A payment gateway and a payment processor handle two different jobs in the same transaction. The gateway is the front door: it captures and encrypts your customer’s card details. The processor is the back office: it routes those encrypted details to the card networks and banks, gets the transaction approved or declined, and moves the money. Most businesses need both, and many modern providers bundle them into a single service, which is why the two terms get confused so often.
What a Payment Gateway Does
A payment gateway is the technology that sits between your customer and the financial system. When a shopper types their credit card number into your checkout page (or taps their card at a terminal), the gateway collects that information, encrypts it, and passes it along securely. Think of it as the digital equivalent of the card reader at a physical register, except it works for online transactions too.
The gateway’s primary job is security. It encrypts sensitive card data so that raw credit card numbers never travel across the internet unprotected. Gateways must comply with PCI DSS (Payment Card Industry Data Security Standard), the set of rules that govern how businesses handle cardholder information. By using a gateway, you offload a significant chunk of that compliance burden, because the gateway provider is handling the encryption and secure transmission rather than your own servers.
After encrypting the data, the gateway hands it off to the payment processor. It then waits for a response (approved, declined, or flagged) and relays that result back to your checkout page in real time. The entire round trip typically takes two to five seconds.
What a Payment Processor Does
The payment processor picks up where the gateway leaves off. Once it receives the encrypted transaction data, the processor communicates with the card network (Visa, Mastercard, American Express) and the customer’s issuing bank to verify the payment details, check for fraud, confirm the account has sufficient funds, and authorize or decline the transaction.
After authorization, the processor also handles settlement: the process of actually moving money from the customer’s bank to your merchant account, typically within one to two business days. In between, the processor manages chargebacks, refunds, and compliance with card network rules. Where the gateway is focused on the moment of data capture and encryption, the processor is responsible for everything that happens behind the scenes to turn a card swipe into deposited funds.
How They Work Together in a Transaction
Here’s the step-by-step flow when a customer buys something from your online store:
- Customer enters card details. Your checkout form collects the card number, expiration date, and CVV.
- Gateway encrypts and transmits. The payment gateway encrypts that data and sends it to the payment processor.
- Processor contacts the card network. The processor forwards the transaction to the appropriate card network, which routes it to the customer’s issuing bank.
- Bank approves or declines. The issuing bank checks the account balance, runs fraud checks, and sends back an approval or decline code.
- Response travels back. That code goes from the bank to the card network, to the processor, to the gateway, and finally back to your checkout page, all in a few seconds.
- Settlement happens later. The processor batches approved transactions and facilitates the transfer of funds into your account, usually the next business day.
Throughout this process, both the gateway and the processor share responsibility for keeping cardholder data secure and complying with PCI DSS standards. The gateway handles encryption at the point of capture. The processor ensures compliance during verification, authorization, and settlement.
How Fees Differ
Gateways and processors each have their own fee structures, and if you use separate providers for each, you’ll pay both.
Payment gateways commonly charge a monthly subscription fee for access to their service. Some also add a small per-transaction fee on top. Payment processors typically charge on a per-transaction basis, either as a flat fee per transaction, a percentage of the transaction amount, or a combination of both. These processor fees cover interchange (the fee the card-issuing bank charges), card network assessments, and the processor’s own markup.
When you use an all-in-one provider that combines both functions, the pricing is usually simplified into a single per-transaction rate. That rate bundles the gateway and processing costs together, which makes it easier to predict your expenses but can make it harder to comparison shop on individual components. Either way, also watch for chargeback fees, which most processors charge when a customer disputes a transaction, typically $15 to $25 per dispute.
Separate Providers vs. All-in-One Solutions
Historically, businesses had to set up a payment gateway and a payment processor as separate services, often from different companies. This is still an option, and it gives you the flexibility to swap out one without changing the other. A business with high transaction volume or specialized needs might prefer this approach because it can negotiate rates independently with each provider.
Today, though, most small and midsize businesses use an all-in-one provider that handles both the gateway and processing functions in a single integration. Companies like Stripe, Square, and PayPal bundle the gateway, processor, and merchant account into one package. You sign up, connect it to your website or point-of-sale system, and both functions work together out of the box. The tradeoff is less granular control over pricing, but the setup is dramatically simpler.
Some point-of-sale systems also offer integrated payment processing that ties directly into inventory management, reporting, and checkout workflows. These integrated solutions reduce manual errors and speed up reconciliation, since your sales data and payment data live in the same system.
Which One You Actually Need
If you sell online, you need a payment gateway. There is no way around it. Without one, you have no secure mechanism to collect card data from a web browser. If you sell only in person with a physical card terminal, the terminal itself often acts as the gateway, so you may not need a separate one.
Every business that accepts card payments needs a payment processor. The processor is what actually moves money from your customer’s account to yours.
For most businesses launching today, the practical decision is not “gateway or processor” but rather which provider to choose. When evaluating options, compare per-transaction fees, monthly costs, chargeback fees, and how easily the service integrates with your existing website or point-of-sale setup. If you process a high volume of transactions, even small differences in per-transaction pricing add up quickly, so it’s worth requesting quotes from multiple providers before committing.