Online Payment Gateways: Everything Merchants Need to Know

Every e-commerce merchant needs an online payment gateway. This essential piece of technology is the unsung hero of the online payment world. A lot of merchants don’t even know they’re using one; they assume that their merchant account does all of the payment processing for them. But the gateway is its own entity, and it’s important to understand how it works.

What Is an Online Payment Gateway?

An online payment gateway is an encrypted, internet-based channel through which credit card data is transmitted. It works like a point-of-sale terminal or metaphorical cash register, but for online transactions. There are different types of payment gateways, including those used by traditional credit card terminals, point-of-sale systems, and e-commerce businesses.

Not all payment processors use the internet to transmit data. A payment gateway may rely on a phone line or even a private, encrypted network. Online payment gateways are typically reserved for e-businesses, e-commerce stores, payment aggregators (like PayPal, Stripe, and Amazon Pay), and web-based point-of-sale systems. Because the transaction is taking place via the internet, the online payment gateway must be web-enabled.

How Does an Online Payment Gateway Work?

An online payment gateway works like any traditional payment gateway but relies on web-based technologies to secure transactions. Because billions of people have access to the internet, online transactions are uniquely vulnerable to third-party interception. That’s why online payment gateways have specialised safeguards in place.

For instance:

• Online payment gateways use SSL (secure sockets layer) certificates to establish encrypted links between issuing and acquiring banks.
• Online payment gateways use tokenisation technologies to convert sensitive financial data into a random string of characters, thus rendering the information useless to any malicious third parties who breach the gateway.
• Online payment gateways use fraud detection tools to identify potentially fraudulent transactions. The merchant can often customise their settings to approve or decline transactions based on specific red flags (such as country of origin, the customer’s chargeback history, etc.).
• When a payment is received by the acquiring bank, the bank will submit the data to the credit card association (Visa, Mastercard, American Express, etc.), which then performs its own fraud test before the transaction is ultimately approved or declined.

These safeguards aren’t just there to keep the customer happy. They are strictly required as conditions of PCI compliance.

Steps in the Payment Gateway Process

The online payment gateway is the intermediary between the merchant, the customer, the issuing bank, and the acquiring bank. Credit and debit card payments are:

• Initiated by the customer
• Submitted by the customer’s bank (the issuing bank)
• Sent through the payment gateway
• Approved by the acquiring bank (usually your merchant provider)

Once approved, the funds are available to you, the merchant.

To break it down on more of a micro level, the customer first enters their credit or debit card details on your payment page. They’ll typically need to provide their card number, expiration date, and CVV (Card Verification Value) number unless they’re using an alternative payment method.

The issuing bank then approves this charge, allowing it to be submitted securely through the payment gateway via your hosted payment page, server-to-server encryption, or whatever type of integration you have set up.

The payment request then reaches the acquiring bank and is immediately accepted or declined. If it’s accepted, the funds are stored in your merchant account. You can then transfer them to your business bank account. This is known as settlement.

When the payment is processed, the status is sent as a response back through the payment gateway, notifying the customer about whether the online transaction has been accepted or declined.

Benefits of Online Payment Gateways for Businesses

Online payment gateways offer businesses several measurable benefits.

Accept Digital Payment Methods

A payment gateway enables you to process transactions using a much more diverse range of payment methods than cash, cheque, and manual bank transfers. It also allows you to accept:

• Debit and credit cards
• Google Pay and Apple Pay
• Internet-based bank transfers (like SEPA and ACH)
• QR-code payments
• Pay by text
• Other digital payment methods as they emerge

Sell to Global Customers

A payment gateway opens up your business to customers all around the world. As soon as it’s integrated into your website, you will be able to process payments from customers in other regions, countries, and continents. If you plan to sell to global customers regularly, it’s recommended to choose a multi-currency payment gateway to save on unnecessary currency exchange losses and fees.

Recurring Payments

Payment gateways process recurring payments automatically using customers’ card-on-file information. This means you can offer memberships and subscriptions, and your customers will continue to be charged on a monthly or yearly basis without any further action required on your part.

Centralise Sales and Revenue Tracking

Processing all of your customers’ transactions through a single payment gateway puts your complete sales data at your fingertips. You will no longer need to aggregate figures from different sources.

Gather Customer Information

The online checkout process that goes hand in hand with a payment gateway gives you the opportunity to gather additional information about your customers. They will typically enter an e-mail address and phone number that you can use in future marketing campaigns. Just remember to give customers the option to opt out if they prefer.

Protect Your Business With Security Features

Online payment gateways are built with effective security features to keep your customers’ payment information safe and protect your business. These include:

• Encryption and tokenisation
• Customisable fraud scrub
• Chargeback protection

Your chosen payment gateway must be compliant with Payment Card Industry Data Security Standards (PCI-DSS). Depending on the type of payment gateway you use, you will also need to ensure that your website is secure and compliant.

Types of Payment Gateways

There are three main types of online payment gateways:

• Non-hosted: A non-hosted or on-site payment gateway is hosted on your own website. You are fully responsible for ensuring website and payment security.
• API: An online payment API or hybrid payment gateway allows customers to check out without leaving your website, while the transaction itself is processed off-site by your payment provider at the back-end.
• Hosted: A hosted payment gateway is located off-site. Customers leave your website to pay and are then redirected back to your domain.

