A payment gateway is the technology that captures and transfers payment data from a customer to an acquiring bank — and returns a transaction result (approved or declined) back to the merchant. Every time you enter card details on a website, tap your phone at a terminal, or pay over the phone, a payment gateway is handling that data securely behind the scenes.
Payment gateways are essential infrastructure for any business accepting digital payments. They encrypt sensitive card data, route it to the right processor, and ensure the transaction meets security standards like PCI DSS before money moves between accounts.
This guide explains how payment gateways work, the different types available, what they cost, and how to choose one for your business.
How Does a Payment Gateway Work?
A payment gateway operates in the background every time a digital payment is made. Here is the step-by-step flow:
Customer initiates payment. The buyer enters their card details on a checkout page, taps a contactless terminal, or provides card information over the phone.
Gateway encrypts the data. The payment gateway encrypts the card details using SSL/TLS, ensuring sensitive data is protected in transit.
Data is sent to the processor. The encrypted payment data is forwarded to the payment processor (also called an acquirer), which communicates with the card network (Visa, Mastercard, Amex).
Card network contacts the issuing bank. The card network routes the authorisation request to the customer's bank (the issuing bank), which checks for sufficient funds, fraud flags, and account status.
Authorisation response. The issuing bank sends an approval or decline back through the card network, to the processor, and back through the gateway to the merchant.
Transaction completes. If approved, the merchant receives confirmation and the order is fulfilled. Settlement (the actual transfer of funds) typically happens within 1-3 business days.
The entire process takes 1-3 seconds. The payment gateway's role is specifically the secure capture and transmission of payment data — it does not hold funds, manage settlements, or maintain banking relationships.
Payment Gateway vs Payment Processor vs Merchant Account
These three terms are frequently confused. They are distinct components of the payment stack:
Component | What It Does | Examples |
|---|---|---|
Payment Gateway | Captures and encrypts card data, routes it to the processor | Stripe, Braintree, Authorize.Net |
Payment Processor | Communicates with card networks and issuing banks to authorise and settle transactions | Worldpay, First Data (Fiserv), Global Payments |
Merchant Account | A holding account where funds settle before transferring to the business bank account | Provided by acquiring banks or bundled by PSPs |
Modern payment service providers (PSPs) like Stripe and Adyen bundle all three into a single service — you get gateway, processing, and a merchant account through one integration. Traditional setups require separate contracts for each component.
For businesses, the practical distinction matters when evaluating costs and flexibility. Bundled PSPs are faster to set up. Separate components give more control over pricing and provider choice.
Types of Payment Gateways
Payment gateways come in three main architectures. The right choice depends on your technical resources, security requirements, and the customer experience you need.
Hosted payment gateways redirect the customer to a third-party checkout page to enter their card details. The gateway provider handles PCI compliance entirely — the merchant's website never touches card data. Examples include PayPal Standard and Stripe Checkout. Best for small businesses or platforms that want minimal PCI scope.
Self-hosted (on-site) payment gateways keep the checkout experience on the merchant's website. Card data is collected on the merchant's own payment form and submitted to the gateway via API. This gives full control over the checkout UI but increases the merchant's PCI compliance requirements. Often used by larger e-commerce businesses with dedicated development teams.
**API-based payment gateways** provide programmatic access to payment processing, typically through RESTful APIs and client-side SDKs. The merchant's front-end captures card data using a secure iframe or tokenisation library (so raw card numbers never hit the merchant's servers), while the back-end submits the payment via API. This is the model most modern PSPs use — Stripe, Adyen, and Braintree all offer API-based gateways.
For software platforms that need to embed payment processing for their own merchants, the gateway is typically accessed through a payment layer that abstracts the PSP integration and provides white-label tools.
How Much Does a Payment Gateway Cost?
Payment gateway pricing varies significantly depending on the provider, the pricing model, and your transaction volume. Here are the standard cost components:
Transaction fees — The primary cost. Most gateways charge a percentage of the transaction amount plus a fixed fee per transaction. Typical ranges:
Stripe: 1.5% + 20p (UK domestic cards), 2.5% + 20p (EU cards)
PayPal: 1.2% + 30p (standard UK checkout)
Worldpay: Custom pricing based on volume (typically 0.75%-2.5%)
Adyen: Interchange++ pricing (interchange + scheme fee + 0.10-0.20 per transaction)
Monthly fees — Some gateways charge a recurring platform fee. Authorize.Net charges $25/month. Many modern PSPs (Stripe, Braintree) have no monthly fee.
Setup fees — Less common now but still charged by some traditional providers. Expect $0-$500 depending on the provider and the complexity of the integration.
Chargeback fees — Charged when a customer disputes a transaction. Typically $15-$25 per chargeback regardless of the outcome.
Cross-border and currency fees — Additional fees (usually 1-2%) for transactions where the card's issuing country differs from the merchant's country, or where currency conversion is required.
The total effective cost for most UK businesses processing standard card payments is between 1.5% and 3.0% per transaction, depending on the mix of domestic vs international cards and the pricing model.
