A payment gateway is the technology that securely captures a customer's payment details and passes them to a payment processor for authorisation, then returns the approve-or-decline result to the merchant. It is the connective layer between a checkout and the card networks and banks behind it.
Every time someone enters card details on a website, taps a phone at a terminal, or reads a card number to an agent over the phone, a payment gateway is encrypting and routing that data in the background. For any business accepting digital payments it is essential infrastructure: it protects sensitive card data, routes each transaction to the right processor, and enforces security standards like PCI DSS before money moves.
This guide covers how payment gateways work, the main types, what they cost in 2026, how to evaluate one, and the infrastructure model platforms use to offer payments across many gateways at once. Shuttle connects software platforms to 40+ gateways, so the sections below reflect what matters in production, not just the textbook flow.
How Does a Payment Gateway Work?
A payment gateway runs in the background of every digital payment. The flow takes one to three seconds end to end:
Customer initiates payment. The buyer enters card details on a checkout page, taps a contactless terminal, or provides a card over the phone.
Gateway encrypts and tokenises the data. The gateway secures the card details in transit (TLS) and usually replaces the raw card number with a token, so sensitive data never sits on the merchant's servers.
Data goes to the processor. The encrypted request is forwarded to the payment processor (the acquirer), which talks to the relevant card network (Visa, Mastercard, Amex).
Card network contacts the issuing bank. The network routes the authorisation request to the customer's bank, which checks funds, fraud signals, and account status.
Authorisation response. The issuing bank returns an approval or decline back through the network, the processor, and the gateway to the merchant.
Settlement. If approved, the order is fulfilled and the funds settle to the merchant's account, typically within one to three business days.
The gateway's job is specifically the secure capture, tokenisation, and transmission of payment data. It does not hold funds, run settlement, or maintain the banking relationships. That distinction is the source of most confusion in payments, which the next section clears up.
Payment Gateway vs Payment Processor vs Merchant Account
These three components are routinely confused because modern providers bundle them. They are not the same thing:
Component | What It Does | Examples |
|---|---|---|
Payment gateway | Captures, tokenises and encrypts card data, then routes it to the processor | Stripe, Braintree, Authorize.Net |
Payment processor | Talks to card networks and issuing banks to authorise and settle | Worldpay, Fiserv, Global Payments |
Merchant account | The account where funds settle before reaching your business bank account | Acquiring banks, or bundled by PSPs |
Modern payment service providers (PSPs) like Stripe and Adyen bundle all three into one integration, which is why people use "gateway" and "processor" interchangeably. Traditional setups contract each component separately, which gives more pricing control at the cost of more complexity.
The practical point: when you compare providers you are usually comparing bundles, not gateways in isolation. What matters is the total cost and the flexibility the bundle gives you.
Types of Payment Gateways
Gateways come in three architectures. The right one depends on your engineering resources, the PCI scope you can accept, and the checkout experience you want.
Hosted gateways redirect the customer to the provider's checkout page to enter card details. The provider carries PCI compliance and your site never touches card data. Examples: PayPal Standard, Stripe Checkout. Best when you want minimal PCI scope and fast setup.
Self-hosted (on-site) gateways keep the checkout on your own site and submit card data to the gateway by API. You control the full UI but you take on more PCI responsibility. Common for larger merchants with dedicated engineering.
API-based gateways expose payment processing through REST APIs and client-side SDKs. The front end captures card data inside a secure iframe or tokenisation library (so raw numbers never reach your servers) and the back end completes the payment by API. This is the model most modern PSPs use, including Stripe, Adyen and Braintree.
A fourth option matters for software platforms specifically: rather than integrating a gateway directly, you access one (or many) through a payment layer that abstracts the integration and adds white-label tooling. That model is the focus of the next section.
Payment Gateway as a Service: The Infrastructure Model
For a single business taking its own payments, one gateway integration is enough. For a software platform that needs to offer payments to its own customers, or for a high-volume merchant operating across markets, the unit of decision is no longer a single gateway. It is the infrastructure that sits across several of them.