How Do You Set Up an Online Payment Gateway?

Your online merchant services provider will walk you through the process of setting up your payment gateway. In some cases, a bit of coding will be required to integrate the gateway into your shopping cart via API connection. In other cases, the process may be as simple as installing a plug-in that works with your e-commerce platform.

Look for a payment service provider that offers free setup assistance. Some companies, like Unicorn Group, will offer free integration assistance. Other companies might impose an initial setup fee. Always review the fees carefully.

Online Payment Gateway vs Payment Processor

The terms “online payment gateway” and “online payment processor” are commonly confused and conflated.

The payment processor works with the acquiring bank that approves the funds and interfaces with the credit card companies. The payment processor also stores all of the funds earned from your transactions and ensures that they’re available to you when you need them.

The payment gateway, on the other hand, is simply the secured channel through which the funds travel to reach your payment processor and acquiring bank. Think of an imaginary line between the issuing bank and the acquiring bank. That’s the payment gateway.

What to Look For in an Online Payment Gateway

When seeking a payment gateway, look for the following qualities.

PCI Compliance

A payment gateway must be PCI-compliant. This means that the payment gateway provider adheres to all 12 security protocols set by the PCI Security Standards Council.

Enhanced Fraud Scrubbing Capabilities

Every payment gateway has some type of fraud detection capabilities in place. However, it’s best to use a gateway that:

1. Assesses card information in real time against a massive database of fraudulent credit card activity
2. Identifies a wide range of potential issues like historical fraud activity, excessive chargebacks, and potentially stolen credit card information

Scalability

Some payment gateway services are designed with small businesses in mind. Others accommodate massive mega-corporations. If you operate a large business, you need to know that your payment gateway service can handle it. If you run a smaller business, you need to know that the provider is equipped to accommodate you and scale up as your business grows.

Access to Other Merchant Services

Many merchant providers will offer a payment gateway along with their main credit card processing services. This kind of all-in-one solution often results in a more affordable, streamlined experience.

Unicorn Group offers all of these services and more. Our global payment gateway processes nearly 200 unique forms of currency. It even includes a virtual terminal, free integration assistance, and much more.

Payment Gateway FAQs

Do I Still Need to Worry About PCI Compliance if I Have a Secure Payment Gateway?

Even if your payment gateway is PCI compliant, you still need to ensure that all other aspects of your website and payment experience adhere to PCI standards. For example, you’ll need to maintain the appropriate firewalls and antivirus software. You’ll also limit the number of employees who have access to customer payment data.

Having a PCI-compliant payment gateway is an excellent first step, but it only secures the actual transmission of payment data. It doesn’t render your website invulnerable to attacks or protect your customers’ stored information.

Can You Accept Credit Card Payments Without an Online Payment Gateway?

It is impossible to transmit credit card data online without some type of payment gateway between the two financial institutions. So a better question is: Can you accept credit card payments with a dedicated gateway? In other words, is there a way to complete these transactions without paying for a gateway service?

There are services that will let you process payments without a dedicated gateway. These are known as payment aggregators or payment facilitators. Companies like PayPal, Stripe, and Square will allow you to use their gateway and merchant ID to transact business, meaning that they serve as a sort of middleman. For example, PayPal uses the Payflow payment gateway. Payment aggregators have very high acceptance rates for new merchants, which is why they appeal to businesses that have been turned away by traditional merchant service providers.

How Much do Payment Gateways Cost?

The cost of a payment gateway is generally bundled into the monthly or per-transaction fees you pay to your payment processor. We explain the most common fee structures in our Guide to Credit Card Processing Fees.

Are There Any Free Online Payment Gateways?

There is no such thing as a free online payment gateway. Every credit card transaction incurs a fee, usually in the form of a markup and an interchange fee. Somebody has to pay for that fee, and the responsibility almost always falls on the merchant.

If a company promises a free online payment gateway, read the fine print. Some of these companies are outright scams, and some will use clever but misleading language to entice you.

For example, they might allow a free signup or waive the monthly service charge but still impose a per-transaction fee and charge for additional features. Other payment providers will promise you a free gateway when you sign up for merchant services, but the costs are ultimately rolled into the total price of your merchant account.

What Is a White-Label Payment Gateway?

A white-label payment gateway is a customisable payment gateway solution that merchants can use to offer payment processing services to customers under their own branding, without building it themselves. It is most typically used by B2B businesses, such as independent software vendors (ISVs), and is not typically necessary for e-commerce vendors.

Every Online Business Needs a Payment Gateway

You might not give much thought to your payment gateway as you go about your daily business. However, it performs an invaluable service without which your e-commerce store couldn’t exist.

Security, dependability, and value are all essential components in choosing the right payment gateway. Choose the right gateway for your needs and use it to its full potential alongside all of your merchant services. It may be the biggest advantage you give your online store.

Published: August 3, 2021
Last updated: March 25, 2026