Accepting payments with a payment gateway explained

The very first step of a payment flow, the payment gateway is a service that helps businesses initiate payments. Used in both digital channels and in-person, the payment gateway is typically a web server to which businesses are connected.

You can either choose a payment gateway that is provided by a bank or one from a provider that can connect to one or more payment processors.

Types of payment gateways providers in Australia

Different types of business have different needs - the same applies when it comes to payment gateways.

Online payment gateways provide services for websites and apps. They typically have the same function (initiating payments), but can differ in term of functionalities, supported channels of features offered. To obtain the maximum benefits from a payment gateway, it’s essential to understand your business needs and choose one that works best for you.

One example on how specific needs may shape your payment gateway choice: a subscription business needs a gateway that supports recurring payments; but SaaS or marketplaces might require one that can offer embedded payments. Ecommerce companies may opt for a payment gateway that offer many fraud detection and prevention tools. High-risk industries, such as airlines or gambling, may need a payment gateway with a high-risk appetite.

The payment gateway in the transaction flow

During the few seconds that a payment takes to be completed, a whole universe is happening behind the scenes. Below you can visualise the whole transaction flow. Remember, this flow begins with the payment gateway.

How the payments flow, in simple terms:

1. When a customer makes a purchase, the business sends the customer's payment data to the payment gateway.​​

2. Then, the payment gateway shares the data with the payment processor, who in turn will share the same information with the card scheme.

3. The card scheme shares it with the card issuer, which performs checks to determine if the transaction should be authorised or declined.

4. The decision regarding the transaction flows back through the card scheme, payment processor, and gateway to both the business and customer.

If the payment is approved, the funds move from the customer's bank to the acquirer and then to the business's bank account.

So how does a payment gateway work? In simple terms, it securely transmits payment data between the customer, the merchant, and the banks involved in the transaction, ensuring the payment is authorised and processed safely.

When deciding which payment gateway to use, businesses should consider factors like supported payment methods, security standards, global coverage, and how easily the gateway integrates with their existing systems.

Pricing

There are several pricing models in the payment gateway market. Saving costs is often a priority for many businesses. Choosing a gateway with a pricing model that suits your business needs is a very important step.

Some suppliers charge a percentage-based fee, others a fixed fee per transaction. If your business has a high Average Transaction Value (ATV), a fixed fee could be more cost-effective. 

It is also important to remember that some gateways will charge one-off costs, for setup or integration fees. They might also offer services like 3D Secure, risk management, or authorisation optimisation, which may affect the cost but add value to your business.

Security and compliance

Keeping your customers and their information safe should be a priority to your business. Payment gateways hold specific certificates and conform to measures to protect payment information. The ones you should expect are:

• Payment Card Industry Data Security Standard (PCI): This is crucial for businesses that accept credit card payments. Businesses must adhere to 12 security standards when handling credit card data, including accepting, transmitting, processing, and storing it.

• Compliance with applicable privacy laws

For businesses that accept payments in Europe, it’s important to follow these regulations too:

• Payment Services Directive 3 (PSD3): This regulation pertains to payment authentication. However, it hasn't been implemented yet, which means that Payment Services Directive 2 (PSD2) and Strong Customer Authentication (SCA) still apply.

• General Data Protection Regulation (GDPR): This regulation ensures that personal data is only used for purposes for which the customer has consented. 

International payments

Before accepting international payments, your business must ensure that your payment gateway supports it. There are different ways of accepting international payments, like cross-border transactions or local acquiring, which tends to offer higher authorisation rates.

Offering your customer's preferred payment methods is also important. Therefore, it is essential that your payment gateway can support relevant payment methods, so you don't end up with a high rate of abandoned shopping carts and disappointed customers.

Differences between regulations between countries are also relevant. While Australia has specific rules on authentication, in Japan, new 3DS regulations will be implemented by 2025. The payment gateway of your choice should comply with local regulations where you plan to accept payments.

‘Payment processor’ and ‘payment gateway’ are two players of this ecosystem that often get confused with each other.

At this point, you hopefully understand what a payment gateway does: it helps businesses initiate payments.

A payment processor, in turn, processes payments on behalf of a business’s bank. It operates in the background, making sure processed payments comply with local rules and standards.