This is what "payment gateway as a service" and gateway-as-infrastructure describe: a layer that exposes payment acceptance to your application while managing the underlying gateway connections, tokens, compliance, and routing for you.
Single-gateway vs multi-gateway. A single gateway is simple but fragile. If it has an outage, payments stop. If it lacks local acquiring in a market, approval rates fall. If a large customer mandates a specific PSP, you cannot serve them. A multi-gateway setup removes those single points of failure.
**Payment gateway routing.** With more than one gateway connected, transactions can be routed by rule: send domestic cards to the cheapest local acquirer, fail over to a backup gateway during an outage, or direct a specific merchant's volume to the PSP they are contracted with. This routing is the core of payment orchestration.
Embedded and white-label. Platforms that want payments to feel native (their brand, their dashboard, their onboarding) embed the gateway rather than redirecting merchants off to a third party. A payment layer provides the checkout, payment links, and reporting under the platform's own brand while connecting to the gateways underneath.
**Why platforms choose this over building it.** Connecting to one gateway is a few weeks of work. Connecting to many, keeping tokens portable across them, maintaining PCI scope, and keeping each integration current is a permanent engineering commitment. Most platforms would rather not become a payments company, so they consume gateway connectivity as infrastructure. We cover that trade-off in why platforms don't want to be payment companies.
If you are evaluating this model, the deciding factors are usually the number of PSPs supported, whether tokens are portable across them, and whether the checkout can be fully white-labelled.
How Much Does a Payment Gateway Cost in 2026?
Gateway pricing depends on the provider, the pricing model, and your volume. The components to add up:
Transaction fees are the main cost: a percentage of the amount plus a fixed fee. Typical 2026 UK rates:
Stripe: 1.5% + 20p (UK domestic cards), 2.5% + 20p (European cards)
PayPal: around 1.2% + 30p (standard UK checkout)
Worldpay: custom, volume-based (broadly 0.75% to 2.5%)
Adyen: interchange++ (interchange plus scheme fee plus a small per-transaction markup)
Monthly fees apply to some gateways. Authorize.Net charges a monthly platform fee; many modern PSPs such as Stripe and Braintree charge none.
Setup fees are now uncommon, but some traditional providers still charge them, from nothing up to several hundred pounds depending on integration complexity.
Chargeback fees apply when a customer disputes a transaction, usually £15 to £25 per dispute regardless of outcome.
Cross-border and currency fees add roughly 1% to 2% when the card's country differs from yours or currency conversion is involved.
For most UK businesses on standard card payments, the all-in effective cost lands between 1.5% and 3.0% per transaction, driven mainly by the domestic-versus-international card mix and the pricing model. Above a certain volume interchange++ almost always beats flat-rate pricing, which is why scaling merchants move to it.
Key Features to Look For
These features separate a basic gateway from production-ready infrastructure:
PCI DSS compliance at Level 1 (the highest), which reduces your own compliance scope.
Tokenisation for repeat payments, subscriptions, and one-click checkout without re-entering card numbers. If you may switch providers later, ask whether tokens are portable.
Multi-currency support in the currencies your customers actually pay in.
Fraud detection: scoring, 3D Secure (SCA), and configurable risk rules.
**Payment method breadth** beyond cards: wallets (Apple Pay, Google Pay), bank transfers (SEPA, BACS), and the local methods your markets expect.
Recurring billing if you run subscriptions.
Developer experience: clear APIs, SDKs, sandboxes, and reliable webhooks.
Reporting and reconciliation: dashboards, settlement reports, and clean data exports.
Top Payment Gateway Providers Compared
Provider | Best For | Pricing Model | Key Strength |
|---|---|---|---|
Stripe | Developers, SaaS, platforms | % + fixed per txn | API quality, ecosystem |
Adyen | Enterprise, global commerce | Interchange++ | Global acquiring, one platform |
Worldpay | UK/EU high-volume merchants | Custom | Local acquiring, volume pricing |
Braintree | Marketplaces, mobile apps | % + fixed per txn | PayPal integration, vault |
PayPal | Small business, quick setup | % + fixed per txn | Brand trust, buyer reach |
Square | In-person and online | Flat rate per txn | Omnichannel, hardware |
Checkout.com | High-growth, enterprise | Interchange++ | Performance, flexibility |
Mollie | EU SMBs | % per txn, no monthly | Simplicity, local methods |
No single provider wins on every axis, which is exactly why larger merchants and platforms abstract the choice behind a payment layer that connects to several at once and lets each merchant use the provider that fits them. You can see the full list of connected providers on the Shuttle PSP network.
