What is an eCommerce Payment Gateway?

Man paying with smartphone for online shopping. Paying using mobile payment app. Online payment

What is an eCommerce Payment Gateway?

Have you ever wondered how internet companies handle online payments automatically? We’ll look at the technology underlying an online shop and offer some advice for starting an eCommerce business.

In a typical bricks-and-mortar store, accepting debit and credit card payments is quite simple. A consumer passes over their credit card, and you process the payment via a POS terminal.

However, because eCommerce transactions are conducted over the internet, clients cannot physically produce their credit or debit cards.

To accept online payments, websites require the digital counterpart of a POS terminal, known as a payment gateway.

How does an eCommerce payment gateway function?

An eCommerce payment gateway, as previously stated, is a service that allows retailers to accept credit and debit card payments on their websites.

The online payment process can be divided into five steps.

  1. Your consumer browses your website and discovers something they like. They then add the product or service to their shopping cart and proceed to the checkout.
  2. Your customer enters their credit card information, which includes their name, address, and card number.
  3. That card information is encrypted and sent to the acquiring bank via your payment gateway.
  4. The card information is subsequently forwarded by the acquiring bank to the card scheme that has branded the card, and ultimately to the issuing bank. The transaction is approved if the card information matches the records of the issuing bank.
  5. The payment gateway transmits the success to your site, which reports it back to you.

And just like that, an online payment was handled by a website.

Payment gateways can quietly work in the background of an online business, processing tens, hundreds, or thousands of transactions per hour.

Amazon sold a remarkable 636 goods every single second at its peak last year! That’s a lot of effort for the payment gateway!

While few businesses must cope with the large amount of transactions that Amazon handles, the payment gateway you choose will invariably influence the quality of your checkout.

Choose the appropriate payment gateways, and your consumers will have friction-free checkouts, while your conversions will skyrocket.

However, if you choose the incorrect supplier, you will face piles of failed transactions, exorbitant fees, horrible customer support, and paper-thin integration. But we’ll get to that later.

Is it better to host or integrate a payment page?

Payment gateways are classified into two types: hosted and integrated.

Whether your payment gateway is hosted or integrated influences how your customer’s sensitive payment information is sent from their wallet to the payment gateway. Hosted gateways and integrated gateways both have their pros and cons.

Gateways that are hosted

Hosted payment gateways operate by forwarding your consumers to a page that is owned and maintained by your payment gateway provider. This page allows your customer to submit their payment information before processing the transaction. Your buyer gets routed back to your website after everything is validated.

The main advantage of hosted gateways is data security. Specifically, you don’t have to be concerned about how your website manages sensitive data since it doesn’t!

The biggest disadvantage of a hosted gateway is the inverse of its principal advantage. When a consumer wants to make a payment, you send them to the payment gateway’s website, where they submit their information.

The redirect is critical since the client may be confused as to why they are being sent to another site after purchasing anything from you. The good news is that many providers will let you brand your payment pages, which avoids confusion and streamlines the entire process.

However, if the redirection is handled incorrectly, it might have a negative impact on your conversion rates.

Integrated Gateways

Integrated payments operate by requesting that your clients submit their information directly into your website. After receiving the data, your website bundles it and sends it to the payment gateway using an API.

An API (application programme interface) is a method for two systems to communicate automatically with one another.

The biggest benefit of integrated gateways is that they provide you total control over your checkout process. There is no user redirection or difficult website switching. A consumer visits your website and makes a purchase.

However, like with hosted gateways, the main disadvantage of an integrated gateway is the inverse of its main advantage.

You are responsible for the protection of sensitive data if you accept it directly on your website. You must ensure that data security regulations are followed.

Payment gateways – are they secure?

If you ask your clients to submit their credit card information on your website, make sure the technology you’re utilising is secure. When data security fails, the consequences are disastrous for both your company and its consumers.

Fortunately, payment gateway developers, like other financial products, services, and organisations, take security very seriously.

Reputable payment gateway providers will adhere to the Payment Card Industry Data Security Standard at the Level 1 level (PCI DSS).

What exactly is PCI Compliance?

If a payment gateway provider is level 1 compliant, it’s a solid indication that they take security seriously.

Level 1 is the most stringent PCI DSS standard, requiring yearly on-site security audits, in-depth penetration testing, and a slew of additional inspections.

