What is a Payment Gateway? How It Can Benefit Your Business

Today, just one in five transactions is made with cash, with more people transitioning away from cash every day. Your business may get left behind if you’re unprepared to accept non-cash payments with a payment gateway. Up to 42% of customers will change vendors to a competitor that offers their preferred payment method. (Source)

If you landed on this page you probably already know the importance of accepting in-person and online non-cash transactions for your business. To help you learn about the technology and how the payment industry works, we’ll explore one of its most fundamental technologies: payment gateways. In this article, you'll learn what payment gateways are, their role in the industry, and how having one can benefit your business.

What is a Payment Gateway?

Let’s start with the basics – what is a payment gateway? A payment gateway is a foundational piece of software that creates a user-friendly interface for collecting customer payment data. It collects, packages, and sends it between your and your customers’ bank accounts. It can be used independently or integrated into physical equipment to suit your business environment and needs.

A payment gateway can be used in a variety of ways:

In Physical Retail Settings: They can be integrated into point-of-sale (POS) systems or terminals, enabling businesses to accept payments via cards that customers tap, swipe, or insert. This functionality is vital in brick-and-mortar locations such as restaurants and stores, facilitating PIN entry and other authentication methods.
Over the Phone or Retail: Payment gateways adapt to virtual terminals. This form allows for payment processing through a web browser or a mobile app, turning any device into a payment terminal. Here, merchants can enter card information manually or attach a card reader to their device, making it a flexible solution for various sales scenarios.
Online Transactions: Online payment gateways are often a seamless part of the checkout process, securely handling payment information through integrated steps or popup windows.

How Payment Gateways Work In Processing

Payment gateways work fast, but a lot is happening behind the scenes. Here's a bit more about how they work so you can understand the intricacies of the process.

Transaction Initiation: The process begins when you and your customer agree to proceed with a transaction.
Information Submission: Your customer provides their credit or debit card information for payment.
Data Capture: This information is presented to the payment gateway via various means: directly at a POS system, through a card reader attached to a phone or computer, or via an online checkout portal.
Security and Authentication: Upon receiving the data, the payment gateway secures it through tokenization or encryption, verifies the information, and forwards it to the payment processor.
Authorization Request: The payment processor, in turn, submits the data to the customer's bank for authorization, which either approves or declines the transaction.
Feedback Loop: The outcome of this request is relayed back through the payment gateway, which informs both you and your customer of the authorization status.
Funds Transfer: If the transaction is authorized, the payment processor initiates the settlement process to transfer funds.

Payment Gateways vs. Payment Processors

One of the most confusing aspects of the financial industry is the constant use of jargon like "payment gateways" and "payment processors." Though they sound similar, they are very different.

A payment processor is a vendor. You select your payment processor and sign a merchant services agreement with them. With the agreement in place, the payment processor will create a merchant ID and account for you to accept payments from your customers.

On the other hand, payment gateways are software solutions offered by your payment processor that allows you to accept payments. It creates an interface that allows customers to present their cards to you and complete transactions. You can’t have a payment gateway without a payment processor.

How a Payment Gateway Can Benefit Your Business

A payment gateway offers numerous benefits to your business, with the primary advantage being its capability to process non-cash payments in person or online.

Beyond basic payment processing, payment gateways can provide additional features that may prove invaluable to your business, such as support for multiple currencies and the ability to handle multiple merchant IDs (MIDs), among others.

Moreover, payment gateways play a pivotal role in the customer checkout experience at your store. It's important to note that the gateway's interface—the visible part customers interact with—facilitates the collection of payment and transaction data from both the customer and the point-of-sale device. This interface is critical for processing transactions and significantly influences the customer's perception of your business, underscoring the gateway's importance in fostering a positive shopping experience.

Types of Payment Gateway Services

Payment gateways may sound like a fundamental yet basic tool. But they are anything but basic. There are many types of payment gateways your business may want to employ that can improve the experience for both you and your customers.

Let’s review some payment gateway services your hosting provider may offer you next.

Redirect Payments

A redirected payment service allows for alternative payment methods, such as Venmo or PayPal. The gateway will redirect the customer to a separate window to complete the transaction.

Self-Hosted

If you want to customize the look and feel of your checkout flow as much as possible, consider a self-hosted payment gateway service. This lets you add custom branding and allows you more access to customer data. To use this method, you must integrate your payment gateway’s encryption library into your payments page.

