Total Processing > Blog > Payments > Payment gateways explained: Everything you need to know

Payment gateways explained: Everything you need to know

Payment gateways explained: Everything you need to know


Abdullah Abdelkafi


01 May 2019

Read time

4 Minutes



If you are looking to start taking payments online, getting a payment gateway set up is an essential part of this process. Payment gateways will streamline your checkout process and improve security by authenticating customer payment details. We’ve put together this guide to tell you everything you need to know about payment gateways in 2019.

What is a payment gateway?

A payment gateway forms part of your overall payment processing system. When a customer enters their card details on to your secure payment page, the payment gateway is the first element that the payment information is submitted to.

It communicates with the issuing bank to authenticate the payment details, helping to protect your business from fraudulent payments, and expensive chargebacks. Payments will be automatically accepted or declined by the gateway. This will be based on factors such as whether or not funds are available, or if the customer has entered the card details correctly.

Furthermore, a payment gateway automatically encrypts your customer’s card details, making sure you’re meeting the required standards in customer data protection. This ensures your checkout process is safe and secure for both parties – and that’s why a payment gateway is necessary for any ecommerce site.

How does a payment gateway differ from a merchant account?

Although easily confused, payment gateways and merchant accounts are actually two distinct parts of your payment process, and you’ll need both to take payments online. Once a payment gateway has accepted a payment, the funds will be transferred to your merchant account. Once an agreed period has passed, the money will be deposited into your nominated business bank account.

Many providers (including us) offer a full set up for a payment processing system, including a payment gateway, merchant account, and secure payment page. This benefits merchants as the processing will all be fully integrated, and it can shorten the amount of time before funds are settled into your business bank account.

How does a payment gateway work?

A payment gateway essentially acts as a middleman between merchants and customers. It encrypts sensitive customer data, which is then stored on a highly secure server. It also communicates with the customer’s issuing bank to confirm details are correct.

This takes place in a number of steps:

1. Payment Page

After choosing what to buy, your customer enters their card details into your payment page. The details are then sent to your payment gateway.

2. Payment Gateway Authentication

The payment gateway receives the details, including transaction amount, currency, cardholder name, address, order number and other transactional information. It identifies the bank the card was issued from and queries the bank for confirmation.

Payment gateways make this process much easier, as they are always up to date with information about cards and banks, and have a direct connection to them. It will check all details very quickly, and will also confirm other details before opening a communication with the bank. This includes confirming the card details are formatted correctly, checking the card hasn’t expired, and whether or not the merchant is choosing to accept payments from a particular provider, customer, or country.

3. Payment Accepted Or Declined

The bank sends a response to the gateway’s query. This response is then interpreted by the gateway and the transaction is accepted or declined. The customer will be informed on the payment page, and the merchant will also be informed whether a transaction was successful, allowing them to dispatch products and services.

4. Transaction Complete

If accepted, the funds will be transferred to your merchant account where they will sit for the agreed settlement period, before being sent to your nominated business bank account.

For a quick overview of this process, take a look at our card process diagram facilitated by the payment gateway below:

Card process chart

Essential features to consider when choosing a payment gateway


The price of the service you choose will always be an important consideration, whether your business is small or large. It’s important to remember that fees will vary depending on your business model – businesses in high risk industries will usually have to pay more due to the increased risk of chargebacks and fraudulent activity. Other factors will also play a part – for example, the size of your business, the price of the items you sell, and the delivery times for your products.

All businesses can expect to pay a setup charge, transactional fees and a monthly fee for payment gateway services. Beware of chargebacks, as these can also incur an additional fee. However, the best payment gateways will guard against risky transactions that could result in chargebacks, which is why you should choose a quality solution which is equipped with high level fraud prevention technology.


Security is absolutely essential when taking payments online, for the safety of both parties. Payment gateways must comply with the Payment Card Industry Data Security Standard (PCI DSS), which stipulates that all card data must be stored and processed in a secure environment. There are several levels of PCI compliance, depending on the number of payments you process in a year. For high risk merchants such as those looking for a CBD payment gateway, increased safety authentication is invaluable.

This is to ensure that customer data and card information is secure and that your business is not susceptible to a data breach. If you don’t ensure you are PCI compliant, not only could you face huge fines, but your business reputation could also be at stake. Customers are unlikely to buy from a brand where customer details have been stolen.