Key Features to Look For
Not all payment gateways offer the same capabilities. When evaluating options, these features separate basic gateways from production-ready payment infrastructure:
PCI DSS compliance — The gateway should be PCI Level 1 certified (the highest level). This reduces your own compliance scope and ensures card data is handled securely.
Tokenisation — The ability to store card details as secure tokens for repeat payments, subscriptions, and one-click checkout without re-entering card numbers.
Multi-currency support — Essential for businesses selling internationally. The gateway should support transactions in the currencies your customers use.
Fraud detection — Built-in fraud scoring, 3D Secure (SCA) support, and configurable risk rules to reduce chargebacks.
**Payment method support** — Beyond cards: digital wallets (Apple Pay, Google Pay), bank transfers (SEPA, BACS), and local payment methods relevant to your markets.
Recurring billing — Native subscription management and recurring payment support if your business model requires it.
Developer experience — Well-documented APIs, SDKs for major languages, sandbox/test environments, and webhook support for real-time event notifications.
Reporting and analytics — Transaction dashboards, settlement reports, and data exports for reconciliation.
Top Payment Gateway Providers Compared
Provider | Best For | Pricing Model | Key Strength |
|---|---|---|---|
Developers, SaaS, platforms | % + fixed per txn | API quality, ecosystem | |
Enterprise, global commerce | Interchange++ | Global acquiring, unified platform | |
UK/EU high-volume merchants | Custom | Local acquiring, volume pricing | |
Marketplaces, mobile apps | % + fixed per txn | PayPal integration, vault | |
Small business, quick setup | % + fixed per txn | Brand trust, buyer reach | |
In-person + online | Flat rate per txn | Omnichannel, hardware | |
High-growth, enterprise | Interchange++ | Performance, flexibility | |
EU SMBs | % per txn, no monthly | Simplicity, local methods |
For software platforms embedding payments for multiple merchants, the choice of gateway is often abstracted behind a payment layer that connects to multiple PSPs — allowing different merchants to use different gateways through a single integration.
How to Integrate a Payment Gateway
The integration approach depends on the gateway type and your technical setup. Here is the typical process for an API-based gateway:
Choose your provider and create an account. Sign up for a sandbox/test account. Most providers offer instant access to test credentials.
Install the SDK or API client. Most gateways provide server-side SDKs (Node.js, Python, PHP, Ruby, Java) and client-side libraries for secure card collection.
Implement the client-side payment form. Use the provider's hosted fields, payment elements, or secure iframes to collect card data. This ensures raw card numbers never touch your server (reducing PCI scope).
Build the server-side payment flow. Create API endpoints that receive the tokenised card data from the client, create a payment intent or charge, and handle the response.
Handle 3D Secure / SCA. For European transactions, implement Strong Customer Authentication (SCA) flows using the provider's 3DS libraries.
Set up webhooks. Configure webhook endpoints to receive real-time notifications for payment events (successful charges, failed payments, disputes, refunds).
Test thoroughly. Use the provider's test card numbers and sandbox environment to verify all payment flows — including declines, 3DS challenges, and refunds.
Go live. Switch from sandbox to production credentials and monitor your first live transactions.
For most modern PSPs, a basic integration takes 1-2 days for a developer familiar with APIs. Production-ready integrations with full error handling, retry logic, and webhook processing typically take 1-2 weeks.
Platforms that need to onboard multiple merchants should consider a payment layer that handles gateway integration at the infrastructure level — a single integration that works across dozens of PSPs.
Frequently Asked Questions
Is a payment gateway the same as a payment processor?
No. A payment gateway captures and encrypts card data and routes it to a processor. A payment processor communicates with card networks and banks to authorise and settle the transaction. Many modern PSPs (Stripe, Adyen) bundle both into one service, which is why the terms are often conflated.
Do I need a payment gateway for my website?
Yes, if you want to accept card payments online. The payment gateway is the technology that securely transmits card data between your checkout page and the payment processor. Without one, you cannot process digital card payments.
How long does it take to set up a payment gateway?
With modern PSPs like Stripe or Adyen, you can have a basic integration running in a few hours. A production-ready setup with proper error handling, webhooks, and testing typically takes 1-2 weeks.
What is the cheapest payment gateway?
It depends on your volume and transaction profile. For low-volume businesses, flat-rate providers like Stripe (1.5% + 20p) are straightforward. For high-volume merchants, interchange++ pricing from providers like Adyen or Worldpay can be significantly cheaper per transaction.
Can I use multiple payment gateways?
Yes. Many businesses use multiple gateways for redundancy (if one goes down, the other handles traffic), cost optimisation (routing to the cheapest gateway per transaction), or geographic coverage (using local gateways in different regions). This is called payment orchestration or multi-PSP routing.
What is the difference between a payment gateway and a payment link?
A payment gateway processes card payments through a checkout integration on your website. A payment link is a hosted checkout page that you send to a customer via email, SMS, or chat — they click the link and pay on a pre-built page. Payment links use a gateway behind the scenes but don't require any website integration.
*Looking to embed payment processing into your software platform? Shuttle connects platforms to 40+ payment gateways through a single integration — white-label checkout, payment links, and voice payments included. See how it works or book a discovery call.*