Hosted

A hosted payment gateway is a pre-built interface that you can integrate into your website. This means that the gateway provider hosts the gateway (reducing the burden on you for verifying platform security) and is responsible for the server’s security.

API - Hosted

If you choose to integrate your gateway with a website for full control over the website design and checkout flow, you may want to consider an API-hosted gateway option. To do this, you’ll need to connect directly from your website server to your payment gateway host’s server using their API.

Security of Payment Gateways

Payment gateways are fairly secure. However, your vendor choice is key to how secure they are. Here are some of the security features you may encounter with your payment gateway:

Compliant with PCI DSS standards

The Payment Card Industry Data Security Standards (PCI DSS) are the basic set of security regulations anyone who processes or comes into contact with cardholder payment data must meet. They're set by the Payment Card Industry Data Security Council, with opportunities for amendments in April and October. (Source)

Your payment gateway vendor is no exception, yet the onus is largely on you as the merchant, taking the sensitive data to confirm and protect your business from unnecessary risk. You should request confirmation that your payment gateway provider is PCI DSS compliant and verify they can help your business.

Encryption

Encryption is taking plain-text data, like a cardholder name or card number, and transforming it into encoded ciphertext (in other words, text that can’t be intercepted and read without decoding through an authorized/matching encryption key). This prevents many rudimentary instances of fraud and is important to verify as a standard protocol with your vendor.

Secure Electronic Transaction (SET) Protocol

You may also want to consider Secure Electronic Transaction (SET). SET is a protocol that protects cardholder information during transmission through strategic online portals. This protocol protects from both internal and external threats (such as fraudsters trying to grab hold of payment data or employees who can access it through the system).

Tokenization

Tokenization is similar to encryption in that it masks otherwise easy-to-read cardholder information. However, instead of putting it into a new language, it replaces it with a token mapped back to a database.

In practice, this means the original data is not present in your system, so if someone attempted to break in and compromise it, they would not have access to anything sensitive.

Secure Socket Layer (SSL) Technology

You may have noticed that most website checkout pages have “https:” instead of “http.” This is because the “s” denotes a website using SSL technology.

Secure Socket Layer (SSL) technology protects the connections between web servers and browsers.

How Much Does a Payment Gateway Cost?

There are fees that your business pays for accepting any type of non-cash payment. These are known as processing fees. You will pay these fees regardless of the tools you use to process payments.

On the other hand, payment gateway fees are added specifically for the cost of the tool (the payment gateway) you'll use in the process. Some payment gateways are free to use if you pay your processing fees to the same vendor. Other vendors, however, charge for access to the payment gateway. There may be, for example:

One-time setup fees
Monthly fees
Per transaction fees

These fees vary depending on the vendor but would usually hover somewhere in the ranges identified below:

One-time setup fees: $0.00 to $100.00
Monthly fees: $0.00 to $25.00 per month
Per transaction fees: $0.00 to $0.30 per transaction

These fees are in addition to the fees you pay for processing the transactions (usually around 2.00% to 4.00% of your sales volume).

What to Look for in Selecting a Secure Payment Gateway

When looking for a secure payment gateway, evaluating its features as they relate to your business needs and risk tolerance is important. Integration capabilities, fraud detection, PCI compliance, currency conversion, and card updates can make the difference between a gateway that grows and thrives with your business and one that limits your capacity to grow.

Integration Capabilities and APIs

One of the first things you should evaluate when choosing a tool for your business is how it will fit with and add value to your existing tools. That’s why integration capabilities are one of the most important things to evaluate when adding a tool to that arsenal.

First, take inventory of the tools and processes you have set up already – things like customer relationship management tools (CRM), payroll, and accounting tools. Then, review your proposed vendor for either a built-in integration or an easy onramp/setup process if it replaces one of the tools you already have. If there’s no built-in integration, an open API is a good sign that one is still possible. You will need to contact a developer to confirm compatibility.

Fraud detection tools

Another important aspect for any payment-related tools is their ability to detect fraud. Few things are as valuable as credit card numbers and their associated data (such as customer names, addresses, CVVs, etc.). As a merchant, you have a dual responsibility: to secure any data you handle in compliance with PCI standards and to ensure that the vendors you select offer robust fraud detection capabilities.

Fraud costs businesses billions yearly - not just in immediate losses like the inventory cost and payment amount - but also in fines, legal fees, and more. On average, each $1.00 of fraud costs $3.75 to remediate. (Source)

Virtual Terminals

Virtual terminals offer significant flexibility for payment acceptance. They allow for manual card information entry or the attachment of a card reader for payments over the phone or in person. Given their versatility, ensure your payment gateway includes access to a virtual terminal if you anticipate its use.

