What is a Payment Gateway?

When accepting credit and debit cards at your brick-and-mortar store, a POS terminal is what allows you to capture payment data at the checkout counter. In the online world, though, merchants rely on payment gateways to securely accept payments online.

Girl doing online shopping

However, not all payment gateways are created equal. Before choosing a solution for your e-commerce store, it is important you understand:

Let’s dive in.

What Is a Payment Gateway?

Think of a payment gateway as the online equivalent of physical credit and debit card reader. Both capture payment data before encrypting this information and forwarding it to a payment processor for authorization.

The primary difference is that e-commerce merchants using payment gateways:

  • Never have direct access to their customers’ credit cards
  • Rarely (if ever) meet their customers face to face

This is the beauty of selling online. You can connect with users around the globe, generating sales around the clock.

However, selling to remote, anonymous shoppers carries a host of security risks. For example, criminals can easily intercept credit card details sent back and forth between your online store and your payment provider.

Payment gateways are one of the first lines of defense in fraud prevention. They help keep sensitive payment details out of the hands of criminals — but how?

How a Payment Gateway Works

Infographic on How a Payment Gateway Works

When one of your customers is ready to check out from your online store, the individual fills in his or her payment data before clicking the “Buy” button.

Your payment gateway is a literal “gateway” through which that customer’s credit card data must pass. Yet, before the customer’s payment details get forwarded to your processor, they are encrypted using any number of security protocols, including:

  • Transport Layer Security (TLS)
  • Secure Sockets Layer (SSL)

Your payment processor receives these encrypted details before sending them to the customer’s bank for approval. Once the transaction is verified, the payment processing network returns an approval to the payment gateway.

Congratulations! You just made a new sale.

From the moment your customer clicked the “Buy” button, the entire process only took seconds.

The Difference Between a Payment Gateway and Payment Processor

Payment processors (sometimes known as payment providers) handle many aspects of “processing” payments — including data security, user authentication, and fund settlement. They may also supply the credit card machines and other equipment used to accept electronic payments. Payment processors also act as liaisons by transmitting the transaction data between your business and customers’ credit card providers (i.e., issuing banks).

Whether you sell primarily online or through a physical store, you’ll need a merchant account to accept credit cards. Think of these as specialized bank accounts that can receive electronic payments.

However, there is one more piece of the puzzle:

  • If you’re a brick-and-mortar merchant, you need a credit card terminal or virtual terminal to swipe or dip your customers’ plastic at the checkout counter.
  • If you’re an e-commerce merchant, you need a payment gateway linked to your store’s online checkout form or shopping cart.

Again — that payment gateway is what captures and encrypts your customers’ credit card data in the e-commerce world.

Online Checkout Payment Options

With a payment gateway, there are several ways to accept online payments.

1. Simple Checkout (aka Redirects)

When customers are ready to buy, they are temporarily redirected off-site to provide their payment details and confirm their purchase. Once the transaction goes through, those users are automatically brought back to your site.

For many e-commerce merchants, this is the easiest type of checkout experience to implement. Because no credit card data is ever captured on your server, you don’t have to worry as much about payment security.

The downside is that the Simple Checkout strategy interrupts the user experience, since you are redirecting customers off-site.

2. On-Site Checkout and Payment

When customers are ready to buy, they fill in their payment details and confirm their purchase — all entirely on your site.

The downside is that because everything happens on your servers, you take on the payment security for all your customers’ sensitive information. This brings your website and servers into PCI scope, which is expensive and requires technical expertise to set up correctly.

3. On-Site Checkout, Off-Site Payments

When customers are ready to buy, they are temporarily redirected off-site to complete the transaction. However, the site to which they are redirected looks exactly like your e-commerce store. Customers enter their information on a hosted payment page, which means that the checkout form is hosted on a third-party site. By removing this process from your systems and servers, you reduce your PCI scope and minimize your risk of a data breach.

Once the transaction goes through, users are automatically brought back to your site. Again, users don’t know this. As far as they’re concerned, they never left your e-commerce store.

When set up correctly, the On-Site Checkout, Off-Site Payments approach offers the best of all worlds. Your customers benefit from a seamless shopping experience. In fact, you can customize your hosted payment page with your online store’s branding, logo and color palette.

Person shopping online on tablet

Limitations of Gateway Merchant Services

Payment gateways are a prerequisite for online credit card acceptance, but that doesn’t mean they aren’t without limitations. Below are just some of the challenges e-commerce merchants face when using payment gateways for their online stores:

  • Payment gateways don’t accept all types of credit card payments. Admittedly, the same is true of POS terminals. The difference is that payment gateways can more easily expand their functionality with simple software upgrades.
  • Payment gateways sometimes have difficulty with international transactions. That’s because each country uses slightly different authentication protocols and currency restrictions.
  • Payment gateways don’t always mesh nicely with your other software. This can be a major hurdle if you’re already heavily invested in accounting apps, shopping carts or customer relationship management (CRM) suites that aren’t compatible with your chosen payment gateway.

As with all digital tools, payment gateways are susceptible to malware and viruses. Although software patches can fix many of these problems, your payment environment could still be vulnerable if you store any credit card data locally.

The BluePay Payment Gateway

There are hundreds (if not thousands) of competing payment gateway options out there. To get a better idea of which solution might be right for you, discover the robust functionality of the BluePay Gateway and see how the other gateways stack up.

BluePay is a pioneer in payment security — one that offers the full spectrum of PCI-compliant data protection tools, including:

What truly sets BluePay apart from other payment gateways is that:

  • It is a full-scale payment processor that supports omnichannel credit card collection — whether your users want to pay online, in-person, via mobile, or with a virtual terminal.
  • It offers seamless integration with many software platforms, apps, or tools your business already uses.
  • It offers multiple payment gateway APIs in several different languages that allow you to integrate payments into whatever software or system your business is currently using.

To learn more about the advanced security and customization features that the BluePay Payment Gateway offers, click here.

Which Online Payment Gateway Solution Is Right for You?

If you sell online, you need a payment gateway of some kind to securely process credit and debit card sales. This is true whether you run a for-profit business selling widgets or a nonprofit charity collecting donations.

Before committing to any solution, it is vital that you:

  • Understand why payment gateways exist and how they keep you safe
  • Decide what type of checkout experience you want to provide to your users
  • Choose a payment gateway that meshes with your current operations and tools

Arguably most important, you need a payment solution that can grow with your business over time. You might sell exclusively online right now, but what happens if you start interfacing with customers at tradeshows or at your new brick-and-mortar store?

You need a payment gateway provider that can accommodate this type of growth.

If you need help deciding on the right payment gateway for your online business, schedule a free consultation with our merchant services team today.

Get Started

  • Microsoft Gold Partner Badge
  • 2018 American Business Awards Gold Stevie® Winner Badge for Best Payment and Electronic Commerce Solution
  • 2018 CNP Awards Customer Choice Winner Badge for Best E-Commerce Platform/Gateway
  • Best in Biz Awards 2018 Silver Winner Badge for Business Development Department of the Year
  • TSG Gateway Awards 2019 BluePay
BluePay Processing, LLC is a registered ISO of Wells Fargo Bank, N.A., Concord, CA, 94524 U.S.A.
BluePay Canada ULC, is a Registered ISO/MSP of Peoples Trust Company, Vancouver, Canada.