Payment Gateways Explained

TC Updated
Payment gateways explained

In my last blog, I explained what an Internet Merchant Account (IMA) is and why you need one if you are going to accept credit cards as a payment option.

This article is going to walk you through what a payment gateway is, why you need it and how it works with your IMA

A traditional chip and pin reader is a payment gateway. It is the conduit between the customer's credit card and receiving funds from it into your bank account. In between, there is a whole lot of processing going on, and it is the same for processing payments online.

Instead of a chip and pin reader, online, our payment gateway is purely software which takes the card details, matches them to the user and then authorises the payment at the customer's bank. Once payment is approved, the fund's transfer to your IMA and from there are deposited into your bank account.

Why You Need A Payment Gateway

The primary objective of a payment gateway is to facilitate the transaction securely. Without security or more specifically encryption of the transaction details, then credit card details are visible to those who can read packets of data (the transmission protocol can be intercepted en route).

You must conform to the PCI DSS standard to run a payment gateway.

To provide a payment gateway service, you must be approved to communicate with both the payment processor (the credit card originator) and the IMA. The payment gateway must also communicate details of the transaction to the website owner (traditionally a printed receipt) which is why you will need a Server Security Certificate (SSL) to keep the data encrypted if you process transactions on your server.

Hosted Or Integrated Payment Gateway?

If you want to take payments for one-off items, for example, if you wanted to sell bookings for a course you were going to run, then you would use a hosted payment solution.

In this scenario, you can host the website yourself on a shared server or VPS, and your payment gateway hosts the original booking form. This method means that you don't have to have a Server Security Certificate (SSL) and all of the booking form details are held on your provider's server.

Most payment gateways offer a solution for this where you can configure the form around the payment details so that it looks like part of your site. You can upload a logo and amend CSS details so that colours match. You can usually set this up yourself if you have some simple script knowledge or the gateway will charge a set-up fee.

The advantage is that it is quick to set up and inexpensive to implement. The disadvantage is that it is not flexible and so if you want to change the form details you'll either need to set up another payment form or modify the original.

An integrated payment gateway is a series of scripts that are called on your server that does all of the processing for you. Examples are Sage Pay or Cardstream, and they usually provide an easy to integrate “plugin” for the eCommerce shopping cart you are using.

It is always best to check that your shopping cart software supports your payment gateway before you start developing, but that does not ever happen!

You usually have the option of hosting your integrated payment gateway on your hosting provider's secure server. This saves on cost but decreases the amount of flexibility you have in customising your solution.

If you are going to go to the trouble of building an eCommerce site and integrate a payment gateway, then it makes sense to keep it all on your server and provide a seamless shopping experience for your customer.

The more popular the shopping cart solution you choose then, the higher chance you have of finding a payment gateway plug-in that supports your preferred payment provider. Fledgeling eCommerce website builders usually only support several mainstream payment gateway providers until they get established and can afford the expense of developing for less popular payment gateways.

Costs And Transaction Fees

The fees for payment gateways can vary wildly, and they can make a big difference to the success of your operation. Do you choose a gateway with no set-up fee but slightly higher rates or pay a set-up fee that will be more than recouped by lower transaction fees?

Are there monthly fees to take into consideration and is any technical help free or paid for?

SagePay, for example, charges £19.90 per month for its entry-level “Flex” solution. This gives you an “allowance” of 350 transactions per month and 24/7 phone support.

Cardstream charge £18 per month and also includes 350 transactions free per month and I'd suggest those are two excellent options to consider.

Both of the above payment gateways support Shopify and Bigcommerce integration with an easy to use a plug-in charges £50 per month but includes 500 transactions per month. There is a minimum 24-month contract. So you can see the options vary quite a bit. In a future blog, we'll produce an “at a glance” comparison chart to make the decision an easier one for you to make.


The choice of payment gateway depends very much on the type of transactions you want to process.

If you have payments which are sporadic and based on a fixed form (for example a property rental booking) then having your payment provider host the form and manage it for you would be the way to go. You can upload a logo and edit the CSS to make the form look like part of your site.

For eCommerce sites where there are many different forms to submit (dynamic shopping) then using a plug-in provided by your software is the most natural solution and having the gateway hosted on your behalf saves on cost and ensures security.

For optimal flexibility, you would host the payment gateway on your secure server so that you provide a seamless shopping experience. This results in a higher technical overhead to support and involves more expense (SSL certificate, Hosting fees) so you have to consider the volume of transactions you will be completing as well.