Payment gateways 101: What they are and the role they play in payment processing

Payments
Payments

Accept payments online, in person, and around the world with a payments solution built for any business—from scaling startups to global enterprises.

Learn more 
  1. Inleiding
  2. What are payment gateways?
  3. What does a payment gateway do?
  4. What’s the difference between a payment gateway and a payment terminal?
    1. Transaction environment
    2. Payment processing
    3. Security measures
    4. Integration
  5. What’s the difference between a payment gateway and a payment processor?
    1. Payment gateway
    2. Payment processor
  6. How does a payment gateway work?

The market value of global ecommerce sales is projected to grow to $6.35 trillion by 2027. As customers increasingly prefer digital transactions, businesses that fail to adapt risk being left behind, losing potential customers and revenue to competitors.

Online payment experiences can affect how many transactions are successfully completed by customers. In a survey of online shoppers, 18% of abandoned carts were attributed to an inefficient or cumbersome checkout process. And as ecommerce grows, cybercrime related to online payments is also rising. Businesses need to address both issues by creating a simple, efficient online payment experience for customers that’s also highly secure and equipped to combat evolving fraud attempts.

Payment gateways play a key role in achieving this complex and important goal. Below, we discuss what businesses need to know about what payment gateways are, how they work, their pivotal role in ecommerce, and how they operate in a broader payment processing system.

What’s in this article?

  • What are payment gateways?
  • What does a payment gateway do?
  • What’s the difference between a payment gateway and a payment terminal?
  • What’s the difference between a payment gateway and a payment processor?
  • How does a payment gateway work?

What are payment gateways?

A payment gateway is a technology platform that acts as an intermediary in electronic financial transactions. It enables in-person and online businesses to accept, process, and manage various payment methods—such as credit cards, debit cards, and digital wallets—in a secure and efficient manner. The payment gateway bridges the gap between the customer, the business, and their respective financial institutions in one platform, typically charging a fee every time a transaction is processed.

What does a payment gateway do?

A payment gateway performs several important functions to ensure that payments are secure, efficient, and accurate:

  • Encryption
    When a customer submits their payment information during online checkout, the payment gateway encrypts the data. This protects it from unauthorized access or theft while it is transmitted between the customer’s device, the business’s server, and the financial institutions.

  • Connection with payment processor
    The payment gateway connects a business’s customer-facing checkout and the payment processing provider.

  • Authorization
    The payment gateway forwards the encrypted transaction data to the business’s acquiring bank, which then sends the information to the customer’s issuing bank or the relevant payment processor. The issuing bank or payment processor verifies the transaction details, including the customer’s account balance and the validity of the payment method, before approving or declining the transaction. The payment gateway receives the response and sends it back to the business.

  • Data collection and reporting
    Payment gateways often provide businesses with valuable data that can help them analyze and manage their transactions. This may include transaction history, refund management, and other data points to help businesses identify trends and improve their payment operations.

  • Fraud detection and prevention
    To minimize the risk of fraudulent transactions, payment gateways use advanced security measures such as fraud detection algorithms, address verification systems (AVS), and card verification value (CVV) checks. These measures help identify and block potentially fraudulent transactions before they can be processed.

What’s the difference between a payment gateway and a payment terminal?

Payment gateways and payment terminals both facilitate payment processing, but they cater to different environments and transaction methods. Here are the primary differences between the two:

Transaction environment

  • Payment gateway: A payment gateway is primarily designed for online transactions, mainly catering to ecommerce websites, mobile applications, and other digital platforms.

  • Payment terminal: Also known as a point-of-sale (POS) terminal or credit card terminal, a payment terminal is a physical device used in brick-and-mortar stores, restaurants, and other in-person retail environments. It allows customers to make payments using credit cards, debit cards, or contactless payment methods such as smartphones with near-field communication (NFC) technology.

While payment gateways are typically used for online transactions, they can also be integrated with in-person transaction systems, depending on the provider and their offerings. In such cases, payment gateways can facilitate electronic transactions in physical retail environments.

Payment processing

  • Payment gateway: The payment gateway serves as an intermediary between the customer, the business, and their respective financial institutions during an online transaction. It encrypts sensitive data, facilitates transaction authorization, and streamlines funds settlement.

  • Payment terminal: A payment terminal mostly does the same job as a payment gateway, but it supports in-person rather than online transactions. It reads the customer’s payment card or contactless payment device, communicates with the relevant financial institutions for transaction authorization, and prints receipts. It connects to the business’s acquiring bank or payment processor through a phone line, internet connection, or mobile network.

Security measures

  • Payment gateway: To ensure the security of online transactions, payment gateways employ encryption protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS), fraud detection algorithms, AVS, and CVV checks.

