Payment gateways explained: How they work, costs, types, and how to choose
Last updated at 06.15.26
A payment gateway is the technology that encrypts your customer’s card data at checkout and transmits it to the payment processor for authorization.
The gateway you choose is part of a much larger infrastructure decision that affects your payment costs, checkout experience, account stability, and long-term control over customer payment data. As more businesses move online and expand across channels, payment gateways have become a critical part of how merchants manage revenue and customer transactions. The global payments industry is now a roughly $2.5 trillion revenue market, projected to approach $3 trillion by 2029.
Modern payment gateways do more than process online checkouts. They help merchants securely accept payments across websites, mobile apps, invoices, payment links, subscriptions, and in-person transactions while maintaining PCI DSS compliance and reducing fraud risk.
Finix is a certified direct processor that includes a built-in gateway, meaning merchants use a single system for both payment processing and secure payment data transmission. Businesses can start with no-code tools like payment links, virtual terminals, and ecommerce plugins, then expand into API-based integrations when needed.
This guide explains what payment gateways are, how they work, the different types of gateways available, what they cost, and what merchants should consider when choosing a provider.
What is a payment gateway?
A payment gateway is a technology platform that securely captures, encrypts, and transmits payment information between a customer’s card, a merchant’s checkout, and the financial institutions that authorize or decline the transaction.
It acts as the secure communication layer between a business and the broader payment ecosystem. When a customer enters their card details online, taps a card in person, or completes a mobile payment, the gateway protects that data before it is sent to the payment processor for authorization.
A payment gateway does not actually move money between bank accounts. That role belongs to the payment processor, which handles transaction routing, settlement, and fund transfers. The gateway’s role is to securely handle and transmit the payment data itself while helping merchants meet PCI DSS compliance requirements.
Think of a payment gateway as a secure ferry carrying encrypted payment data between a merchant, the processor, and the banks involved in the transaction. The gateway doesn’t own the money or approve the transaction – it safely transports the information needed to make the payment happen.
What does a payment gateway do?
A payment gateway performs four core functions during a transaction:
It encrypts payment data at checkout using secure protocols such as TLS and SSL.
It tokenizes the customer’s card number so raw card data is never stored or transmitted by the merchant.
It securely transmits the encrypted payment data to the payment processor for authorization.
It returns the approval or decline response to the merchant’s checkout in real time.
How does a payment gateway work?
The entire payment gateway process completes in under 2 seconds. Here’s what happens at each step.
The customer enters their card details at checkout, taps their card in person, or uses a digital wallet like Apple Pay or Google Pay.
The payment gateway encrypts the payment data and replaces the card number with a secure token so sensitive card information is never exposed.
The encrypted and tokenized payment data is sent to the payment processor.
The processor routes the transaction request through the card network, such as Visa, Mastercard, American Express, or Discover, to the customer’s issuing bank.
The issuing bank reviews the transaction, and either approves or declines it based on available funds, fraud signals, and card validity.
The approval or decline response travels back through the same chain – from the issuing bank to the processor, then through the gateway to the merchant’s checkout.
If the payment is approved, the customer sees a successful checkout confirmation almost instantly. If it is declined, the gateway returns the decline message so the merchant can prompt the customer to try another payment method.
The gateway handles the payment data and communication layer, while the processor handles transaction routing and fund movement – though the two are often provided together as a single system.
What are the different types of payment gateways?
There are four main configurations for accepting card payments: hosted, self-hosted, API, and direct processor. Each makes a different trade-off between setup simplicity, merchant control, PCI scope, and flexibility.
Types of payment gateways compared
Type | How the checkout works | PCI scope | Best for | Merchant control |
|---|---|---|---|---|
Hosted (redirect) | Customer is redirected to a third-party payment page | Lowest | Small businesses wanting the fastest setup | Lowest |
Self-hosted (integrated) | Payment form is embedded directly into the merchant’s website | Moderate to high | Businesses wanting more branded checkout control | Moderate |
API / headless | Fully custom checkout built using APIs | Highest | Technical teams building custom payment experiences | Highest |
Direct processor with built-in gateway | Gateway and processor are combined into one system | Moderate | Businesses wanting simplicity with long-term flexibility | High |
Different gateway types suit different business models, technical resources, and growth stages. The right choice depends on how much control, customization, and operational visibility your business needs.
