A payment gateway is a technology used in e-commerce to authorise credit card or direct payment processing for online businesses and online retailers. It serves as a digital bridge between an online website and the bank that processes a customer’s credit card payment.

The main function of a payment gateway is to validate your customer’s credit card details securely, ensure the funds are available for the payment and get you paid. It’s the equivalent of a physical point-of-sale terminal in a shop or restaurant. It provides security by encrypting sensitive information, ensuring that information passed between the customer and merchant remains private.


When a customer places an order from an online store, the payment gateway performs several tasks to process the transaction:

  1. Encryption: The web browser encrypts the data to be sent between it and the vendor’s web server. The gateway sends the transaction data to the payment processor used by the vendor’s acquiring bank.
  2. Authorisation Request: The payment processor sends the transaction data to a card association, which routes it to the issuing bank for authorisation.
  3. Filling the Order: The issuer sends a response back to the processor. The response includes information about whether the payment has been approved or declined. If approved, the merchant can then fulfil the order.


Security is an integral part of all payment gateways, as sensitive data such as credit card numbers need to be protected from any fraudulent parties. The card associations have created a set of rules and security standards which must be followed by anyone with access to card information, including gateways. This set of rules and security standards is called the Payment Card Industry Data Security Standard (PCI DSS).

