A payment gateway is the technology that captures your customer’s card information, encrypts it, and securely sends it to the payment processor for authorization. Think of it as the digital equivalent of the card terminal at a physical store, but it works for online checkouts, in-app purchases, and in-person transactions alike. If you run a business that accepts card payments, a gateway is the first link in the chain between your customer tapping “pay” and the money landing in your account.
How a Payment Gateway Fits Into a Transaction
When a customer enters their credit card number on your website or taps their card at your register, the payment gateway kicks in first. It encrypts the card details and passes them to the payment processor, which is a separate service that actually communicates with the card networks (Visa, Mastercard, etc.) and the customer’s bank to verify the card, check for sufficient funds, and approve or decline the charge.
The distinction matters because gateways and processors handle different jobs. The gateway is responsible for securely collecting and transmitting sensitive data. The processor is responsible for moving money. Many modern providers bundle both into a single service, so you may never interact with them separately, but behind the scenes they remain two distinct steps. The entire authorization cycle, from the moment a customer clicks “pay” to seeing an approval message, typically takes just a few seconds.
How Gateways Protect Card Data
Security is the core reason payment gateways exist. Two techniques do most of the heavy lifting: encryption and tokenization.
Encryption transforms card details into an unreadable format using a cryptographic key. This protects data while it’s being transmitted from your checkout page to the processor’s servers. Without the correct key, intercepted data is meaningless.
Tokenization replaces a card number with a random substitute value called a token. The token has no mathematical relationship to the original card number and is useless to anyone who steals it. This protects data while it’s stored, for instance when a returning customer saves a card on file. Tokenized payment transactions are projected to surpass one trillion globally by 2026, which gives you a sense of how standard this approach has become.
Together, encryption handles the “in transit” risk and tokenization handles the “at rest” risk. Both reduce your exposure to PCI DSS requirements, the industry security standards that govern how businesses handle cardholder data. A good gateway takes on most of that compliance burden so you don’t have to manage it yourself.
Hosted vs. API-Integrated Gateways
When you add a payment gateway to your website or app, you’ll generally choose between two integration styles.
Hosted Gateways
A hosted gateway redirects your customer to the payment provider’s own checkout page. The customer enters their card details there, and after the payment processes, they’re sent back to your site. This is the simplest option to set up since you typically just embed a link or button. Security is handled almost entirely by the provider, because sensitive card data never touches your servers. The tradeoff is less control over the look and feel of the checkout experience, and the redirect can feel jarring to some customers, which may hurt conversion rates. For smaller businesses or those just getting started with online sales, hosted gateways are often the most practical choice.
API-Integrated Gateways
An API-integrated gateway lets customers complete payment directly on your website or app without ever leaving the page. You collect card details through the provider’s API (a set of programming tools that let your site communicate with the gateway’s servers) and process everything in real time. This creates a smoother, more branded checkout experience, which can improve conversion rates. The downside is that integration requires developer resources, and you share more responsibility for securing transaction data on your end. Pricing can also be more complex, sometimes involving monthly fees on top of per-transaction charges.
Typical Costs
Payment gateway pricing has two main components: a percentage of each transaction and a flat per-transaction fee. Some providers also charge a monthly subscription.
For online transactions, the percentage typically falls between 2.9% and 3.3%, plus a flat fee of $0.25 to $0.30 per transaction. In-person rates tend to be lower because card-present transactions carry less fraud risk, generally running 2.6% to 2.7% plus $0.05 to $0.15.
Some providers, like Stripe, charge no monthly fee at all and make their money purely on transaction volume. Others, like Square, offer a free base plan with optional paid tiers ($49 or $149 per month) that unlock additional features. A provider like Shopify’s payment system charges $39 and up per month for its e-commerce plans, while Chase charges $9.95 and up monthly for online payment processing.
There’s also a different pricing model called interchange-plus, where you pay the actual interchange rate set by the card networks plus a small markup. Helcim, for example, charges interchange plus 0.5% and $0.25 for online transactions with no monthly fee. This model can save money at higher volumes because you’re paying closer to the wholesale cost of processing.
Setup fees have largely disappeared among major providers, though some enterprise-level gateways still charge them. The real cost differences show up in transaction volume: if you process $10,000 a month in online sales, even a 0.3% difference in rates means $30 per month, or $360 a year.
Multi-Currency and International Payments
If you sell to customers in other countries, your gateway needs to handle multiple currencies. A multi-currency gateway displays prices and processes payments in the customer’s local currency, converting the amount automatically. The customer sees exactly what they’ll be charged in their own currency, which reduces cart abandonment.
The range of global support varies widely by provider. Stripe supports over 135 currencies and 100 payment methods across 30 languages. Other providers like Checkout.com support 150 or more processing currencies with domestic processing in nearly 50 countries. Some gateways also support alternative payment methods that are popular in specific regions, such as digital wallets, direct debit, online banking transfers, and prepaid cards.
Currency conversion does come with fees, usually built into the exchange rate as a markup of 1% to 2% above the mid-market rate. If you do significant international volume, compare how each provider handles conversion and whether they offer settlement in multiple currencies, which lets you hold funds in the currency you received rather than converting everything automatically.
Choosing the Right Gateway
Your choice depends on a few practical factors. If you’re a small online store processing a modest number of orders, a no-monthly-fee provider with simple flat-rate pricing keeps things straightforward. If you’re processing thousands of transactions per month, interchange-plus pricing will likely save you money over flat-rate models.
Consider where your customers are. A domestic-only business with in-person sales has different needs than an e-commerce brand shipping internationally. For global sellers, multi-currency support and local payment methods directly affect whether customers complete their purchases.
Integration complexity matters too. If you’re using a platform like Shopify or WooCommerce, many gateways offer plug-and-play integrations that require no coding. If you’re building a custom checkout, you’ll want a well-documented API and developer support. Either way, the gateway should handle PCI compliance on your behalf as much as possible, keeping sensitive card data off your servers and reducing your security obligations.