This means you should choose a payment gateway with a high level of encryption to keep customer data safe. Pairing a payment gateway with an integrated hosted payment page is the best way to ensure you are PCI compliant. You won’t actually be storing or transmitting card data on your own pages, which means you have to worry less about maximising security on your own site. This makes it quicker and more cost-effective for small businesses, and many providers offer customisable hosted payment pages to match your site’s branding.

With a non-hosted payment gateway, you’ll need to take steps to enhance security on your site, such as securing an SSL certificate and making sure you meet PCI DSS standards to the letter. A non-hosted gateway will mean customers enter card details directly on your site, and you’ll be fully responsible for security.

Type of gateway

As mentioned above, there are technically different types of payment gateway, but the main ones to consider are hosted or non-hosted. This essentially will determine whether the payment will be taken via your checkout page on your website or via a third-party which the consumer will be redirected too.

Which one you choose will mainly depend on cost and integration capabilities.

Fraud prevention

Any business involved in distance selling comes with potential risks, such as credit card fraud. Card-not-present fraud, fraudulent chargebacks, cyberattacks, and other scams represent a huge cost to businesses globally. In 2017, chargebacks cost businesses and banks $31 billion (approximately £24 billion).

Ecommerce sites are particularly susceptible to fraud, simply because the customer doesn’t have to be physically present to make a purchase. There’s been a rise in ‘digital shoplifting’, where customers order an item, have it delivered, and then use a chargeback to recover the money they’ve spent – often by claiming the item never arrived.

Fraudulent claims for goods lost in transit cost UK retailers £405 million in 2012, and this amount has only increased over the years.

With this in mind, it’s essential that you safeguard your business against fraudulent transactions. A payment gateway needs to come equipped with a fraud protection suite to give you extra security against this growing problem.

Here are some features you should look for in a gateway that will help to prevent fraud from impacting your bottom line:

* Email hotlisting – You can deny payments from emails you know are fraudulent.
* IP Hotlist: Ban IPs that are known to cause problems – whether from personal experience, or industry contacts.
* BIN Country Hotlist – BIN numbers are built into the first six digits of payment cards. Your gateway can use this to block payments from certain countries, and detect where payments are coming from.
* Device ID Hotlist – You can ban devices that have caused issues in the past, using the unique device ID.
* Address hotlist – Block cardholders at specific addresses.
* Card Security Code Checking – The payment gateway should be equipped to verify the CVV number (the three digits found on the back of debit and credit cards).
* Address verification – This allows a payment gateway to check that the customer’s address matches that stored by the bank. This is helpful as fraudsters may have products sent to their address whilst using a victim’s card.

International payments

If you want to expand your business internationally, you’ll need to be able to accept various currencies. If this is a goal, make sure you’re choosing a gateway that’s able to do this. Ideally, you’ll also want one that offers multi-language support.

Bear in mind that fees may be higher for international payments.

Payment types

To offer your customers the best possible experience, you’ll want to offer as many payment options as you can. Customers are far less likely to abandon their carts if they can use their chosen payment method.

Most payment gateways will accept VISA, Mastercard, and AmericanExpress. However, with an increasing range of online payment methods available – and customers using them more and more – you don’t want to neglect these either. Make sure to find a payment gateway that offers the best flexibility in payment methods, including options like Paypal, Apple Pay, and Google Pay.


As a business owner, you want real time updates on transactions so you know exactly where your finances are up to. Enhanced reporting in a payment gateway is therefore a fantastic feature, allowing you to monitor revenue, check profit margins, and even forecast sales. This will not only help you to plan your business’s growth and ensure you’re meeting targets, but will also make accounting far more streamlined and easy to track.

Ideally, you’ll want a payment gateway that lets you view your reports on the go, with a mobile-ready interface, and the ability to download reports in different formats to suit your requirements.

Customer support

Issues with your payment gateway can jeopardise revenue, so you want a reliable solution. With this in mind, think about customer support carefully. You’ll want to be sure that your provider will be responsive and solve any issues that arise as quickly as possible.

Similarly, make sure the team you’re working with are knowledgeable about payments. You want a payment gateway that is tailored to your needs, and that integrates seamlessly with your website and the rest of your payment processing.

Our team at Total Processing are experts in the industry, and can work closely with your development team to integrate a secure payment gateway and help you to start taking payments as soon as possible. We can build a custom payment solution from start to finish, including other elements such as merchant accounts and hosted payment pages. Get in touch with us today to learn more, and get a quote.

Ready To Start
Accepting payments?