What Is a Payment Gateway? How They Work, Types and Use Cases (2026)

A payment gateway is software that securely authorises electronic payments between a customer and a business. Every time a payment is made online or in-person, the gateway encrypts that payment data and sends it to the processor or acquiring bank, who then routes it through the card network before the issuing bank approves or rejects the transaction. The gateway sits at the centre of how revenue is collected. Choosing the right payment gateway affects transaction costs, customer experience, compliance obligations, and how payments scale as your business grows.

This guide covers what a payment gateway is and how it works. It explains the main types, which industries rely on them, and what to look for when choosing a payment gateway.

‍

The payment ecosystem: key players explained

Several parties interact every time a payment is made. Understanding who does what in the ecosystem makes it easier to evaluate gateway providers and spot where costs and delays occur.

The issuing bank is the financial institution that provided the customer's card. It holds the customer's funds and makes the final decision to approve or decline a transaction. 

The acquiring bank holds the businesses' merchant account. It receives settled funds on the merchant's behalf and deposits them, minus fees, into the businesses' account. Without an acquiring bank relationship, a business cannot accept card payments.

The card network provides the infrastructure that connects issuing and acquiring banks. Visa, Mastercard, and American Express set the rules, route transactions between banks, and charge fees for each transaction processed.

The payment processor manages the technical communication between the card network and the two banks. It formats and forwards authorisation requests, processes clearing data, and facilitates settlement between the issuing and acquiring banks.

The payment gateway is the entry point for all of this. It captures payment data from the customer at checkout, encrypts it, and passes it to the payment processor to begin the authorisation chain. Without the gateway, none of the downstream steps can occur.

A payment service provider (PSP) bundles the gateway, processor, and acquiring bank into a single service. This removes the need to manage separate relationships with a gateway provider, processor, and acquirers. Providers including Ryft, Stripe, and Adyen operate as PSPs, combining important merchant services into one payment stack.. For marketplace operators managing payments between buyers, sellers, and the platform itself, the PSP model significantly reduces operational complexity.

‍

How a payment gateway works

The gateway is the entry point for every card transaction. It captures the customer's payment data, encrypts it, and passes it into the flow of funds described above. Here is how that payment flow works:

‍

1. Customer initiates payment. The customer enters card or wallet details at checkout. This happens online, in-app, or via a point-of-sale terminal.
2. Encryption. The gateway encrypts payment data using SSL/TLS protocols. This protects sensitive card information during transmission.
3. Authorisation request. The encrypted data passes to the payment processor. The processor formats the transaction and forwards an authorisation request to the card network, which routes it to the customer's issuing bank.
4. Issuing bank verification. The issuing bank checks available funds, flags fraud signals, and applies 3D Secure authentication where required under PSD2. It returns an approval or decline to the card network.
5. Response relayed. The card network passes the decision back to the payment processor. The processor forwards it to the gateway, which relays it to the merchant's checkout.
6. Settlement. Approved transactions are batched and submitted to the payment processor at the end of the day. The processor routes these through the card network to the issuing bank, which transfers funds to the acquiring bank. The acquiring bank deposits the funds minus interchange fees and processing charges into the merchant's account.

‍

‍

Types of payment gateway

Payment gateways are not all structured the same way. The right type depends on your technical setup, compliance requirements, and how much control you want over the customer experience.

Hosted payment gateway

The customer is redirected to a payment page hosted by the gateway provider. The merchant's site never handles card data directly. This is the simplest option to implement and reduces PCI DSS scope for the merchant. PayPal's standard checkout and Stripe's hosted checkout operate this way. An important consideration when looking at hosted payment gateways is the checkout conversion rate.

Self-hosted gateway

The payment form is embedded directly within the merchant's website or app. Card data is collected in the merchant's environment and passed to the gateway via API. This gives full control over the checkout experience but requires stricter PCI compliance obligations.

API gateway

A headless integration where the merchant builds a fully custom checkout. All communication with the gateway happens through an API. Preferred by developers and larger platforms requiring complex payment flows or multiparty transaction logic.

White-label gateway

A payment gateway deployed under the merchant's own brand, with no visible reference to the underlying provider. Used by businesses wanting a native payment experience for their users.