Hosted gateways
Hosted gateways redirect customers to a third-party payment page to complete checkout. PayPal is a common example. This is usually the fastest and simplest setup because the payment provider handles most PCI compliance requirements. The trade-off is less control over the checkout experience and a higher risk of customer drop-off during redirects.
Self-Hosted gateways
Self-hosted gateways embed the payment form directly into the merchant’s website or app, creating a more seamless checkout experience. Customers stay on the merchant’s site throughout the transaction, which improves branding and conversion consistency. However, because the merchant’s environment handles payment data, PCI compliance responsibilities are higher.
API / Headless gateways
API or headless gateways give businesses full control over the checkout experience through custom integrations. Merchants can design fully tailored payment flows across web, mobile, and embedded environments. This model offers the greatest flexibility, but also requires the highest engineering effort and PCI compliance responsibility.
Direct processor with built-in gateway
In this model, the payment gateway and payment processor operate as one unified system rather than as separate providers. Merchants do not need to manage a standalone gateway integration, and tokenized payment data remains portable if they switch providers later.
Finix uses this model as a certified direct processor with a built-in gateway. Businesses can start with no-code tools like payment links, virtual terminals, and plugins for Shopify, WooCommerce, and WordPress, then expand into API-based integrations when needed — all within a single platform, provider relationship, and support structure.
What is the difference between a payment gateway and a payment processor?
The gateway is the data layer that encrypts and routes payment information. The processor is the transaction layer – it authorizes the charge, clears it through the card network, and settles funds into the merchant’s account.
The two work together during every card transaction, but they perform different roles. A payment gateway securely captures the customer’s card details, tokenizes the data, and sends it to the processor. The payment processor then communicates with the card networks and issuing banks to approve or decline the transaction and move the funds.
Role | Payment Gateway | Payment Processor |
|---|---|---|
Main function | Captures and encrypts payment data | Authorizes and settles transactions |
Handles | Secure transmission of card information | Movement of funds between banks |
Communicates with | Merchant checkout and processor | Card networks and issuing banks |
Returns | Approval or decline response | Settlement and payout processing |
Most businesses use these services together, either through a bundled provider like Stripe, Square, or PayPal, or through a direct processor with a built-in gateway such as Finix.
For a deeper comparison, including when to use separate versus bundled providers, see our full guide on payment gateway vs payment processor.
How much does a payment gateway cost?
Payment gateway costs typically include a per-transaction fee, often around 0.1% to 0.5% for API-based solutions, plus optional monthly platform fees, though the total cost depends heavily on the provider’s pricing model and transaction volume.
For most businesses, payment gateway pricing falls into three categories.
Flat-rate pricing (PSP aggregator model)
Flat-rate providers combine gateway fees, payment processing fees, and card network costs into a single blended rate. A common example is 2.9% + 30¢ per online transaction.
This model is simple to understand and easy to start with, which is why it is popular among smaller businesses and startups. The downside is that merchants cannot see the actual interchange costs charged by the card networks, making it difficult to understand true processing costs as volume grows. Businesses processing more than roughly $5K per month often pay more under flat-rate pricing than under interchange-plus models.
Interchange-plus pricing (direct processor model)
Interchange-plus pricing separates the card network’s interchange fee from the processor’s markup, showing both as distinct line items for every transaction.
This gives merchants full visibility into what they are actually paying and usually results in lower processing costs at higher volumes. Finix uses an interchange-plus pricing model, allowing merchants to see the exact interchange cost alongside Finix’s markup instead of paying a blended rate.
For businesses processing more than $5K per month, interchange-plus pricing is typically more cost-effective and easier to forecast over time.
