What is a Payment Gateway? How It Works, Example & How to Choose the Right One

Online checkout is one of the most fragile points in an ecommerce journey. Studies show that over 70% of shoppers abandon their carts, often due to slow checkout, limited payment options, or security concerns.

Much of that friction happens in the payment layer, where gateways influence how payments are processed and how smooth the checkout experience feels to customers.

In this guide, you’ll learn what a payment gateway is, how it works, and what to consider when choosing one for your business.

A payment gateway is a technology that securely processes and transfers customer payment information, such as credit card details, to validate and authorise online transactions. It enables businesses to accept electronic payments while protecting sensitive financial data during transmission.

The gateway sits between the customer, the business, and the banking network, coordinating how payment information moves during checkout. It serves a role similar to a point-of-sale terminal in a physical store, but in an online environment.

If your business accepts real-time online payments, gateway technology is always part of the process.

A payment gateway performs several essential functions that make online payments possible:

• Encrypts payment details so they’re secure - The gateway encrypts sensitive customer information, such as card details, protecting it while it travels between systems.
• Transmits the information to the payment processor for authorisation - It securely transmits transaction details to the payment processor (who then forwards it to the payer's bank) so payments can be verified and approved.
• Communicates checkout status - The gateway manages the exchange of information between systems, informing the website whether a payment is approved or declined and ensuring customers receive clear confirmation.
• Supports fraud prevention - Many gateways include built-in safeguards that help identify suspicious transactions before processing. These may include checks like card verification value (CVV) validation, address verification systems (AVS), and increasingly, AI-driven risk monitoring that flags unusual behaviour.

Some payment gateways also offer additional features such as tokenisation to reduce exposure of card data, transaction analytics to monitor payment activity, and support for recurring billing models. While not required for basic payment processing, these capabilities can enhance operational efficiency and customer experience.

When a customer completes an online purchase, several systems work together in the background to complete the transaction.

1. Payment details are captured: The customer enters card information at checkout, and the gateway encrypts the data to protect it during transmission.
2. Transaction data is sent for processing: The encrypted information is forwarded to the payment processor, which routes it through the acquiring bank to continue the authorisation process.
3. The issuing bank verifies the payment: The customer’s bank checks the card details, available funds, and transaction legitimacy.
4. Approval or decline status is returned: The issuing bank sends its decision back through the processor to the gateway.
5. The result is communicated to the checkout: The gateway updates the website with the outcome so the purchase can be completed or the customer can try another payment method.

If the transaction is approved, the payment processor initiates settlement. Funds are transferred from the customer’s bank to the merchant’s acquiring bank and later deposited into the business account.

If you’ve followed the payment flow above, you may have noticed that both a payment gateway and a payment processor are involved. They work together during checkout, but they handle different parts of the transaction.

A payment gateway securely transmits customer payment information, while a payment processor communicates with banks to authorise and settle the transfer of funds.

Here’s a quick comparison:

Many modern providers combine gateway and processing functions into a single platform, which is why businesses may not always notice them as separate components.

Not all payment gateways integrate into your checkout in the same way. The type of gateway you choose affects how customers experience payment, how much control you have over the checkout flow, and how security responsibilities are shared.

A hosted or redirect gateway sends customers to a secure payment page managed by the gateway provider to complete their purchase. After payment, the customer is returned to your website.

A well-known example of this is the PayPal payment gateway, which sends customers to its own platform to process their banking details and complete the transaction before directing them back to the merchant's site.

An on-site gateway keeps customers on your website throughout checkout, where payment details are entered directly and securely transmitted for processing. Typically, your website must encrypt the buyer's credentials and adhere to PCI DSS standards before sending the data to the gateway.

Another widely used payment gateway solution is API-hosted. An API (Application Programming Interface) is a set of protocols that enables two software applications to communicate.

With this solution, customers can make a purchase on the merchant's website, while the payment is processed in the background via an API from a third-party service. The information is then collected securely through a trusted third party without the merchant handling it directly.

There are many payment gateway providers available, each offering different features, pricing models, and integration options. Here are a few widely recognised examples:

• Stripe: A globally recognised payment gateway offering simple APIs for businesses of all sizes to accept payments. It serves retailers, subscription services, software companies, and marketplaces, supporting over 135 currencies. Stripe is on our list of one of the best payment gateways in Hong Kong, the top payment gateways in Singapore, and several other countries.
• PayPal: One of the most widely used payment gateways, known for accepting credit card payments and offering cart integration. It’s a familiar name for both businesses and individuals.
• Opayo by Elavon (formerly Sage Pay): A well-known payment gateway in the UK and over 30 other countries. It has extensive experience serving industries like hospitality, restaurants, and retail. Opayo supports over 100 currencies.
• Authorize.Net: A long-established gateway owned by Visa that supports card and electronic check payments, with built-in fraud filtering and recurring billing tools for subscription-based businesses.
• Square: A payment gateway and commerce platform that supports online and in-person transactions, offering integrated tools for inventory, sales tracking, and customer management.
• Adyen: A global payment platform designed for businesses operating across multiple regions, supporting a wide range of local payment methods and unified reporting for online and offline sales.

