced payment processing: By outsourcing the payment process to the gateway, businesses can use the provider's advanced features, such as fraud detection, risk management and global payment capabilities, without needing to develop these systems in-house.

  • Market expansion: Often, hosted payment gateways are capable of supporting multiple currencies and payment methods, including credit cards, digital wallets and local payment options. This flexibility breaks down geographical and logistical barriers to market entry and expansion, enabling businesses to support a global audience.

  • Data insights: Hosted payment gateways offer analytics and reporting tools that provide valuable insights into customer purchasing behaviour, payment trends and transaction success rates. Businesses can use this data to make informed decisions, optimise their sales strategies, and improve their products or services.

  • Scalability: As businesses grow, their payment processing needs can become more complex. Hosted payment gateways are designed to grow alongside businesses, with features such as chargeback management and support for increased transaction volumes without the need for major infrastructure changes.

  • Faster go-to-market: For new businesses or those looking to enter online markets quickly, hosted payment gateways provide a fast track to accepting online payments. Businesses can capitalise on market opportunities more quickly than if they had to develop their own payment processing infrastructure.

Disadvantages

  • User experience: Redirection can disrupt the shopping experience, potentially leading to higher basket abandonment rates. While some customisation is possible, businesses are limited in how much they can modify the checkout process to meet their user experience goals.

  • Third-party dependence: Businesses are reliant on the gateway's availability and performance. Any downtime or performance issues with the gateway can directly affect sales and customer satisfaction.

  • Ongoing fee structure: While hosted gateways reduce the need for in-house payment infrastructure, they come with their own costs. These may include transaction fees, monthly fees or setup fees. The cost-effectiveness depends on the business's sales volume and transaction sizes.

Hosted payment gateways vs integrated payment gateways

The choice between hosted and integrated payment gateways depends on the specific needs and resources of a business.

Hosted gateways offer businesses simplicity and security, with minimal technical overheads. They are suitable for businesses seeking an easy-to-implement solution, reduced compliance requirements and a quick way to start accepting online payments without a big investment. They are particularly beneficial for smaller businesses or those with less technical expertise.

Integrated gateways can provide a positive user experience and more customisation options. They may be a preferred option for businesses that prioritise brand consistency and customer experience, and that have the technical resources to handle greater security and compliance responsibilities. Integrated gateways give businesses complete control over the payment process, creating a cohesive brand experience.

Ultimately, the choice between these two options depends on a business's strategic goals, technical capacity, customer experience priorities and budget constraints.

Here's a detailed comparison of hosted versus integrated payment gateways:

Integration and setup

  • Hosted payment gateways

    • Businesses redirect customers to the payment gateway's platform for payment processing.
    • Integration typically involves adding a redirect link or button on the checkout page.
    • Hosted solutions require less technical expertise for implementation compared to integrated solutions.
  • Integrated payment gateways

    • Payment processing occurs within the business's own website or application environment.
    • API integration is required.
    • Integrated solutions demand more technical resources and expertise to implement and maintain.

User experience

  • Hosted payment gateways

    • Users are taken to a different environment for payment, which can cause a break in the user experience.
    • Payment interfaces are generally standardised and familiar to users.
    • Customisation of the payment page may be limited, based on the gateway provider's offerings.
  • Integrated payment gateways

    • Customers do not leave the business's website.
    • Businesses have full control over the checkout design, allowing for a consistent brand experience.
    • Integrated solutions require extensive front-end development.

Security and compliance

  • Hosted payment gateways

    • Hosted solutions offer a higher level of security, as payment information is processed and stored on the gateway's servers.
    • There are reduced PCI DSS compliance burdens.
    • The gateway provider is responsible for securing the payment process and data.
  • Integrated payment gateways

    • Businesses are responsible for securing the payment data transmitted through their systems.
    • There are higher PCI DSS compliance requirements.
    • Integrated solutions require strong security measures including data encryption and secure data-handling practices.

Customisation and flexibility

  • Hosted payment gateways

    • There are limited customisation options for the payment process and interface.
    • They may not support all desired payment methods or currencies.
  • Integrated payment gateways

    • There is a high level of customisation, allowing businesses to tailor the payment experience to their specific needs.
    • They can integrate a variety of payment methods and support multiple currencies, depending on the gateway's API.

Cost implications

  • Hosted payment gateways

    • There are lower up-front costs due to limited development needs.
    • Hosted solutions involve more ongoing costs, with fees per transaction or monthly service charges.
  • Integrated payment gateways

    • There are higher initial development costs due to API integration and security compliance needs.
    • Integrated solutions involve long-term costs that vary based on transaction fees, API usage, and the need for ongoing security and compliance management.

How hosted payment gateways affect the customer experience

Hosted payment gateways affect the customer experience in several ways. These include:

  • Disruption of the checkout process: Hosted gateways redirect customers to an external website for payment processing, which can create a break in the shopping experience. While some customers may not mind the redirection, especially if they recognise and trust the payment platform, others may find it disruptive or confusing – potentially leading to basket abandonment. There are also limitations on the ability to fully customise the payment page, which can detract from a unified brand experience and make it harder for businesses to create a cohesive and immersive shopping journey.

