Payment Gateway DefinitionWhat Is a Payment Gateway?

A payment gateway is software that securely transmits payment data from your point of sale, website, or virtual terminal to the processor and card networks — authorizing transactions in real time and returning an approval or decline to the merchant. The payment gateway definition covers any technology layer that sits between the merchant and the processor, regardless of whether the transaction happens in person, online, or by phone.

A payment gateway is the secure connection between your business and the payment processor. When a customer pays by card — online, by phone, or at a terminal — the gateway encrypts their card data and routes it for authorization. Without a gateway, card payments cannot happen.

Understanding how does a payment gateway work comes down to one concept: the gateway is the messenger. It takes the card data from your checkout or terminal, encrypts it so it cannot be intercepted, and passes it to the processor. The processor then communicates with the card network and the customer’s issuing bank to confirm the funds exist and the card is valid. The answer — approved or declined — comes back through the same chain in a matter of seconds.

The Federal Reserve’s payment systems framework establishes the standards that gateway infrastructure operates under. For a deeper look at how the gateway fits into the full payment flow, see our complete payment gateway guide.

An online payment gateway handles card-not-present transactions — purchases made through a website, app, or payment link where the card is not physically swiped or tapped. This is the most common use case for e-commerce businesses, subscription services, and any merchant who invoices clients and collects payment remotely.

An online payment gateway must meet stricter security requirements than in-person terminals because the card is not physically present to verify. PCI DSS compliance, tokenization, and 3D Secure authentication are standard features of any reputable online gateway. Merchants using one are classified as card-not-present, which carries slightly higher interchange rates than card-present transactions — typically 0.3–0.5% higher depending on card type.

Well-known providers include Authorize.net, NMI, Stripe, and PayPal. An Authorize.net gateway is widely used for custom e-commerce integrations and supports a broad range of processors. The right gateway depends on your platform, your processor relationship, and your transaction volume.

Here is the flow of a typical transaction:

The gateway also handles declined transactions, soft declines, and partial authorizations. Most log every transaction with a unique ID, making reconciliation and dispute documentation straightforward.

Hosted gateway — the customer is redirected to a payment page hosted by the gateway provider. Your business never handles card data directly, which simplifies PCI compliance. Common for smaller e-commerce operations that want a fast, low-maintenance setup.

Integrated gateway — card data is collected directly on your site or application and passed to the gateway via API. More control over the customer experience, but requires more technical setup and higher PCI compliance obligations. See payment API integration for what this involves.

Expand your understanding with these related payment processing concepts:

Your Payment Gateway and Your Processor Are Two Separate Costs. Most Merchants Don’t Know What Either Charges.

Send us your last processing statement. We will identify your gateway provider, separate gateway fees from processing fees, check for redundant or overlapping charges, and show you what a fair effective rate looks like at your volume.

No obligation • For glossary readers comparing pricing models and processor options • Response within one business day