The essential guide to ecommerce payment gateways

Andy Tweddle, Payments writer
20 Feb 2024
money moving in and out of a portal

In the world of online shopping, payment gateways play a crucial role. A payment gateway is a tool used by merchants to process and authorise card payments securely, facilitating transactions between customers and ecommerce businesses. 

Card payments generally fail in the region of 8.4% of the time. The efficiency and effectiveness of these gateways can be the deciding factor between a successful transaction and a lost sale. But what really goes on behind the scenes of these digital transaction facilitators?

To be able to optimise payments (and, therefore, conversion), you need to understand payment gateways. In this article, we’ll dissect the mechanics and significance of payment gateways in ecommerce. We'll compare different types of gateways, examine their advantages and drawbacks, and guide you on choosing the right gateway. 

How do payment gateways work in ecommerce stores?

A payment gateway is a tool used by online businesses that processes debit card and credit card payments for online purchases. When a customer buys something from your ecommerce website, the payment gateway securely transmits their payment information to the bank for verification and approval, ensuring the funds are available and the transaction is legitimate. The gateway facilitates a secure transfer of money from the customer’s bank account to the merchant's account.

A primary benefit of payment gateways is their ability to secure sensitive data. They use advanced encryption methods, like SSL, to protect customer information during transmission. This security is crucial in maintaining customer trust and preventing data breaches.

Payment gateways are also equipped with fraud protection algorithms. These systems are designed to prevent unauthorised transactions, thereby protecting both the merchant and the customer from potential fraud.

Understanding payment infrastructure: gateways, processors, and orchestration platforms

Differentiating between the components of payment infrastructure is crucial for understanding the ecommerce payment process.

  • Payment gateways: gateways capture and transmit customer details, acting as an intermediary between the merchant site and the payment processor — think of them as the online equivalent of a point-of-sale terminal.

  • Payment processors: this component processes the transaction information received from the gateway. It communicates with both the customer's and merchant's bank to check fund availability and facilitate fund transfer.

  • Acquirer: an acquirer is the provider of your merchant account. They relay information between parties (eg you – the merchant – along with the card schemes and the payment gateway).

  • Orchestration platforms: these platforms manage multiple gateways and processors, optimising the entire process and providing a unified interface for easier management.

While each component has a distinct job to do, one company or provider may offer more than one individual service. Stripe, for example, is effectively a gateway, payment processor and merchant account. Plus, it has several other value-add features on top of that.

When you combine all these components, plus issuing banks, card networks, fraud solutions and more, you begin to see a complex network of parties in every single transaction. 

card payment netwotd
The many actors in a card payment.

At TrueLayer, we believe that this intricate network of different payment components isn’t ideal in today’s digital world, where consumers expect seamless payments. Learn more about open banking and the future of UK retail payments. 

What are the steps involved in the payment gateway process?

Here are the steps of the payment process that online payment gateways are typically involved in:

  1. Data capture: The process begins with the gateway collecting the customer's card details.

  2. Encryption: This information is then encrypted to secure it during transmission.

  3. Authorisation request: The encrypted data is sent to the merchant’s bank, then to the card network, and finally to the issuing bank. At this stage, the payment gateway will usually carry out fraud checks. A payment processor also helps to facilitate this communication. 

  4. Approval or denial: The issuing bank conducts fraud checks and decides to approve or deny the transaction.

  5. Notification: The payment gateway informs both the merchant and customer of the transaction outcome.

  6. Settlement: If approved, funds are transferred from the customer's bank to the merchant's bank by the payment processor. 

Types of ecommerce payment gateways

Different types of payment gateways cater to varying business needs, each with its unique features and considerations.

Hosted gateways offer the convenience of handling sensitive payment data off the merchant’s site, easing the burden of PCI DSS compliance. However, they redirect customers away from the merchant’s online store and onto a separate payment page, which can disrupt the shopping experience and affect brand consistency.

API-based gateways integrate with the merchant's website, enhancing the customer experience and allowing for greater customisation. The technical complexity of these gateways, however, necessitates a high level of developer resource and ongoing technical maintenance to route and manage API calls. Merchants are also more responsible for ensuring data security than with a hosted gateway. 

Self-hosted gateways provide the most control over the transaction process, with payment information collected directly on the merchant’s website. This direct handling offers benefits in terms of data control and user experience, but also comes with heightened responsibility for data security and increased technical overheads.

Choosing the best payment gateway for your business

The choice of payment gateway provider involves tradeoffs between security, user experience, and technical overhead. Here are key considerations to guide you in making an informed decision:

Security standards 

Choose a gateway that provides PCI DSS compliance, which ensures the protection of customer data and reduces the risk of breaches. Key features to look for include advanced encryption, comprehensive fraud detection, and effective risk management tools.

Support for international transactions

Businesses operating globally need to handle multi-currency transactions and support international payment regulations. Ensure the gateway has the functionality to process payments in various currencies and is compatible with international payment methods. This capability is vital for providing a seamless shopping experience for customers across different regions.

Support for alternative payment methods 

We’re forecasted to hit ‘peak’ card usage by 2029 or earlier, so catering to customers that prefer alternative payment methods is important. Check your chosen gateway can support the payment methods that matter to you and your customers.

Integration requirements

Consider the level of technical resources required to integrate and maintain the gateway. For instance, self-hosted gateways require a significant investment to set up and maintain. In contrast, hosted gateways are easier to run but give you less control over the payment experience. 

Checkout experience 

A gateway should offer a smooth, quick, and intuitive checkout process to minimise cart abandonment. Evaluate how well the gateway can be customised to align with your brand's look and feel. The chosen gateway should integrate seamlessly with your ecommerce platform, minimising disruptions and delays in the transaction process.

Examples of payment gateways (or equivalent solutions) by business type 

For online retail brands

Shopify Payments integrates seamlessly with the Shopify ecommerce platform, providing a hassle-free payment solution for online retailers. This gateway simplifies the management of online transactions for Shopify-based stores.

For the travel industry

WorldPay from FIS caters to the unique needs of international travel businesses with extensive support for multiple currencies and payment methods. It’s capable of handling complex, cross-border transactions.

For food and beverage companies

Solutions like Square and Toast are advertised as all-in-one payment solutions specifically tailored for food and beverage establishments. They combine online ordering systems with physical point-of-sale capabilities, ideal for businesses that operate both online and in-person. Stripe and Shopify also work with several food and grocery brands.

Streamline your payment operations with open banking 

In ecommerce, payment gateways are almost always used for collecting card payments online, and card payments can be very complex. Between payment gateways, processors, acquirers, issuers, fraud solutions and more — with all their different roles— there are many steps in the payment process, each of which can go wrong and cause payments to fail.

Add to that the costs of collaborating with card networks, which leave merchants to foot ever-increasing processing costs, and it’s no wonder that merchants are looking for alternative payment options. 

Instant bank payments, powered by open banking, simplify the payment process. Open banking offers secure payments while reducing failure points and improving the customer experience. Learn more about how to upgrade your checkout with open banking in ecommerce. 

Insights straight to your inbox
Join 10,000+ subscribers getting the latest open banking news.
18 Apr 2024

5 points for the National Payments Vision

money moving in and out of a portal
10 Apr 2024

The guide to omnichannel payment processing

TrueLayer has won Payments Innovation of the Year at the 2024 FSTech Awards
15 Mar 2024

TrueLayer wins Payments Innovation of the Year at 2024 FStech Awards

Categories to explore