Payment Gateway
What Is a Payment Gateway? Definition and How It Works
Definition
A payment gateway is the technology layer that encrypts and transmits card data between a merchant's checkout and the acquiring bank, facilitating the authorisation request and response cycle.
How it works
A payment gateway receives payment data from the merchant's checkout, via API call, hosted payment page, or SDK, encrypts it, and routes it to the appropriate processor or acquirer for authorisation. It is the entry point of the transaction, responsible for data security and message formatting before the request reaches the acquiring system.
There are two main integration models. A hosted payment page is served directly by the gateway provider; the cardholder enters card data on the gateway's domain, which removes the merchant from PCI scope for card data entry and enables SAQ A self-assessment. A direct API integration gives the merchant full control over checkout UX but requires handling raw card data, significantly expanding PCI obligations.
On receiving a transaction, the gateway validates the request format, applies any pre-authorisation checks configured by the merchant (fraud rules, velocity checks, 3DS triggers), then routes the authorisation request to the acquirer. It receives the authorisation response and returns it to the merchant's system, typically within 1-3 seconds.
The gateway also handles post-authorisation events: captures, voids, and refunds. Many modern gateways additionally support multi-acquirer routing, network tokenisation, and stored credential management, capabilities that increasingly overlap with payment orchestration.
Why it matters
PCI scope is determined by integration model: merchants using a hosted payment page can qualify for SAQ A, the simplest self-assessment. Merchants using API-direct integrations handle raw card data and face significantly broader PCI requirements and audit scope.
Gateway uptime is checkout uptime: a gateway outage stops transactions. Enterprise merchants should verify their gateway provider's SLA, failover architecture, and published uptime record before committing.
Gateway lock-in carries real commercial risk: switching gateways requires re-certification, re-testing, and potential loss of stored payment credentials unless the gateway supports token portability to a portable vault.
Feature gaps compound at scale: not all gateways support multi-currency pricing, network tokenisation, or advanced retry logic. Gaps that are acceptable at low volume become blockers as merchants expand into new markets.
With PXP
PXP provides both a hosted payment page and a direct API integration. Both options support network tokenisation, multi-currency acceptance, and 3DS 2.x. The hosted page qualifies merchants for SAQ A PCI scope. PXP's gateway layer connects into its smart routing engine without requiring a separate orchestration integration.
Frequently asked questions
What's the difference between a payment gateway and a payment processor?
A payment gateway handles the technical transmission and encryption of payment data between the merchant and the acquiring system. A payment processor handles the movement of funds and manages connectivity to card networks. Many providers combine both functions, but the distinction matters when diagnosing where authorisation failures originate.
How do merchants choose between a hosted payment page and a direct API integration?
The core trade-off is PCI scope against checkout control. A hosted payment page keeps card data off the merchant's servers, enabling SAQ A compliance. A direct API integration gives full control over checkout UX but requires handling raw card data, which significantly expands PCI obligations and increases audit complexity.
How does gateway choice affect authorisation rates?
Gateway routing logic, BIN table accuracy, and network connectivity quality all affect authorisation outcomes. A gateway with outdated BIN data misroutes transactions; poor acquirer connectivity causes timeouts that register as declines. Merchants should request authorisation rate data by gateway and benchmark against their vertical.
Can merchants use multiple payment gateways simultaneously?
Yes, typically through a payment orchestration layer that sits above individual gateway connections. This approach provides redundancy and allows routing based on approval rate or cost, without requiring merchants to manage separate gateway certifications and integrations directly.
Revolutionize your business with PXP
Take complete control of your commerce and payments with one platform.
Get Started