What does a merchant need? Payment Gateway vs Payment Processor

The terms “payment gateway” and “payment processor” are at times used interchangeably in payment vernacular. While the two are related, a payment gateway and a payment processor each serve a unique purpose for merchants to accept and manage payments.

The key difference between a payment processor vs a payment gateway is the processor facilitates the transaction, and a gateway is the middleman between merchant and processor, collecting transaction details, transmitting them to a processor, and communicating the outcome to the merchant.

It’s important to note that many payment processors also offer payment gateways, which allows them to bundle the services together under one platform. They may partner with other processors, allowing their gateway services to arbitrage costs. These are known as full-service payment processors. 

Therefore, some merchants may not realize that the payment gateway and processing serve separate functions, as the services offered by most gateways obscure and encompass the activities undertaken at the processor level. Sometimes, the merchant’s credit card processor will have its own payment gateway; in other cases, the merchant will maintain a relationship with a third-party payment gateway company that has its own independent processor partners.

Return to Top

What is a payment processor? 

A payment processor acts as an intermediary to transmit transaction data between the card networks and banks. A payment processor will execute a transaction by transmitting data submitted by, or on behalf of, the merchant to the issuing (customer’s) bank for processing and the acquiring (merchant’s) bank for payment.

All businesses, whether online or brick-and-mortar, require access to the services of a payment processor, whether directly or by way of a gateway—if they plan to accept credit cards or ACH payments.

In many cases, a payment processor may also supply brick-and-mortar businesses with credit card machines and other equipment to accept in-person credit card payments. Such equipment is unnecessary for virtual businesses as this process can be completed entirely online. 

Popular payment processors include:

• Paymentech
• Adyen
• Worldpay

Front-end and Back-end Payment Processing

Payment processor activities can be divided into two distinct categories based on the stages of payment processing they support:

• Front-end payment processing collects the customer's payment information, passes it to the payment gateway, and encrypts the information when they connect with the gateway. For brick-and-mortar merchants, this generally happens at the POS device; for online merchants, this activity is generally undertaken by the payment gateway.
• Back-end payment processors oversee the actual transactions and movement of funds among accounts. 

Back-end processing commences after the hand-off from a POS device or payment gateway to a payment processor. The back-end processor manages chargebacks and disputes, and details are passed to the merchant either directly or through the payment gateway. 

These two elements of payment processing work together to provide a seamless experience for merchants and their customers. Typically, front-end payment processors contract with back-end processors to offer complete services to clients; or, put another way, payment gateways build relationships with payment processors so that they can transmit validated transactions ready for execution.

Return to Top

How Payment Gateways Fit into the Payment Process 

A payment gateway may specialize in serving the unique needs of a specific merchant vertical group or offer a broader service to all (think PayPal or Stripe). It may also provide a seamless and secure payment experience for its customers, offering specialized features and services specific to the needs of different industries, such as hotels, restaurants, or airlines. These features may include fraud prevention tools, recurring billing options, and support for multiple payment methods.

Popular payment gateways include:

• PayPal
• 2checkout
• Authorize.net
• Stripe 

There are three overarching types of payment gateways that differ depending on how the gateway is integrated into a website or online store:

• On-site payment gateways are typically used by large businesses that want to manage the checkout and payment processing on their own servers entirely. This gives the merchant significant control over the payment experience but it comes with greater responsibilities and costs.
• Hosted payment gateways (or pages) send customers to a third-party site for checkout and payment processing, as is commonly done with PayPal checkout. While these gateways are generally simple to implement, the merchant has very little control over the payment experience.
• Hybrid gateways allow customers to check out on a merchant’s website through on-site checkout and off-site payments, but payment processing occurs at the gateway’s back end. Therefore, the merchant has at least partial control over the payment experience.

A gateway also serves a pivotal role in online subscription-based businesses that process card-not-present transactions, as is often the case with recurring subscription payments. Because gateways do not process payments directly, they provide the processes and procedures to ensure that regular payments are submitted in a timely fashion, sometimes automatically re-submit them in the case of soft declines, or even initiate a dunning process.

Considering a simple transaction with banks processing payments, here is where payment gateways play a role:

1. A customer wants to make a purchase using a credit or debit card.
2. The payment gateway encrypts the customer’s card data, validates it, and sends it to the acquiring bank.
3. The payment gateway identifies the credit card network for the card and sends transaction data to the preferred payment processor for delivery to the issuing bank.
4. The issuing bank determines whether the transaction is valid or fraudulent.
5. If applicable, the issuing bank checks the customer’s available credit to see whether the transaction can be verified.
6. The issuing bank approves or declines the transaction.
7. The payment processor communicates the information back to the payment gateway, which conveys the issuing bank’s decision to the merchant.
8. On the appropriate schedule, the issuing bank settles the account with the acquiring bank. This is communicated to the processor, which updates the gateway and updates the merchant’s gateway account.

This process takes just a few seconds, from the initial swipe of the card to the notification that the payment has been accepted. While the gateway itself does not actually process any portion of the transaction, it sends and receives important information that enables the processing. 

Return to Top

Does a merchant need a payment gateway or payment processor? 

The type of transaction and the situation determine whether a merchant needs to use a payment gateway, a payment processor, or both.

A payment processor, likely one that issues POS devices, is necessary for card-present (and in-person) transactions. 

For card-not-present (and virtual) transactions, both a payment processor and a payment gateway are required. However, selecting a gateway with comprehensive services may mean that the merchant will acquire a payment processor automatically. In this situation, the payment gateway does the majority of the customer-facing work and will likely choose the payment processor(s), which are still necessary to complete the transaction.

Either way, all merchants who process credit card information must be PCI compliant. A PCI-compliant gateway and payment processor are only two requirements for maintaining compliance. Protecting account data, monitoring and testing networks, and building strong access control measures are just a few of the objectives needed to maintain PCI compliance. 

Return to Top