Is it possible for payment gateways to be hacked?

Payment gateways may be more secure than Fort Knox, but it does not guarantee that you will be protected from fraudulent transactions.

The good news is that most payment gateways have hundreds of adjustable fraud protection measures. There are just too many to discuss in depth, so we’ve selected three notable tools you may have heard of.

3D Secure

The security mechanisms used by card networks are known as 3-D Secure. Verified by Visa is used by Visa, SecureCode is used by Mastercard, Safekey is used by American Express, and so on.

Verified by Visa

“When you purchase online, Verified by Visa safeguards you from fraud and provides you added piece of mind.”

Mastercard SecureCode®

“Mastercard SecureCode® enhances online buying security.”

SafeKey by American Express

“It’s critical to keep secure when shopping online.” SafeKey secures the procedure, allowing you to focus on the enjoyable part: deciding what to buy.

While the steps and details of the security check vary depending on the network, clients are normally required to provide an extra password in addition to their website password. If the password does not match any of the network’s records, the transaction is automatically refused.

This additional verification ensures that the consumer is the cardholder and not someone who has stolen the card or account.

It’s worth noting that 3-D Secure is optional. Merchants may and do disable it, frequently wrongly assuming that it reduces conversion rates.

Velocity Checking

Velocity is checked using an IP address. This application essentially keeps track of how many orders have been placed using a specific IP address. If a single IP address attempts to place a dozen separate orders using a dozen different credit cards in one hour, it’s quite likely that a fraudster is going through a stash of stolen cards.

If this type of behaviour is found, the IP address is typically restricted for a specified length of time.

Location Blocking

Certain countries have greater fraud rates than others. Developing nations, for example, are frequently havens for internet fraud because authorities simply do not have the means to combat it.

If your company is headquartered in Brighton and you receive a flood of Botswana transactions, they are more likely to be fraudulent.


Tokenisation should be used by payment gateways.
To achieve PCI compliance, all sensitive payment information—card numbers, CVV2 data, and so on—must be encrypted.

Businesses can choose between regular encryption and various types of tokenisation.

Tokenisation is a relatively new concept that is just now gaining momentum in the payment sector. Tokenisation involves taking a card number and substituting the 16-digit number with a randomly generated token.

Someone’s actual credit card number, for example, may be 4462 9921 4164 1212, and their token AB6690LPZZ24789G.

The token is non-descriptive and has no relationship to the data to which it is attached. Unlike standard encrypted data, there is no way to decrypt the encryption and deduce the card number. This implies that even if a hacker did take the token, it would be useless.

Merchants may still execute transactions through the system since the token translates back to the real data via the tokenisation scheme.

Finally, tokenisation eliminates the need to store sensitive card data, which improves data security.

Tokenisation might also assist to speed up your checkout process.

Consider regular payments, for example. When a consumer inputs their credit card information on your website, it is tokenized and saved.

Because their information has been tokenized, all future payments may now be done with a secure one-click function. That means your consumer won’t have to enter their information manually for each and every transaction.

Is it simple to incorporate a payment gateway?

Payment gateways operate with shopping cart systems to provide a full eCommerce solution. You have a lovely online showroom but no means to accept money if you don’t have a connected payment gateway.

The issue here is that there are hundreds of different shopping cart systems and payment gateways. With so many options, it’s unavoidable that some gates will be incompatible with some carts.

The good news is that shopping cart vendors want to operate with as many payment methods as possible. If a system only supports a few gateways, it severely limits its potential market.

In general, most major payment gateways work with most mainstream shopping cart systems, and integration is typically a plug-and-play process unless you’re using something really unusual.

If you have any doubts regarding a gateway’s compatibility, contact the shopping cart supplier and inquire. It’s a ten-second chat that might save you endless hours of worry later on.

Is it necessary for high-risk merchants to use specialised payment gateways?

Some firms are classified as ‘high-risk’ by payment processing providers. Merchants are categorised as high-risk for one of two reasons: they work in a high-risk industry or they have demonstrated high-risk behaviour.

Let’s start with high-risk industries. Among the most prevalent high-risk industries are:

  • Pharmaceuticals
  • Gambling
  • Gaming
  • Adult
  • Insurance
  • Financial Services
  • Multi-Level Marketing
  • Telemarketing

This is not an exhaustive list, but it offers you a sense of the types of industries targeted by payment processors. These sectors are often classed as high-risk due to one of three factors: credit risks, regulatory risks, or reputational concerns.

