Payment gateway: What is it and how to choose one?

Finding the right payment gateway for your business can be daunting. It involves looking into different types and understanding how each one operates, is integrated, its costs, and how it contributes to the overall customer experience. Gathering these variables can help you select the right payment gateway for your needs. Below, we wanted to relay the information and combine it all in one place, answering the main 5 questions about each type: What does this type mean? Ease of integration, pricing, security, and customer experience.

Type 1:

Hosted gateways

• What is it?

These are gateways usually provided by a third party. What does it look like to customers? When they pay, they get redirected to the payment provider’s website to enter their details and finish the payment. Then, they return to the original business's website. These payment methods are usually simple to set up and secure because the payment company handles the data. However, businesses can't control the payment experience as much because it happens on another site.

• How easy is it to integrate it?

Hosted gateways are the easiest to integrate. The business would typically just need a link or call to button action that can redirect the customers to the payment provider website.

• What’s the cost?

These services usually charge for each transaction without any upfront fee, which makes them affordable for small businesses or those with infrequent sales.

• How secure are they?

These services offer strong security and follow regulations well because they use the provider's secure servers, which takes a lot of the security responsibility away from the business.

• What’s the customer experience like?

The redirection involved can interrupt the shopping experience, which might affect how often people complete their purchases.

Type 2:

Self-hosted gateways:

• What is it?

With these gateways, businesses collect payment information directly on their website, giving them complete control over the checkout process and customer experience. 

• How easy is it to integrate it?

Integrating self-hosted gateways requires more technical support. The business needs to handle the payment processing logic, user interface design, and security measures. 

• What’s the cost?

This approach may require greater costs, such as the purchase of software, along with continuous expense for maintaining compliance and updating security measures.

• How secure are they?

The security of self-hosted gateways depends largely on the business's ability to implement and maintain high-security standards. Since payment information is processed and potentially stored on the business's servers, it's important to comply with regulations such as PCI DSS and to implement strong security measures to protect customer data. This responsibility includes regular security updates, secure data encryption, and potentially more complex compliance requirements.

• What’s the customer experience like?

With self-hosted gateways, businesses can provide a smoother and more integrated shopping experience since customers do not need to leave the site to complete their payments. This can lead to higher conversion rates and a more cohesive brand experience.

Type 3:

API-hosted gateways

• What is it?

API-hosted gateways allow businesses to integrate payment processing via an API directly into their website or app, enabling customers to make payments without leaving the business’s platform. This approach provides a more seamless checkout experience, with the business maintaining control over the design and flow of the payment process.

• How easy is it to integrate it?

Integrating an API-hosted gateway requires moderate technical knowledge. Businesses will need to work with their development team to implement the API, customizing the payment process to fit their interface and user experience design.

• What’s the cost?

The cost for API-hosted gateways can include development and integration fees, transaction fees, and potentially monthly service charges. 

• How secure are they?

In this type of gateway businesses are responsible for ensuring their implementation complies with security standards like PCI DSS, which might require additional security measures on their part.

• What’s the customer experience like?

API-hosted gateways offer a smooth and integrated payment experience, minimizing disruptions during checkout and potentially increasing conversion rates. Customers enjoy the convenience of staying on the business’s platform throughout the entire purchase process.

Type 4:

Local bank integration

• What is it?

Local bank integration involves directly linking a business's website or application with a local bank to process payments. This method enables customers to make payments using their bank accounts.

• How easy is it to integrate it?

Integrating with a local bank can vary in complexity. It often requires coordination between the business, the bank, and possibly a developer to set up the payment processing system. The level of technical work needed depends on the bank’s API and the existing infrastructure of the business.

• What’s the cost?

The cost structure for local bank integration might include setup fees, transaction fees, and possibly monthly or annual maintenance fees. These costs can differ significantly based on the bank and the specific services used. 

• How secure are they?

Local bank integrations are generally very secure, leveraging the bank's established security protocols and infrastructure. Businesses need to ensure that the integration complies with relevant financial regulations and data protection standards, but the overall security responsibility largely rests with the bank.

• What’s the customer experience like?

This method offers a highly secure and potentially more localized payment experience, which can be a significant advantage for customers who prefer or trust traditional banking transactions over other forms of online payments. However, the smoothness of the customer experience largely depends on the bank's technology and how well the integration is implemented on the business's platform

Security and compliance are crucial in safeguarding your business operations and customer data. Your payment gateway should possess the necessary certifications and adhere to the measures designed to protect payment information. Here are the key UAE standards and regulations you should know about:

• Payment Card Industry Data Security Standard (PCI DSS): It's imperative for UAE businesses that accept credit card payments. Compliance with PCI DSS involves adhering to 12 security standards for the handling of credit card data, including its acceptance, transmission, processing, and storage.

UAE-Specific Regulations:

• Electronic Transactions and Commerce Law: This local regulation governs online transactions, ensuring they are secure and legally recognized within the UAE.

• Data Protection Regulations: While the UAE does not directly apply GDPR, certain free zones like the Dubai International Financial Centre (DIFC) and the Abu Dhabi Global Market (ADGM) have established data protection laws inspired by international standards. These laws mandate that personal data is handled in a manner that the customer has consented to, similar to GDPR principles but tailored to the local context.

• While the UAE does not specifically enforce PSD2/PSD3 or SCA as in the EU, or other regions the emphasis on cybersecurity and authentication is strong. The UAE Central Bank and other regulatory bodies encourage the adoption of robust security measures, including multi-factor authentication, to enhance the security of online transactions.

International payments

There are a few things to keep in mind if you accept international payments. First, it's essential to ensure your gateway can accommodate this. You can accept international payments through cross-border transactions or local acquiring, which tends to offer higher authorization rates.

Another critical aspect of accepting international payments is offering your customers' preferred payment methods. That's why you need to make sure your gateway provides the payment methods you need. It could also be relevant to check if the gateway can accept foreign currencies and the associated fees for your international payments.

Different countries have different regulations. For instance, in Australia, there are specific rules on authentication and in Japan, new 3DS regulations will be implemented by 2025. Your payment gateway must comply with all the local regulations where you plan to accept payments.

Adyen is a financial technology platform offering various solutions for enterprise businesses to enhance payments. We’re a payment gateway, processor, and acquirer in one platform. This means we offer the same functionalities as a payment gateway, allowing our customers to initiate payments. We also provide solutions like authentication, risk management, and authorization optimization - all in one platform. Since we have everything in one platform, we can gather data from all processes and make more informed decision-making. This leads to improved performance such as higher conversion rates and higher auth rates.

Using a provider that is both a gateway and payment processor can drive more value for your business. There is only one API to connect to and one contract for almost 100 markets, reducing complexity for businesses that want to process payments with us.

 Our single-platform setup creates a smooth transaction flow, in which each part can easily communicate. This is an essential part of creating effortless payments, resulting in high authorization rates and increased revenue for our customers.

Do you want to enhance your payments? Discover more about what it means to accept payments with Adyen.