After receiving information from a payment gateway, the payment processor communicates it directly to the payment network and authorises, clears and captures the transaction.

Do you recall the payment flow we shared earlier in this article? The first step is done by the payment gateway, by gathering data and passing it forward. The payment processor is the player that receives this data in the next step, then contacts the card schemes and business' bank to approve that payment.

A payment gateway and payment processor can be two separate systems. However, having both on a single platform can increase the efficiency and reliability of the payment process.

Payment gateway architecture varies by provider, but for enterprise businesses, a few capabilities tend to matter most. As you’re evaluating solutions, consider the following parameters: 

Security and compliance

Your payment gateway should hold specific certificates and conform to measures to protect payment information. The ones you should expect are:

• Payment Card Industry Data Security Standard (PCI): Businesses must adhere to 12 security standards when handling credit card data, including accepting, transmitting, processing, and storing it. If you accept credit card payments, it’s critical that you use a PCI compliant payment gateway. 

• Payment Services Directive 3 (PSD3): The gateway needs to follow these new regulations on payment authentication if you accept payments in the European Union (EU). 

• General Data Protection Regulation (GDPR): This regulation ensures that personal data is only used for purposes for which the customer has consented. Businesses must follow the GDPR to accept payments in the EU.

You should also look for fraud protection in your payment gateway. Some companies, like Adyen, use AI tools to help fight fraud while keeping conversion rates high. 

Payment performance, reliability, and optimizations

Your payment process can make or break a sale. To keep customers moving and happy, you want to make sure your gateway can stand up to anything you throw at it. 

Ask about payment gateway transaction success rates, communications, and how the payment processor ensures payments can always be accepted. Get data to validate claims. An excellent metric to evaluate is the provider’s uptime on high-volume days like Black Friday or Cyber Monday. 

Additionally, ask your provider what they can do beyond simply processing payments. Look for additional features that can help you optimise the entire payments funnel through things like:

• Payment gateway routing

• Payment gateway tokenisation

• Payment gateway analytics

• AI payment gateway features

Integration and time to value

There are different levels of flexibility when it comes to integration options. You can either integrate directly through a payment gateway API, or with your ecommerce platforms through plugins, if the partnership exists.

As you’re evaluating, ask questions about: 

• APIs and SDKs that fit your tech stack

• Documentation quality and implementation support

• Options for multiple front ends (web + mobile app) and multiple brands/regions

Also consider payment gateway integration costs in total terms. Remember to account for engineering time, maintenance, and the operational cost of fragmented reporting across providers.

Fees and total cost of ownership

Payment gateway fees can vary based on provider model, markets, and features included. Some gateways charge a percentage-based fee, and some a fixed fee per transaction. Both models have their advantages and disadvantages, based on the number of transactions you process and the amount per transaction. 

Beyond published fees, consider:

• Operational overhead

• Support model and incident response

• The cost of adding new markets or methods

When calculating the potential costs, it’s also important to remember that some gateways charge for one-off costs like setup or integration fees. They might also offer services like 3D Secure payment gateways, protection against payment fraud, or authorisation optimisation, which may affect the cost but which add real value to your business.

Global expansion: multi-currency and cross-border

Your multi currency payment gateway should grow with you. Check if the gateway can accept foreign currencies, and the associated fees for international payments. Your payment gateway should also comply with all the local regulations where you plan to accept payments.

You also want to make sure your cross-border payment gateway lets customers use their preferred payment methods. Make sure your forex payment gateway provides local payment methods which are, on average, 49% cheaper than credit and debit cards.

A payment gateway is a foundational component of modern digital payments. For enterprise teams, the best payment gateway choice is the one that balances performance, security, and the flexibility to scale globally without multiplying complexity.

At Adyen, we combine a payment gateway, acquirer, and processor into one platform. Our enterprise payment gateways are purpose-built to handle trillions of transactions all over the world. Some of the largest companies in the world trust us to handle their payments, including businesses like Nord Security, Adobe, and others.  

Ready to consolidate your payments into one unified platform that helps you save money and grow revenue? Learn more about what it means to accept payments with Adyen, or contact our team to get started.