Planet

Payment gateway: how to choose the right one

When choosing a payment gateway, it’s important to consider both the front-end and back-end user experience, security features, and cost.
Payment gateways are not one-size-fits-all. The best payment gateway for your business will depend on the size of your company, the nature of your business, and your typical customer.

What is a payment gateway and how does it work?
A payment gateway is a technology that allows merchants to authenticate and facilitate customer payments. Payment gateways collect and encrypt sensitive customer payment information (e.g. credit card or digital wallet details), then securely transmit it to the payment processor.
Many of today’s payment gateways also serve as payment processors, responsible not just for transmitting customer data, but also for authenticating it and initiating the transfer of funds between parties.

Key parties involved:

  • Merchant - The person or business that is doing the selling.
  • Customer - The person or business that is doing the buying.
  • Customer’s bank (issuing bank) - The financial institution that issued the customer's payment method, such as a credit card.
  • Merchant’s bank (acquiring bank) - The financial institution where the merchant holds an account and receives payments.
  • Payment gateway - The intermediary technology that securely transmits the customer’s payment data to the payment processor.
  • Payment processor - The technology that authenticates the customer payment data and initiates the transfer of funds from the issuing to the acquiring bank.

How to choose the right payment gateway?

1. Fees
Payment gateways typically charge merchants in one of three ways: fixed monthly fees, per-transaction fees, or a combination of both. Transaction fees are often a percentage of the transaction amount (e.g. 2.9%) plus a fixed fee (e.g. £0.20). For gateways that facilitate international payments, transaction fees will vary depending on the customer’s location.
In addition to monthly costs and transaction fees, merchants should also consider the following potential costs when comparing payment gateways:

  • Currency conversion fees
  • Setup fees
  • Refund fees
  • Chargeback fees
  • Withdrawal fees
  • PCI Compliance fees
  • Account termination fees

Many payment gateways offer reduced fees as the monthly transaction volume and/or monthly revenue grows. Merchants, larger businesses, in particular, can negotiate prices with their payment gateway and develop a custom fee structure that works for both parties.


2. Currencies and service area
Not all payment gateways are designed with the global business in mind. Merchants must consider whether they sell—or would someday like to sell—their products or services internationally and choose a payment gateway that works well in those countries.

For international sales, merchants can also select a payment gateway that allows customers to pay in their local currency. Multi-currency payment gateways automatically convert prices into the customer’s local currency and, when processing the transaction, convert it into the merchant's local currency at the prevailing exchange rate. This can be a huge draw for international customers who prefer to view products with localised price tags, rather than having to do the mental calculations themselves.

3. Payment methods
Not all payment gateways accept every type of credit card. For example, almost all payment gateways accept Visa and Mastercard payments, but a smaller percentage also accept Discover and American Express. Merchants must consider whether it’s beneficial to give their customers more options when making card payments and balance this against the higher fees involved.
In addition to the types of card payments to accept, merchants can also consider whether they would like a payment gateway that integrates with popular digital wallets like Apple Pay and Google Pay. The ease and speed at which customers make online payments with digital wallets don’t only improve the customer experience but can lead to more sales as well.

4. Recurring payments
For businesses that offer subscription-based goods and services, payment plans, scheduled charity contributions, or anything else that requires customers to pay on a recurring basis, it’s essential to choose a payment gateway that can facilitate recurring payments.
Payment gateways that accept recurring payments allow customers to select their payment schedule (these options can be customised by the merchant), securely store their data, and automatically initiate the payments as planned.

5. Transaction limits
Most payment gateways have a transaction limit that sets a cap on the maximum amount a customer can pay in one individual transaction. These limits vary depending on the payment gateway and, for customised accounts, the nature of the merchant’s business.
Transaction limits are designed to protect customers from fraud and billing mistakes. However, it’s always worthwhile for merchants to review transaction limits to make sure they won’t hinder their sales process.

6. Hosting
For online retailers, there are three main types of payment gateways to consider, categorised based on where and how the gateway is hosted.

  • Hosted

With hosted payment gateways, customers are redirected away from the merchant’s website to a secure payment page on the gateway provider’s website. Customers enter their payment information on this page, enhancing security for merchants by keeping sensitive data off their sites. However, redirecting customers to a separate website can disrupt the sales process. If the customer isn’t familiar with the payment gateway, they can lose trust in the process and abandon their cart.

  • Self-hosted

With self-hosted payment gateways, merchants host the gateway directly on their website. This creates a more seamless checkout process but places a greater liability on the merchant to ensure the customer’s sensitive data is transmitted securely.

  • API-hosted

A blend of the two previous gateway types, API-hosted payment gateways allow merchants to customise and embed payment forms into their own website using an application programming interface (API). Customers stay on the merchant’s website throughout the checkout process, while the payment gateway provider remains responsible for encrypting and securely transmitting the customer’s sensitive data. Merchants using API-hosted payment gateways are still required to be PCI DSS Compliant.

