Unlike a vendor at a physical market stall, who can exchange goods for physical cash, merchants...
Payment Gateway vs. Payment Processor: What's the Difference?
The terms “payment gateway” and “payment processor” are, at times, used interchangeably in payment vernacular. And while the two are interrelated, each serves a unique purpose and function for merchants to accept and manage payments.
Read on to learn more about the similarities and differences between a payment gateway and a payment processor.
What is a Payment Processor?
A payment processor acts as an intermediary to transmit data from a merchant’s point-of-sale system (virtual or in-person) to the card networks and banks involved in the transaction. Processors execute transactions by transmitting data between the merchant, the issuing (customer’s) bank, and the acquiring (merchant’s) bank for payment.
All businesses, whether online or brick-and-mortar, require some form of payment processor if they plan on accepting credit card or ACH payments.
In many cases, a payment processor may also supply a brick-and-mortar business with credit card machines and other equipment used to accept in-person credit card payments. For virtual businesses, such equipment is unnecessary as this process can be completed entirely online.
Popular payment processors include:
Front-end and Back-end Payment Processing
Payment processors can be divided into two distinct categories based on the stages of payment processing they support:
- Front-end payment processors connect with credit card networks and transaction settlement services to manage merchant accounts. They are responsible for collecting the customer's payment information, passing it to the payment gateway, and connecting with the gateway to encrypt the information.
- Back-end payment processors oversee the actual movement of funds among accounts. After the hand-off from a payment gateway to a payment processor, the back-end processing commences. Chargebacks and disputes come back to the merchant via the back-end processor and reporting to the merchant, including helping the merchant reconcile actual with expected receipts, is an important part of the back-end processor's function.
These two types of payment processors work hand-in-hand to provide a seamless payment processing experience for merchants and their customers. Typically front-end payment processors will contract with back-end processors to provide full services to clients.
Payment Gateway Overview
A payment gateway is a specialized payment processor that serves the unique needs of a specific merchant vertical group. Payment gateways are designed to provide a seamless and secure payment experience for customers, while also offering specialized features and services specific to the needs of different industries, such as hotels, restaurants, and airlines. These features may include fraud prevention tools, recurring billing options, and support for multiple payment methods.
The most common examples of payment gateways are particularly designed for online businesses to allow online merchants to connect to the proprietary formats and systems of acquiring processors and help mitigate the unique fraud risks associated with online payments. Gateways help to verify that a customer’s card is legitimate - essentially acting as the virtual version of a point-of-sale chip reader that can protect both your shoppers’ payment data and decrease your risks of fraud.
A gateway also serves a pivotal role in online subscription-based businesses that process card-not-present transactions, as is often the case with recurring subscription payments.
Popular payment gateways include:
- Stripe (technically both a gateway and processor)
How Payment Gateways Fit into the Payment Process
The function payment gateways serve in the overall payment process can seem somewhat nebulous at times. Considering a simple transaction with banks processing payments, here is where payment gateways play a role:
- A customer makes a purchase using a credit or debit card.
- The payment gateway encrypts the customer’s card data and sends it to the acquiring bank.
- The payment gateway identifies the credit card network for the card and sends transaction data to the issuing bank.
- The issuing bank determines whether the transaction is valid or fraudulent.
- The issuing bank checks the customer’s available credit, if applicable, to see whether the transaction can be verified.
- The issuing bank approves or declines the transaction.
- The payment gateway conveys the issuing bank’s decision to the acquiring bank, which informs the merchant that the purchase is paid.
This process takes just a few seconds from the initial swipe of the card to the notification that the payment has been accepted. And, while the gateway itself is not processing any portion of the transaction, it does send and receive important information that can make processing go smoother.
Types of Payment Gateways
There are three overarching types of payment gateways that differ depending on how the gateway is integrated into a website or online store:
- On-site payment gateways are typically used by large businesses that want to manage the checkout and processing of payments on their own servers entirely. This gives the merchant significant control over the payment experience but it comes with greater responsibilities and costs as well.
- Hosted payment gateways (or redirects) send customers to a third-party site for checkout and payment processing, as is commonly done with PayPal checkout. While these gateways are generally simple to implement, the merchant has very little control over the payment experience.
- On-site checkout, off-site payments is where customers can check out on a merchant’s website but payment processing takes place at the gateway’s back end. The merchant, therefore, has partial control over the payment experience.
A Comparison of Payment Gateways and Payment Processors
To put it in perspective, the main differences between a payment gateway and a payment processor are:
Relays transaction details to and from the customer’s card-issuing bank and the merchant’s acquiring bank during transactions
Necessary for all card-based transactions, whether the sale happens online, in-person, or through a mobile app.
Must be used in conjunction with a payment processor
Can be used as a standalone service in certain situations
The key difference is a payment processor facilitates the transaction and a payment gateway is a tool that communicates the approval or decline of transactions between the merchant and its customers.
It’s important to note, however, that many payment processors also offer payment gateways, which makes it possible to bundle the services together under one platform. Therefore, some merchants may not realize that the payment gateway and processing serve separate functions as both may seem to occur seamlessly and simultaneously.
In some cases, the merchant’s credit card processor will have its own payment gateway. In other cases, the credit card processor will maintain a relationship with a third-party payment gateway company.
Frequently Asked Questions About Payment Gateways and Payment Processors
Do I need a payment gateway or a payment processor?
Whether a merchant needs to use a payment gateway, a payment processor, or both is determined by the type of transaction and the situation.
For card-present (in-person) transactions, a payment processor is necessary. If that payment processor is virtual, without a physical POS terminal, a payment gateway is also necessary.
For card-not-present (and virtual) transactions, both a payment processor and a payment gateway are required. In this situation, the payment gateway does the majority of the customer-facing work but a payment processor is still necessary to complete the transaction.
Do I need to worry about PCI compliance if I have a payment gateway and payment processor?
Yes, all merchants who process credit card information must be PCI compliant, and having a PCI-compliant gateway and payment processor is only one aspect of the requirements needed to maintain compliance. Protecting the account data, monitoring and testing networks, and building strong access control measures are just a few of the several other objectives that need to be met in order to maintain PCI compliance.
While no single solution can completely eliminate all the requirements an organization must meet in order to become compliant, partnering with TSPs like Basis Theory can significantly reduce the effort involved.