Payment gateways are technology platforms that authenticate and process financial transactions for online businesses. They are an intermediary between a business’s website and the financial institutions involved in the transaction. As global ecommerce revenue is projected to exceed $3 trillion in 2023, reliable payment gateways will continue to play an important role in this sector.
Payment gateways operate by verifying customer payment details, ensuring adequate funds are available and enabling businesses to receive the money. They also incorporate security measures to prevent fraud. This includes encrypting sensitive data—such as credit card numbers—to securely transmit information between the customer, the business, and the payment processor.
Below, we’ll cover what businesses need to know about payment gateways, including how they work, the various types that exist, and how these types of gateways compare. We’ll also explain how to select a payment gateway to serve the unique needs of your business and your customers, including how and where you accept payments and the payment methods your customers prefer.
What’s in this article?
- How do payment gateways work?
- Types of payment gateways
- How different types of payment gateways compare
- How to choose the right payment gateway for your business
- How Stripe can help
How do payment gateways work?
Collection: When a customer places an order from an online store, they enter their payment details on the website’s checkout page.
Encryption: The gateway encrypts the data collected from the customer’s browser, which keeps the transaction details confidential.
Authorization request: The payment gateway forwards the encrypted data from the website to the business’s server via Secure Sockets Layer (SSL) connection. The payment gateway then sends a transaction request to the payment processor associated with the business’s acquiring bank.
Processing: The payment processor receives the request and passes it to the card network (e.g., Visa, Mastercard). The card network routes the transaction to the issuing bank (the bank that issued the customer’s card) to request transaction authorization.
Authorization response: The issuing bank receives the request, verifies the transaction validity, and confirms if the customer has sufficient funds or credit. It then sends back an approval or denial response to the payment processor.
Communication of transaction status: The processor forwards the authorization response back to the payment gateway. If approved, the business fulfills the order, and the gateway tells the website to proceed with completing the transaction.
Settlement: After authorization, the payment processor transfers the funds from the issuing bank to the merchant account, a process known as settlement. This usually occurs on a scheduled basis—not immediately with each transaction.
Types of payment gateways
There are several types of payment gateways, and each is suitable for different business needs. These types include:
These are provided by third-party services. When customers make a payment, they are redirected to the payment service provider’s platform, where they enter their payment details and complete the transaction. After the payment is processed, customers are sent back to the business’s website. These gateways are typically easy to integrate and have strong security, as the data is processed on the provider’s servers. However, businesses have less control over the customer experience since the payment process occurs off-site.
With these gateways, the transaction data is collected on the business’s own website. Businesses have full control over the checkout process and customer experience. Because businesses host this type of gateway, they are also required to handle payment data securely and to comply with data protection standards such as the Payment Card Industry Data Security Standard (PCI DSS). Businesses that choose this option typically want a fully customized payment experience and are capable of managing the accompanying security responsibilities.
These provide a simple checkout process directly on the business’s website or app. The payment details are collected via an application programming interface (API). This option provides a smooth and integrated customer experience, but it requires the business to have a secure cardholder data environment to meet data protection standards.
Local bank integration
This type of payment gateway connects directly with the bank’s own payment system. This can be particularly useful for businesses that are targeting customers in a specific region or country, where the local bank is a trusted and familiar entity. The effectiveness of local bank integration largely depends on a given bank’s technology and the level of support it can provide for online transactions.
How different types of payment gateways compare
When comparing different types of payment gateways, assess how each performs in relation to key business needs. Then weigh any trade-offs and select the payment gateway that aligns with your business’s operational capabilities, financial considerations, and customer experience goals. Here’s an overview of how different types of payment gateways perform in a few key areas:
Self-hosted gateways: This type requires substantial technical expertise for initial setup and integration, as the business must manage the payment interface and data capture.
API-hosted gateways: These also require technical know-how for integration, especially for API calls and handling responses within the business’s own application.
Local bank integration: Ease of integration with this type can vary greatly, and it is often dependent on the bank’s technology infrastructure. Some banks may offer plug-and-play modules, while others may require more complex efforts.
Pricing and fees
Hosted gateways: These generally charge per transaction, often with no initial setup fee, making them cost-effective for smaller businesses or those with sporadic sales.
Self-hosted gateways: This type may involve higher initial setup costs, including buying software, and ongoing expenses for compliance and security updates.
API-hosted gateways: Pricing models for these can range from per-transaction fees to monthly charges, with some gateways offering tiered pricing based on transaction volume.
Local bank integration: Costs for this type can include setup fees, monthly service charges, and transaction fees. These might be negotiable based on business size and transaction volume, but that will depend on individual banks’ policies.
Hosted gateways: These can contribute to slower transaction times due to redirecting customers to an external website.
Self-hosted gateways: Speed for this type is highly dependent on the business’s server and infrastructure, which can be optimized for faster processing.
API-hosted gateways: These typically enable quick processing since payments are conducted on the business’s website or app, allowing for real-time transactions.
Local bank integration: Speed for this type depends on the bank’s processing times, which may not be as fast as other gateways that are optimized specifically for quick transaction processing.
Hosted gateways: These generally provide strong security and compliance due to the provider’s secure servers, removing much of the security burden from the business.