Omnichannel gateway

A unified gateway that processes both online and in-person payments through a single integration and reporting layer. Relevant for businesses operating across physical retail, ecommerce, and mobile channels simultaneously.

‍

Payment gateway use cases by industry

Different industries place different demands on payment gateways. The table below shows how requirements vary across key sectors.

Marketplace and platform operators have requirements that go beyond the standard gateway feature set. They need infrastructure that handles payments between buyers, sellers, and the platform. This includes automated commission deduction, rapid seller onboarding, and regulatory compliance built in.

‍

Key features to look for in a payment gateway

Not every payment gateway is the same. These are the things that matter most when evaluating providers:

Pricing model

Most gateways charge either flat-rate fees or interchange-plus pricing. Flat rate is a fixed percentage per transaction regardless of card type. Interchange-plus passes the actual interchange rate to the merchant with a small markup on top. For businesses processing significant volume, interchange-plus or volume-based pricing delivers materially lower costs.

PCI DSS compliance

If you're a business processing over 6 million card transactions per year you must hold PCI DSS Level 1 certification. This is the highest available standard. Confirm PCI DSS standards with gateway providers before integration. Hosted and API gateways vary significantly in how much PCI compliance responsibility they transfer to the merchant.

PSD2

This regulation governs how payment service providers operate, handle data, and protect consumers across UK and European markets. FCA-licensed payment providers are subject to ongoing regulatory oversight, which provides an additional layer of assurance for merchants and customers alike.

Strong Customer Authentication

UK and European businesses must implement Strong Customer Authentication (SCA) under PSD2. Your gateway must support 3D Secure 2.0 (3DS2). This applies stepped-up verification for higher-risk transactions whilst keeping low-risk checkouts straightforward. Confirm your gateway handles SCA exemption logic automatically, as manual management at scale is not operationally viable.

Supported payment methods

Understanding your target markets and confirming your gateway supports the relevant local methods is essential before integration. In the UK, Visa and Mastercard together account for 98% of total card payment value, according to GlobalData's Payment Cards Analytics (2025). Apple Pay is the most popular digital wallet in the UK, used by 63% of UK mobile payment users for in-store transactions and 39% for online purchases as of December 2024. Google Pay is second, chosen by 37% of UK mobile payment users in-store.

Europe has a rich ecosystem of local payment methods alongside the international card networks. In the Netherlands, iDEAL accounted for 70% of online purchases in the first half of 2025, according to the Dutch Payments Association. In Belgium, Bancontact is a market leader in payment services, with over 17 million cards in circulation and 94% of the Belgian population using it as their primary payment method. 

These are just two examples. Germany has high adoption of direct debit (SEPA Lastschrift) and bank transfer. The Nordics lean heavily on local schemes and open banking. Depending on the markets you want to operate in, the landscape for preferred payment methods can change dramatically.

Settlement speed

Standard settlement is typically one to two business days. Some providers offer next-day or same-day settlement. For marketplaces, seller payout speed matters as much as merchant settlement. Delays in seller payments affect platform retention and trust.

Integration options

Evaluate whether the gateway offers integration options that meet your checkout expectations and UX goals. Generally, payment gateways will offer:

• Hosted Checkout: customer is redirected to a checkout page managed by the gateway
• Embedded Checkout via WebSDK: payment components embedded in the client’s page
• Direct API integration – fully custom checkout and payment handling
• Mobile SDKs – native integrations for in-app payments
  

Support quality

Integration support and ongoing account management vary significantly between providers. Enterprise gateways typically route queries through ticketing systems with no dedicated point of contact. For businesses with complex payment flows, direct access to a named account manager and open communication channels matters from initial integration through to scaling.

‍

For a breakdown of the leading alternatives to Stripe, see our guide to Stripe alternatives.

‍

Why businesses choose Ryft

Ryft is a leading Payment Services Provider (PSP) that specialises in payment solutions, ensuring full compliance and offering 24/7 support from humans. Using Ryft, businesses can accept payments anywhere, automate split payments, onboard sellers, set up delayed payments and recurring billing, earn commission from payment escrow, and much more.    

‍

‍