Currency Conversion

Currency conversion is vital for businesses operating internationally or serving a global clientele. Whether you're a service-based business with clients worldwide or an eCommerce platform shipping internationally, ensuring your payment gateway supports multiple currencies can prevent the loss of sales and customers due to payment incompatibilities.

Multiple Payment Type Support

Various payment options can help meet customers' preferences, especially for higher-value transactions. The ability to pay by card, split payments, or accept bank transfers enhances customer satisfaction and requires a payment gateway that supports multiple payment types.

Multiple MID Capabilities

For businesses like hair salons employing 1099 contractors or those with multiple locations, managing separate merchant identification numbers (MIDs) for each entity or location can simplify accounting and transaction processing. A payment gateway that supports multiple MIDs allows for more efficient financial management.

Card Updaters

Card updaters are invaluable for businesses processing recurring payments. They automatically update expiring debit and credit card information, preventing service interruptions and customer loss due to outdated payment details. This feature is essential for maintaining smooth recurring transactions.

Level II & III Processing Support

Businesses engaged in B2B or B2G transactions may qualify for Level II or III processing, which offers cost savings over Level I processing. This requires detailed transaction and cardholder information to reduce fraud risk and qualify for lower fees.

The Bottom Line

A payment gateway will become integral to your business if you want to accept non-cash payments. A payment gateway creates the customer-facing interface for varying payment technologies. From brick-and-mortar retail and restaurant POS systems and terminals to eCommerce checkout flows.

You can significantly reduce your expenses by selecting a reputable payment processor to help set up your payment gateway. This strategic approach enhances your efficiency and maximizes the security and flexibility of your payment processing solutions by having a system tailor-made to your business.

Frequently Asked Questions

A payment gateway is an interface that allows you to accept credit card payments from your customers, both in person and online. The gateway is one of the key intermediary tools that collects the payment information and helps to move the money between you and your customer to settle the payment.

A virtual terminal, on the other hand, is a standalone program that you can install on any internet-connected device (think of it like an app on your phone that lets you accept credit or debit cards). It’s sometimes referred to as web POS (point-of-sale software) because it essentially turns your device into one.

To access a payment gateway, you need to create an account with a merchant services provider (MSP) or a payment services provider (PSP). Here are the differences:

An MSP will create a full-scale personalized merchant account for your business. One set for your processing habits, customer types, and parameters. This takes a little longer to set up due to a full underwriting process but it offers you a lot more flexibility and freedom when accepting payments. MSPs are known as wholesale providers.
A PSP, on the other hand, gives you access to a fraction of their merchant account, meaning your processing capacity has far less flexibility – it’s a generic account. As such, it’s generally quick to set up but also quicker to get shut down and/or have your funds frozen. PSPs are known as retail providers.

So, if you want access to a payment gateway, either option works. If you want to set up a custom payment gateway for your business, you’ll want to seek out an MSP.

It depends on the option you choose (as mentioned in the question above). If you choose to use a PSP to give you access to a payment gateway, it can be done on the same day. If, on the other hand, you choose an MSP for greater flexibility and growth, it may take a few business days because of the added underwriting process.

Yes, technically, you can have two different payment gateways. For example, your merchant services provider may integrate a payment gateway into your terminal for your brick-and-mortar business, while you may choose to process payments online through a different payment gateway.

It’s not usually recommended, however, to create two separate gateways unless you have specific processing needs that your original gateway doesn’t cover. This is because depending on the integration capacity, they may create reporting and accounting records separate from one another. It will also generate additional costs to have two gateways.

Stripe is a payment processor that offers a payment gateway to its merchants. Stripe is generally a PSP.

In eCommerce, payment gateways are part of the checkout flow. A payment gateway can be either seamlessly integrated into the checkout process or create a popup window for accepting debit and credit card information securely.

An integration is essentially a comingling of software/tools/equipment. When something has an integration available, it means a developer (or team of developers) has worked a connection between the two otherwise disparate systems to make one more powerful tool using the best of both (in an ideal scenario, of course).

A payment gateway integration is a tool or program that has been connected to the gateway in such a way that the payment gateway can process payment information and fill that data in another system. For example, if you use a QuickBooks-integrated payment gateway, it may allow you to accept payments through the gateway and record customer records, complete invoices, reconcile payments, etc. as your customer swipes/taps/dips/or keys in their credit card information, making both tools more powerful than either of them alone.