Hosted Payment PageHPP Definition & Guide
Hosted Payment Page — Definition & Guide
A hosted payment page (HPP) — sometimes called a hosted payment form — is a checkout page owned and operated by your payment processor or gateway, not by you. When a customer clicks “pay,” they are redirected to a secure page on the processor’s servers to enter their card details. Your site never touches the card data, which dramatically simplifies your PCI compliance obligations. HPP merchant services setups are widely used by nonprofits, e-commerce businesses, and service providers who want to accept card payments online without building or maintaining secure payment infrastructure. According to the Federal Reserve’s payment system oversight data, card-not-present transactions represent a growing share of overall card volume, making secure hosted infrastructure increasingly important.
The hosted payment page PCI benefit is the primary reason merchants choose this approach. When card data never touches your servers, your systems fall outside PCI scope entirely — typically qualifying you for SAQ A, the simplest self-assessment questionnaire. The processor handles encryption, tokenization, and compliance. You handle everything else.
The tradeoff is some loss of control over the checkout experience. Customers briefly leave your site to enter card details on the processor’s page, then return for the confirmation. Most providers allow logo and color customization to keep the experience seamless.
The checkout process works like this:
- Customer browses your website and proceeds to checkout
- Customer is redirected to a secure page hosted on the processor’s servers
- Card details are entered directly on the processor’s page — your servers never see the data
- The processor authorizes the transaction and returns a confirmation to your site
- Customer sees a confirmation page on your site; you receive the order notification
A payment gateway is the routing and security infrastructure that connects your website to the payment network. A hosted payment page is a specific user-facing checkout interface that sits on top of that infrastructure. Some gateways offer an HPP as a built-in feature. Others provide APIs that let you build your own embedded checkout — which keeps customers on your site but brings card data into your environment and increases PCI scope. The CFPB’s guidance on online payment security recognizes this approach as a primary mechanism for reducing merchant exposure to cardholder data.
Since card data never touches your servers, your PCI scope shrinks significantly. You typically qualify for SAQ A — the simplest self-assessment questionnaire — rather than the more demanding forms required for merchants who handle card data directly.
Yes. Most providers allow logo, color, and layout customization. The experience can look seamless to the customer even though they are on the processor’s servers. Confirm the available options before committing to a gateway.
Not exactly. A payment gateway handles routing and security infrastructure. A hosted payment page is a specific user-facing interface built on top of a gateway. Some gateways include it as a built-in feature — others require you to build your own embedded checkout, which increases your PCI scope considerably.
Online Payment Acceptance Has Cost Layers Most Merchants Don’t Itemize.
Send us your last processing statement. We will identify your gateway, hosted page provider, and processor, separate the recurring fees from per-transaction fees, and show you what a fair effective rate looks like at your volume.
Request a Free Statement ReviewNo obligation • For glossary readers comparing pricing models and processor options • Response within one business day