A payment gateway is the technology layer that captures payment information from a customer and securely transmits it to the payment processor or acquirer for authorisation. It is the digital equivalent of the card terminal in a physical shop. When a customer enters their card details on a checkout page, the payment gateway encrypts that data, sends it through the card networks to the issuing bank for approval, and returns the authorisation response — approved or declined — back to the merchant’s system, typically within one to three seconds.
Payment gateways operate at the front line of transaction security. They are responsible for encrypting cardholder data in transit, validating card numbers using algorithms like the Luhn check, supporting fraud screening rules, and initiating authentication protocols like 3D Secure. Because they handle raw card data, gateways must be PCI DSS compliant. Many modern gateways minimise the merchant’s PCI scope by providing hosted payment fields or redirect-based checkout flows so that card data is captured directly by the gateway without ever touching the merchant’s servers.
It is worth distinguishing between a payment gateway and a payment processor, as the terms are often confused. The gateway handles the data capture and communication — it is the messenger. The processor handles the actual movement of the transaction through the card network and the settlement of funds — it is the engine. Some companies, particularly large PSPs, operate both a gateway and a processing platform. Others specialise in one layer. A merchant might use one company’s gateway with a different company’s processing and acquiring infrastructure, though bundled solutions are more common for smaller merchants.
Shuttle Global operates as a payment infrastructure layer that sits above individual gateways and processors. When a platform integrates Shuttle’s Embedded Payments, the checkout experience uses Shuttle’s secure hosted fields as the gateway layer — capturing and tokenizing card data within Shuttle’s PCI Level 1 environment. But Shuttle is not tied to a single downstream processor. It routes the tokenized transaction to whichever PSP or acquirer is configured for that platform, market, or transaction type, drawing on its network of over 40 connected providers. Payment Links function the same way — Shuttle’s hosted checkout page acts as the gateway, with the flexibility to route to the optimal processor behind the scenes. This architecture means platforms do not need to integrate, certify, and maintain connections to multiple gateways themselves. They get one gateway experience with multi-processor routing built in.