However, working in these industries isn’t the only way for a company to be classed as high-risk.

If a company owner engages in dangerous behaviour, such as being convicted of money laundering, breaching payment processor terms and conditions, or incurring an unusually high amount of chargebacks, their provider may add them to the MATCH (Member Alert to High-Risk Merchants) list. The MATCH list is used by merchant account providers to swiftly screen out high-risk firms. Payment providers will often refuse to accept firms on the MATCH list.

If a company is labelled as high-risk for whatever reason, it will find it difficult to obtain mainstream merchant services, particularly merchant accounts. While there are high-risk items, they are often more expensive than standard ones.

What should the price of a payment gateway be?

Most independent payment gateways operate in a similar manner, charging a small fixed monthly fee for a defined amount of transactions. You are charged at a slightly higher per-transaction fee if you conduct more transactions than your plan permits.

Discover your ideal payment gateway

Finding the best payment gateway for your eCommerce website is critical. If you use the wrong payment gateway, your payment page will become a jumbled mess, and your conversions will suffer.

However, if you use the appropriate payment gateway, your customers will glide through your checkout procedure, and sales will fly in. Here are our top recommendations for four of the most popular eCommerce platforms: WooCommerce, Ecwid, Shopify, and Magento.


WooCommerce is the most widely used eCommerce platform, powering over one-fifth of all eCommerce websites.

Merchants have a lot of options when it comes to payment gateways. Here are our top three recommendations.


Stripe is the darling of the IT industry, beloved by developers all around the world for its robust API and excellent documentation. Stripe, like Braintree, has a shared merchant account. On all transactions, it charges 1.4% + 20p.

Vendreo Pay

An Open Banking solution, Vendreo is the most cost-effective and secure payment processor available for WooCommerce.


Authorize.Net, being one of the largest payment gateway providers, will always be a strong rival for online retailers. The gateway costs £19 per month, and authorization costs 10p each transaction. You will also have to pay merchant account fees to your merchant account provider because this is a solo payment gateway.


Shopify has cemented its place as the pre-built eCommerce platform because to its extremely user-friendly UI. Shopify currently powers around 18% of all eCommerce websites.

Because Shopify wants to keep its users within its own environment, payment gateway options are quite limited. Here are our top three recommendations, as well as Shopify’s own payment system.

Shopify Payments

Shopify Payments is the company’s own payment gateway. For the Basic, Shopify, and Advanced levels, online credit card transactions are charged at 2.2% + 20p, 1.9% + 20p, and 1.6% + 20p, respectively. If you use a different payment gateway, Shopify will charge you an extra fee of 2% (Basic), 1% (Shopify), and 0.5%. (Advanced).

Amazon Pay

Amazon Pay is a relatively new payment gateway, but it is quickly gaining popularity. As you might expect, it is great for businesses that also sell on Amazon. Pricing for low volume merchants (less than £1,500 per month) ranges from 3.4% + 20p to 1.5% + 20p for big volume merchants (more than £55,000 per month).


Authorize.Net, being one of the largest payment gateway providers, will always be a strong contender for online merchants. The gateway costs £19 per month, and authorization costs 10p each transaction. You will also have to pay merchant account fees to your merchant account provider because this is a solo payment gateway.


Magento is the preferred platform for large, complex eCommerce websites. It’s highly strong and adaptable, and this is reflected in its massive payment gateway selection. Here are our top three Magento eCommerce website recommendations.


Braintree is a PayPal service that functions as a little more technical version of PayPal’s Pro service. It’s straightforward to establish up and charges a fixed rate of 1.9% Plus 20p on all transactions. Because Braintree is an integrated service, you do not need to set up a separate merchant account.


Stripe is the tech industry darling, beloved by developers all around the world for its strong API and excellent documentation. Stripe, like Braintree, has a shared merchant account. On all transactions, it charges 1.4% + 20p.

Amazon Pay

Amazon Pay is a relatively new payment gateway, but it is quickly gaining popularity. As you might expect, it is great for businesses that also sell on Amazon. Pricing for low volume merchants (less than £1,500 per month) ranges from 3.4% + 20p to 1.5% + 20p for big volume merchants (more than £55,000 per month).

Table of Contents

More from Vendreo