7. Integrations and compatibility
The look and feel of a payment gateway, in terms of user experience, will depend on how well it integrates with the merchant’s e-commerce platform. Does it match the visual identity of the website? Is the interface straightforward and easy to use? Does it work well across different devices?
Before selecting a payment gateway, merchants should look for features that will ensure a seamless integration. These include:

  • Customisation - The payment gateway allows merchants to add their own colours, branding, and fonts to the user interface.
  • Responsive design - The payment gateway works across different devices, browsers, and operating systems
  • Localisation - The payment gateway automatically adapts its language and currency based on the customer’s location.

8. Security
When choosing a payment gateway, merchants should ensure that their customers’ sensitive data will be securely protected by looking for the following features:

  • PCI DSS Compliance: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect sensitive cardholder data. Merchants should not only adhere to PCI DSS requirements on their own websites but also ensure their payment gateway remains compliant as well.
  • Encryption: It’s essential for a payment gateway to encrypt the customer’s sensitive data during transmission—via SSL (Secure Sockets Layer) or TLS (Transport Layer Security)—so that it cannot be intercepted by hackers.
  • Tokenisation: Tokenisation is the process of replacing sensitive payment data with unique tokens that have no meaningful value to potential fraudsters. This adds an extra layer of security as, even if the tokens are intercepted, they cannot be used to extract the original data.
  • Two-factor authentication (2FA): Implementing 2FA helps prevent unauthorised access to customer accounts. It serves as an additional layer of identity verification for payment gateways. It requires customers to provide an extra piece of identifying data, such as a code sent to their mobile device or email account.
  • Fraud prevention measures: Features like address verification and IP geolocation are additional security measures that payment gateways can integrate in order to further prevent fraud.

9. Customer support
It’s never been easier to quickly and securely accept customer payments, but that doesn’t mean it’s always smooth sailing. When issues and concerns do arise, having a gateway provider that’s easy to contact and available for troubleshooting is essential.
Merchants should look for a payment gateway provider that has multiple customer support channels, such as email, phone, live chat, FAQs, and user guides.

Choosing a payment gateway, in brief:

  • Payment gateways are an essential part of the payment process, responsible for securely transmitting sensitive customer data.
  • Some payment gateway providers offer physical card readers for brick-and-mortar stores, some provide “virtual terminals” for online businesses, and others can facilitate both in-person and online payments.
  • Many payment service providers act as both the payment gateway and payment processor, transmitting customer data and then managing the transfer of funds between banks.
  • Costs vary among payment gateways depending on the fee structure, volume of sales, and customer location.
  • Different payment gateways will accept a different combination of credit/debit cards and digital wallets.
  • Security, compliance, and risk liability are essential factors for merchants to consider when selecting a payment gateway.

Difference between a payment gateway and a payment processor

A payment gateway completes the first step of the payment process, securely collecting and sending the customer’s payment details to the payment processor. The payment processor communicates with the customer’s bank and the merchant’s bank to authenticate the transaction, verify funds, and manage the transfer of money.

In essence, the payment gateway acts as a bridge between the customer and the payment processor, ensuring that their sensitive data is encrypted and transmitted securely.

Many modern payment service providers offer combined services as both a payment gateway and a payment processor.

Payment processor

  • Connects merchant bank with customer bank
  • Can process a transaction and transfer funds from the cardholder’s account to the merchant account 
  • Relays transaction information between banks to process payment
  • Needed for both in-person and online transactions

Payment gateway

  • Encrypts and transmits information between merchants and customers
  • Relays whether a transaction has been approved or denied 
  • Requires a payment processor to carry out the final transaction 
  • Used mostly for online transactions

Frequently asked questions

    Payment gateways are essential for accepting card and digital wallet payments. The payment gateway securely transmits the customer’s data and payment information on for processing.

    Fees and pricing models differ depending on the payment gateway provider, but typically fall into one of three categories:

    1. A fixed monthly fee
    2. Transaction fees
    3. Both a fixed monthly fee and transaction fees

    Many payment gateway providers offer volume discounts, where fees are reduced as the number of monthly sales increase. Payment gateway fees are negotiable and a number of providers offer custom fee structures, particularly to larger businesses with high monthly sales figures. In addition, some payment gateways provide special pricing options for registered charities and nonprofit organizations.

    Yes, although the term “payment gateway” is typically associated with e-commerce payments, brick-and-mortar businesses do use gateways for in-person payments too. For these types of businesses, the payment gateway comes in the form of a physical point-of-sale (POS) system or card reader.

    Yes, API-hosted payment gateways allow merchants to customize payment forms and embed them directly into their websites for a seamless customer experience. Customers get to stay on the merchant website during checkout rather than being redirected to an external site. Customising and integrating a payment gateway into the merchant website helps create a sense of familiarity and security during the checkout process. This increases customer trust in the brand and can help lead to more sales.

    Yes, many payment gateways are able to process recurring payments. This is ideal for merchants that want to offer their customers subscription-based services, payment plans, or routine donation options. For payment gateways that have this functionality, merchants customize the billing options and customers select a payment schedule. The gateway then securely stores their payment data in order to automatically process the payments as planned.

    You might also be interested in...

    What is a merchant ID and how to get one?
    How to set up end-to-end payments
    10 tips to enhance your online payment experience