Not all online payment systems work the same way. They may all follow a similar payment processing infrastructure, but they have specific limitations, making some gateways better for your business than others.

Before choosing one to work with, consider what services they offer and whether they are what your customers need to use.

Consider how easily the gateway connects with your website, ecommerce platform, or POS system. Some solutions offer plug-and-play integrations, while others require developer resources.

Faster setup means fewer technical barriers and lower implementation costs.

You should also check that your website or ecommerce platform supports the gateway you’re considering. For instance, Shopify supports integration with over 100 different payment gateway providers, making setup easier for online businesses.

Payment gateways charge fees that can vary significantly between providers.

Common fee types include:

• Transaction fees: charged per payment, either as a flat rate or a percentage of the sale
• Monthly fees: recurring platform or service charges
• Currency conversion fees: applied when accepting payments in multiple currencies
• Refund fees: charges associated with processing returned transactions

While lower fees may seem attractive, pricing should be evaluated alongside reliability, security features, and overall service quality. Look beyond headline rates to understand the full pricing model.

Not every gateway operates in every market or supports local payment methods. Ensure the gateway supports the payment methods your customers expect — credit cards, digital wallets, bank transfers, or local options — especially if you serve international markets.

More payment options can increase customer convenience and sales.

If you plan to serve customers internationally, confirm the gateway can handle cross-border transactions and multiple currencies. Supporting familiar payment options and local currency pricing can reduce checkout friction and improve customer confidence.

Downtime or slow processing can directly impact revenue. Evaluate provider uptime, customer support availability, and service reputation.

Many high-availability platforms aim for uptime of 99.96 % or more. 

In addition, your payment needs may evolve as your business grows, so it’s a good idea to choose a gateway that supports higher volumes, subscriptions, or international expansion. A scalable solution can prevent costly migrations later.

When you start comparing payment gateways, it quickly becomes clear they don’t all work the same way. Compatibility, security, and integration differences can influence how smoothly payments run and how easy setup will be.

If you’re choosing a gateway for your business, paying attention to these factors early can save you time and frustration later.

The first step is selecting a payment gateway type and provider that fits your business needs.

Gateways differ in the currencies, payment methods, integration options, security features, and fee structures, so evaluating how these align with your operations and customer preferences is essential.

To process payments through a gateway, you may need a merchant account. This is a special type of bank account where funds from credit or debit card transactions are temporarily held before being transferred to your business account. 

Some payment gateways provide an integrated merchant account, while others may require you to set up a separate one.

If you have your own website, make sure your checkout page uses SSL encryption to protect customer payment data in transit. If SSL is not already installed, you’ll need to obtain a certificate from a trusted provider.

Most ecommerce platforms, including Shopify, include SSL by default, but you should still confirm your checkout URL displays HTTPS before accepting payments.

Most payment gateways provide APIs, plugins, or extensions that allow you to connect their services to your website. While integration requirements vary, providers typically supply documentation or ready-made tools to streamline setup.

For example, WordPress users can install gateway plugins such as Stripe or PayPal without writing any code.

Ensure your gateway is PCI DSS compliant, which confirms that cardholder data is handled according to industry security standards. Even if card handling is outsourced to the gateway provider, your business may still have PCI compliance responsibilities.

You should also enable fraud-detection tools and features such as 3D Secure or address verification systems (AVS) to reduce chargebacks and fraudulent activity.

Before launching, test your payment gateway in the provider’s sandbox or test environment to simulate transactions without moving real funds.

During testing, check that:

• Transactions process successfully from start to finish
• Payment details are encrypted and transmitted securely
• Confirmation emails and receipts are generated correctly
• Customers are redirected properly after checkout
• Failed or declined payments display clear error messages

Most payment gateways offer real-time notifications about transaction statuses and provide reporting tools to help you track payments, refunds, and chargebacks. You can use these to consistently monitor transactions, especially in the early stages.

Choosing the right payment gateway is only part of running smooth online payments. Once transactions start flowing in, businesses also need a reliable way to receive, manage, and move funds across currencies without added friction.

If your business is registered in Hong Kong, Singapore, or the BVI, Statrys provides a multi-currency business account designed to work alongside popular payment gateways like PayPal and Stripe. 

Instead of replacing your gateway, Statrys acts as your operational hub and works with a gateway to help you receive payments. With Statrys multi-currency business account, you can

• Integrate with popular payment gateways such as Stripe and PayPal to receive funds smoothly
• Connect with ecommerce platforms like Shopify to support online sales workflows
• Send and receive international payments
• Hold and manage up to 11 currencies in one account to minimise conversion costs and convert funds when rates are favourable.

Learn more about how Statrys supports online businesses below.