How to Choose a Payment Gateway
Match the gateway to your stage and model rather than chasing the lowest headline rate:
Early-stage or low volume: prioritise speed and simplicity. A bundled PSP with flat-rate pricing and a hosted checkout gets you live fastest with minimal PCI scope.
Scaling or high volume: move to interchange++ and look hard at local acquiring in your top markets. Basis points matter at volume.
International: check local acquiring and local payment method support market by market, not just headline currency coverage.
Enterprise or regulated buyers: expect PSP mandates in procurement. The ability to route to a specified gateway is often a deal requirement.
**Software platforms:** the decision is not which gateway, but which infrastructure lets your merchants use any gateway. See how to choose a payment platform for the full evaluation framework.
How to Integrate a Payment Gateway
The typical process for an API-based gateway:
Create a sandbox account and get test credentials (usually instant).
Install the SDK or API client (server-side SDKs for Node, Python, PHP, Ruby, Java, plus client-side libraries).
Build the client-side form with hosted fields or a secure iframe so raw card numbers never touch your server.
Build the server-side flow: endpoints that take the tokenised card data, create the charge or payment intent, and handle the response.
Handle 3D Secure / SCA for European transactions using the provider's 3DS libraries.
Set up webhooks for charges, failures, disputes, and refunds.
Test thoroughly with the provider's test cards, including declines, 3DS challenges, and refunds.
Go live on production credentials and watch the first live transactions closely.
A basic integration takes a developer one to two days. A production-ready one with full error handling, retries, and webhook processing is usually one to two weeks per gateway. That per-gateway cost is why platforms supporting multiple merchants tend to consume gateway connectivity as a single integration across many PSPs rather than building each one.
Frequently Asked Questions
Is a payment gateway the same as a payment processor?
No. A gateway captures and encrypts card data and routes it to a processor. A processor talks to card networks and banks to authorise and settle. Modern PSPs like Stripe and Adyen bundle both, which is why the terms get conflated.
Do I need a payment gateway for my website?
Yes, to accept card payments online. The gateway is what securely transmits card data between your checkout and the processor. Without one you cannot take digital card payments.
What is payment gateway as a service?
It is consuming gateway connectivity as managed infrastructure rather than integrating a gateway yourself. The service provides payment acceptance to your application while handling the underlying gateway connections, tokens, compliance, and routing. Platforms use this to offer payments to their own customers without becoming a payments company.
What is payment gateway routing?
Routing directs each transaction to a specific gateway by rule: the cheapest local acquirer for domestic cards, automatic failover during an outage, or a particular PSP for a merchant contracted to it. It requires more than one connected gateway and is the core of payment orchestration.
How long does it take to set up a payment gateway?
With a modern PSP, a basic integration can run in a few hours. A production-ready setup with error handling, webhooks, and testing typically takes one to two weeks per gateway.
What is the cheapest payment gateway?
It depends on volume and transaction profile. For low volume, flat-rate providers like Stripe are simplest. For high volume, interchange++ from Adyen or Worldpay is usually cheaper per transaction.
Can I use multiple payment gateways?
Yes. Businesses run multiple gateways for redundancy, cost routing, and geographic coverage. Managing them through one integration is called payment orchestration or multi-PSP routing.
What is the difference between a payment gateway and a payment link?
A gateway processes payments through a checkout integrated into your site. A payment link is a hosted page you send by email, SMS, or chat, where the customer pays without any site integration. Payment links use a gateway behind the scenes.
*Building payments into a software platform? Shuttle connects platforms to 40+ payment gateways through one integration, with white-label checkout, payment links, and voice payments included. See how it works or book a discovery call.*