  • Payment terminal: Like payment gateways, terminals use security measures such as encryption of card data and compliance with Payment Card Industry Data Security Standard (PCI DSS) requirements—while also supporting security measures for card-present transactions, such as EMV chip technology.

Integration

  • Payment gateway: Integrating a payment gateway into an ecommerce platform, website, or mobile app typically requires technical knowledge and the use of APIs or prebuilt plugins.

  • Payment terminal: Setting up a payment terminal is usually a more straightforward process, involving physical installation of the device and connection to the business’s POS system, internet, or phone line.

What’s the difference between a payment gateway and a payment processor?

Payment gateways and payment processors are two key components of electronic financial transactions, particularly in ecommerce—but they serve different functions. Here’s an explanation of their differences:

Payment gateway

  • Role: A payment gateway acts as an intermediary between the customer, the business, and their respective financial institutions during an online transaction. It securely transmits sensitive payment information and facilitates transaction authorization.

  • Main functions: The payment gateway encrypts transaction data, forwards it to the business’s acquiring bank or payment processor, receives the transaction approval or decline response, and communicates the transaction status to the business’s website or app.

  • Security: Payment gateways employ security measures to prevent fraudulent transactions and protect payment data as it enters the business’s payments system. Payment gateways do this using measures such as encryption protocols (SSL or TLS), fraud detection algorithms, AVS, and CVV checks to protect sensitive data and prevent fraudulent transactions.

  • Integration: Payment gateways typically integrate with ecommerce platforms, websites, or mobile apps using APIs or prebuilt plugins.

Payment processor

  • Role: A payment processor, sometimes referred to as a merchant services provider, is a business that handles the processing of the transaction. This includes the authorization and settlement of funds between the customer’s issuing bank, the business’s acquiring bank, and the relevant payment networks (e.g., Visa, Mastercard).

  • Main functions: The payment processor verifies the transaction details, checks the customer’s account balance and the validity of the payment method, approves or declines the transaction, and facilitates the funds transfer between the customer’s and the business’s accounts during the settlement process.

  • Security: While payment gateways focus more on verifying transactions and preventing payment fraud at the point of sale, payment processors employ security measures to uphold the highest standards of protection for payment data. Payment processors must comply with PCI DSS requirements, which ensure the secure handling and storage of cardholder information.

  • Relationship with the business: Payment processors often have a direct contractual relationship with the business that includes providing it with a merchant account. This type of bank account allows businesses to accept and process electronic payments.

A payment gateway is a tool that securely transmits and facilitates the authorization of online transactions, while a payment processor is a business that partners with merchants to handle the processing, including the authorization and settlement of funds between the involved parties. For example, PayPal is a payment processor but not a payment gateway. Both components work together to ensure smooth, secure, and efficient electronic financial transactions.

How does a payment gateway work?

Here is a step-by-step explanation of how a payment gateway operates during an online transaction:

1. Transaction initiation
The customer selects the products or services they wish to purchase on the business’s site or app and proceeds to the checkout page. They enter their payment information, such as credit card details or digital wallet credentials.

2. Payment data encryption
Once the customer submits their payment information, the payment gateway encrypts the data using SSL or TLS protocols. This encryption ensures that sensitive information is protected from unauthorized access or theft during transmission.

3. Data transmission to the business’s server
The encrypted payment information is then sent to the business’s server, which securely stores and forwards the data to the payment gateway for further processing.

4. Forwarding transaction details
The payment gateway receives the encrypted transaction data from the business’s server and forwards it to the business’s payment processor and acquiring bank, which is the financial institution responsible for processing the payment on behalf of the business.

5. Transaction verification
The acquiring bank routes the transaction data to the customer’s issuing bank or the appropriate payment processor for authorization. The issuing bank or payment processor verifies the transaction details, including the customer’s account balance and the validity of the payment method.

6. Transaction approval or decline
Based on the verification, the issuing bank or payment processor approves or declines the transaction. This response is sent back through the acquiring bank and payment gateway to the business’s server.

7. Communication of transaction status
The payment gateway sends the transaction status (approved or declined) to the business’s website or app, which then displays the appropriate message to the customer. If the transaction is approved, the business proceeds with order fulfillment. If declined, the customer is informed and may be prompted to try an alternative payment method.

Payment gateways facilitate and secure the online transaction process by encrypting data, obtaining transaction authorization, settling funds, and providing reporting tools to the business.

Klaar om aan de slag te gaan?

Maak een account en begin direct met het ontvangen van betalingen. Contracten of bankgegevens zijn niet vereist. Je kunt ook contact met ons opnemen om een pakket op maat voor je onderneming samen te stellen.