Self-hosted gateways: This type places the responsibility of maintaining a secure and compliant environment entirely on the business, requiring it to invest in security measures.
API-hosted gateways: Security is a shared responsibility for these. Businesses need to secure the transaction data on their end, while the gateway provides secure endpoints through its API.
Local bank integration: Like hosted gateways, these take much of the responsibility off of the business by providing robust security through the local banking partner.
Hosted gateways: The redirect with these can disrupt the shopping experience, potentially impacting conversion rates. However, hosted gateways often provide a familiar checkout process that customers trust.
Self-hosted gateways: This type allows for a fully customized and streamlined checkout experience, keeping customers on the business’s website throughout the transaction.
API-hosted gateways: With the ability to customize the look and feel to match the business’s branding, these provide a smooth and integrated payment experience.
Local bank integration: Customers may find this gateway type particularly trustworthy due to the bank’s reputation, but it can be less customizable compared to other types.
How to choose the right payment gateway for your business
Like any other aspect of your payments infrastructure, choosing the right payment gateway for your business requires analyzing your specific needs, operational capabilities, and customer expectations. Here’s how to make an informed decision:
Assess your business model and volume
Startup or small business: If you’re just starting out or have a low volume of transactions, a hosted gateway might be the most practical. It’s usually quick to set up and requires less maintenance, allowing you to focus on growing your business.
Growing business with increasing transactions: As your transaction volume increases, consider an API-hosted gateway. This can offer a better customer experience and potentially lower costs per transaction.
Large or established business: For businesses with a high volume of transactions and the need for a custom payment experience, a self-hosted gateway may be the best fit. It provides control and can be optimized for your specific needs.
Consider technical capabilities
Limited technical resources: If you’re working with a small team, choose a hosted gateway that manages most of the technical complexities for you.
Technical team on board: If you have a dedicated technical team, an API-hosted or self-hosted gateway could be managed in-house, giving you greater control over the transaction process.
Evaluate the total cost of ownership
Consider long-term costs: A gateway with no setup fee but higher transaction costs could be more expensive over time, especially as your sales volume grows.
Prioritize security and compliance
Data protection standards: Ensure the gateway is compliant with the necessary security standards, such as PCI DSS, to protect customer data.
Security infrastructure: If you lack the infrastructure to securely handle payment data, a hosted or API-hosted gateway that provides strong security features is a better idea.
Understand integration with your payment environment
Compatibility with current systems: Your gateway should integrate well with your current website, accounting software, and other systems.
Focus on customer experience
Simple checkout process: A payment gateway should provide a smooth checkout experience to help maximize conversion rates.
Customization: An API-hosted or self-hosted gateway typically allows for greater customization to match your brand and design a user-friendly interface.
Review global and local capabilities
Currency and language support: If you serve an international market, look for a gateway that supports multiple currencies and languages.
Local bank integration: For businesses focusing on a specific market, integrating with a local bank may have advantages in terms of customer trust and, potentially, lower fees.
By considering these factors, you can select a payment gateway that aligns with your business objectives, provides the features you need, and delivers a positive experience to your customers. Also note that the decision isn’t permanent: as your business evolves, your choice of payment processing solutions might change.
How Stripe can help
Stripe’s payment gateway solution provides top-tier security features, adaptable integration options, and a user-friendly experience—catering to the specific needs of businesses and customers. Here are some of the main features that make Stripe’s payment gateway such a strong option for businesses:
Stripe employs both symmetric and asymmetric encryption, using industry-standard protocols such as SSL and Transport Layer Security (TLS) to ensure secure data transmission between customers’ browsers, business websites, and payment platforms. This robust encryption protects sensitive customer data and financial transactions from unauthorized access, tampering, and theft.
Stripe’s tokenization process replaces sensitive payment information with unique tokens, which have no intrinsic value if compromised. This significantly reduces the risk of unauthorized access and data breaches.
Stripe uses various authentication methods—including single-factor, two-factor, and multifactor authentication—adding protection against unauthorized transactions.
PCI DSS compliance
Adherence to PCI DSS ensures a secure environment for processing, storing, and transmitting credit card information.
Uptime and reliability
The payment gateway’s high uptime and reliability are important for uninterrupted transaction processing. Downtime is minimal due to regular monitoring, redundancy measures, and a robust infrastructure.
Stripe provides multiple integration options to suit different business needs. These include no-code versions using the Stripe Dashboard and low-code offerings for businesses that want more control over payments.
Checkout and payment element
Stripe Checkout allows businesses to add an embeddable payment form or a redirect to a Stripe-hosted checkout page. Stripe’s Payment Element is a UI component for embedding into websites or apps, configurable through the API or the Dashboard.
Dynamic display of payment methods
Stripe automatically displays the most relevant payment methods to customers based on currency, location, and transaction-specific factors. This presentation enhances customer experience and conversion rates.
Ease of use
The payment gateway is designed with user experience in mind, providing a simple, intuitive interface for both businesses and customers.
Businesses can customize how they want to integrate the gateway, depending on their specific requirements and technical capabilities.
Stripe provides thorough documentation and support to help businesses refine their payment gateway setup and resolve any issues efficiently.
Learn more about Stripe’s payments platform.