What Is a Payment Gateway?

A payment gateway is software that securely captures payment details from your customer and transmits them to your payment processor or acquirer for authorization. Think of it as the digital checkout counter—whether that checkout lives on your website, inside an invoicing app, or on a mobile device.

Key Takeaways

• A payment gateway encrypts card data and transmits it to the processor for authorization, acting as the digital equivalent of a card terminal
• Hosted gateways (like Stripe Checkout) reduce your PCI compliance scope, while embedded gateways offer more checkout customization
• Gateway fees are separate from interchange and processor markup, so compare total cost across all three layers before choosing

Understanding gateways helps you compare providers, reduce fraud, and avoid storing sensitive card data yourself.

What a gateway does in plain language

When a customer enters a card online, the gateway:

• Encrypts card data in transit
• Tokenizes or forwards information according to PCI rules
• Sends an authorization request to the processor
• Returns approve/decline messages to your shopping cart or invoicing tool
• Often provides hosted payment pages or APIs for custom checkouts

Gateways are not banks—they do not hold your money long-term; settlement to your merchant account happens through the processor network described in our merchant account guide.

Hosted vs. integrated gateways

Hosted gateways redirect customers to a provider-branded page (or embedded fields) so card data touches the gateway’s systems, reducing your PCI scope. Integrated/API gateways embed fields directly in your site for smoother UX but demand stricter security practices and developer time.

Tradeoffs:

• Hosted: faster to launch, slightly less customizable
• Integrated: brand control and conversion optimization, higher engineering burden

Gateways and invoicing workflows

Service businesses often email invoices with pay now buttons. The gateway powers that button—connecting your accounting tool to card or ACH rails. Pair clear payment instructions with invoice payment terms so customers know when autopay runs and how late fees apply, if any.

Tokenization and customer vaults

Gateways can store tokens representing cards for subscriptions or repeat clients without you seeing raw numbers again. Tokens simplify receipts and retry logic when a card expires—critical for memberships and retainers.

Fraud tools commonly bundled

Many gateways offer AVS (address verification), CVV checks, velocity rules, and 3D Secure step-ups. Tune rules to your risk: too loose invites chargebacks; too tight declines good customers. Monitor false positives as closely as fraud attempts.

Mobile and in-person overlap

Modern stacks blur lines: the same gateway may offer virtual terminal, card readers, and wallet acceptance—see guide to mobile payments. Unified reporting simplifies reconciliation versus juggling three disconnected vendors.

Developer integrations

If you build custom software, you will use gateway APIs and webhooks. Start with official docs and sandbox keys—our walkthroughs for Stripe API keys and PayPal API signatures help orient you before engineering sprints.

Compliance: PCI DSS in practical terms

PCI DSS sets security standards for card data. Review the PCI Security Standards Council's official standards for current requirements. Using a hosted or tokenized flow shifts much liability to compliant providers—but you still must configure settings correctly, patch servers, and train staff not to copy card numbers into tickets or email. Treat compliance as ongoing hygiene, not a one-time checkbox.

Choosing a gateway: decision checklist

• Does it integrate with your cart, CRM, or accounting stack?
• Are payout times acceptable for your cash cycle—tie to cash flow management?
• Does pricing include gateway fees separate from interchange?
• Is international support needed? Review international payment methods
• How strong are support SLAs during checkout incidents?

Reporting and reconciliation features

Evaluate whether the gateway exposes transaction exports, fee breakdowns, and dispute portals your bookkeeper can use without engineering help. Clean exports into expense tracking categories reduce month-end detective work. If you issue credits frequently, confirm partial refunds and line-item adjustments flow correctly to your accounting tool.

Uptime and checkout resilience

Even great products lose revenue when checkout is down during a launch. Ask providers about status pages, retry policies, and fallback options (secondary processor) if you are high volume. Communicate outages quickly to customers waiting to pay—transparency preserves trust better than silent failures.

Common mistakes small businesses make

• Storing card numbers in spreadsheets or Slack
• Mixing test and live keys in production deployments
• Ignoring failed payment alerts until month-end
• Confusing gateway brand with processor—sometimes they are bundled, sometimes not

Putting it together

A payment gateway is the secure front door between your customer and the processing networks that move money. Choose hosted or integrated flows based on risk, UX, and engineering capacity; lean on tokenization for repeat business; and pair gateway settings with clear invoicing and fraud rules tuned to how you actually sell. From there, expanding to credit card payments across channels—and optimizing processing fees—becomes a structured upgrade path instead of guesswork.

Related Articles

• What Is a Merchant Account?
• What Is Payment Processing? A Small Business Guide
• How to Accept Online Payments for Your Small Business

Frequently Asked Questions

What is the difference between a payment gateway and a payment processor?

A payment gateway is the technology that securely captures and encrypts payment information from the customer and transmits it for authorization, while the payment processor actually moves the money between the customer's bank and your account. Think of the gateway as the digital equivalent of a card terminal and the processor as the bank network behind it.

Do I need a separate payment gateway for my website?

Many modern payment processors like Stripe and PayPal include a built-in payment gateway, so you do not need a separate one. You only need a standalone gateway if you are using a traditional merchant account provider that does not include gateway functionality, or if you need advanced features like multi-processor routing.

How much does a payment gateway cost?

Payment gateway fees typically include a per-transaction charge of $0.10 to $0.30 on top of processing fees, and some providers charge a monthly gateway fee of $10 to $25. All-in-one providers like Stripe bundle gateway fees into their processing rate (2.9% + $0.30), which simplifies pricing and is usually the most cost-effective option for small businesses.