  • Trusted and familiar payment interfaces: Customers may feel more secure when they are redirected to a well-known, reputable payment platform. This trust can enhance the customer's overall perception of the shopping experience, particularly for new or smaller businesses. The familiarity of these platforms also means that customers may already be accustomed to navigating them, which reduces the learning curve and makes the payment process more intuitive.

  • Unreliable transaction speeds: The speed of the payment process on hosted platforms can vary. Any latency or inefficiency in the gateway's system can affect the speed of transaction processing, ultimately having an impact on customer satisfaction.

  • Customer support and resolution: In the event of transaction issues or refunds, customers might have to contact both the business and the payment gateway for resolution, which can complicate the customer service experience.

Hosted payment gateway security features

Hosted payment gateway solutions have several security features that protect transaction data, reduce fraud and ensure compliance with industry standards. These features help maintain customer trust and safeguard business reputation. Here are some key security features typically associated with hosted payment gateway solutions.

  • Encryption: Hosted payment gateways use encryption to protect data transmitted between the customer, the business and the payment processor. Encryption converts sensitive information, such as credit card numbers, into a secure format that can only be decrypted by authorised parties.

  • Secure Sockets Layer (SSL) and Transport Layer Security (TLS): These protocols establish an encrypted link between a web server and a browser, keeping all data passed between the customer and the payment gateway private.

  • Tokenisation: The tokenisation process replaces sensitive payment data with a unique identifier or token that has no exploitable value. Even if a token is intercepted, it cannot be used to retrieve the original payment details, which adds an extra layer of security to the transaction process.

  • PCI DSS compliance: Hosted payment solutions adhere to the Payment Card Industry Data Security Standard (PCI DSS) – a set of requirements governing how businesses are required to process, store or transmit credit card information.

  • Fraud detection and prevention: Many hosted payment gateways include tools for detecting and preventing fraudulent transactions, such as by analysing velocity patterns, geolocation and behavioural factors to identify and block suspicious activities.

  • 3D Secure: This is an additional authentication step for online payments that asks customers to enter a password or a code sent to their phone, adding an extra layer of security to confirm that the person making the purchase is the real cardholder.

  • Regular security audits: Hosted payment solutions often undergo regular security audits to confirm compliance with the latest security standards and regulations. These audits help identify potential vulnerabilities and ensure that the gateway's security measures are kept up to date.

  • Data redundancy and backup: Reliable hosted payment solutions have systems in place for data backup and recovery to protect against data loss in the event of system failures or cyberattacks.

Stripe Checkout customisation options

Stripe Checkout, Stripe's hosted payment gateway, provides several customisation options for businesses to create a more branded and unified payment experience for their customers. If you require more customisation than Stripe Checkout can accommodate, Stripe Elements provides a set of building blocks for creating a more customised checkout form while still using Stripe's processing back end and security features.

Here's an overview of the customisation features available with Stripe Checkout:

  • Branding: Stripe Checkout allows you to customise the appearance of the checkout interface to align with your brand. This includes adding your logo, choosing brand colours, and customising button and text styles to create a consistent look and feel across the shopping experience.

  • Localisation: Stripe Checkout supports automatic localisation, meaning that it detects the customer's location and language preferences to present the checkout page in the most relevant language and format. This feature creates a better user experience for global customers.

  • Product and pricing details: You can configure Stripe Checkout to display specific product information, such as names, descriptions and prices, giving customers a clear understanding of what they are purchasing.

  • Payment methods: Stripe supports a wide range of payment methods, including credit cards, digital wallets (such as Apple Pay and Google Pay) and local payment methods. You can customise the options available to your customers based on their location or your business preferences.

  • Success and cancel URLs: Once a transaction has been completed, you can redirect customers to a specific URL based on the outcome, such as a "thank you" page if the payment is successful or a "try again" page if the payment fails. This provides a more guided customer experience.

  • Subscription and recurring payments: Stripe Checkout supports subscription and recurring billing models, and businesses can customise it to allow customers to set up and manage subscription plans and intervals.

  • Coupons and discounts: You can integrate coupon or discount code functionality into the Stripe Checkout interface, allowing customers to apply discounts to their purchases.

  • Customised fields: Stripe Checkout has some options to include customised fields or notes, although these features are more limited compared with a fully integrated payment form.

While Stripe Checkout has a range of customisation options, businesses with more extensive customisation needs may want to consider using Stripe's APIs.

The content in this article is for general information and education purposes only and should not be construed as legal or tax advice. Stripe does not warrant or guarantee the accuracy, completeness, adequacy, or currency of the information in the article. You should seek the advice of a competent lawyer or accountant licensed to practise in your jurisdiction for advice on your particular situation.

Ready to get started?

Create an account and start accepting payments – no contracts or banking details required. Or, contact us to design a custom package for your business.
Connect

Connect

Go live in weeks instead of quarters, build a profitable payment business, and scale with ease.

Connect docs

Learn how to route payments between multiple parties.