Monthly gateway fees and other costs
Some standalone gateways charge a separate monthly platform fee in addition to transaction fees and processor charges. These fees often range from $10–$30 per month, though enterprise gateways may cost significantly more.
With a direct processor that includes a built-in gateway, merchants work with a single provider rather than paying for separate gateway infrastructure. Finix’s monthly subscription includes gateway access, payment processing, fraud monitoring, and support within one platform.
Finix currently starts at $250 per month, which means it is generally best suited to businesses processing more than $5K monthly in card volume. Merchants should also evaluate additional costs such as chargeback fees, payout fees, hardware costs, and international transaction fees when comparing providers.
What should you look for when choosing a payment gateway?
The payment gateway you choose affects your checkout experience, payment costs, operational flexibility, and how much control you have over your payment stack over time.
Some providers prioritize simplicity and fast onboarding, while others offer greater transparency, portability, and long-term flexibility as your business grows. Here are five areas merchants should evaluate before choosing a gateway provider.
1. Pricing transparency: Flat-rate vs interchange-plus
Many PSP aggregators, such as Stripe or Square, use flat-rate pricing where gateway fees, processing fees, and interchange costs are blended into a single rate. While simple, this makes it difficult to understand what portion of the fee goes to the card networks versus the provider.
Interchange-plus pricing separates those costs into individual line items, giving merchants greater visibility into what they are actually paying. For businesses processing more than $5K per month, interchange-plus pricing is often more cost-effective and easier to optimize over time.
2. Account stability: PSP aggregator vs direct processor
PSP aggregators pool many businesses into shared merchant accounts. If transactions trigger fraud reviews or risk checks, merchants can sometimes experience sudden account holds, frozen payouts, or delayed escalations.
A certified direct processor provides businesses with their own dedicated merchant account relationship and a more direct path for support and underwriting reviews. For businesses processing meaningful transaction volume, this can create greater long-term account stability and operational predictability.
3. Integration flexibility and time to go-live
Some merchants need a payment system they can launch quickly without technical resources, while others require custom payment flows and API-level control.
Look for providers that support both. Finix offers no-code tools such as payment links, virtual terminals, and ecommerce plugins for Shopify, WooCommerce, and WordPress, while also supporting API-based integrations for businesses with technical teams. Many merchants can begin accepting payments within a day.
4. Omnichannel support across online and in-person payments
If your business accepts payments online, in person, through invoices, or via mobile devices, your gateway should support all channels within a single system.
Using fragmented providers across different channels often creates reconciliation issues, inconsistent reporting, and higher operational overhead. Finix offers unified omnichannel support across ecommerce, mobile, and in-person transactions within one platform.
5. Data portability and switching costs
Not all payment providers allow merchants to move their tokenized card data when switching platforms. In some cases, customers may need to re-enter their payment information entirely if a merchant migrates providers.
Data portability is important because it reduces long-term switching costs and gives businesses greater ownership over customer payment relationships. Finix supports full card data portability and provides migration support for businesses transitioning from other providers.
How does Finix handle payment gateways?
Finix is a certified direct processor with a built-in payment gateway, meaning businesses use a single system for both secure payment data transmission and payment processing.
Unlike PSP aggregators that pool merchants into shared infrastructure, Finix provides businesses with direct processing relationships, transparent interchange-plus pricing, and full ownership of their tokenized payment data. Merchants can start with no-code tools and expand into more advanced integrations as their needs grow, without changing providers or rebuilding their payment stack.
Finix vs Stripe: Payment gateways for SMB merchants
Feature | Finix | Stripe |
|---|---|---|
Gateway model | Direct processor with built-in gateway | PSP aggregator |
Pricing model | Interchange-plus | Flat-rate blended pricing |
Fee visibility | Exact interchange + markup shown separately | Blended fee structure |
Fraud monitoring | Included | Additional tools may require extra cost |
Support | Dedicated account management, phone, Slack | Primarily ticket-based support |
Account stability | Dedicated merchant account structure | Shared merchant account model |
Data portability | Full card data portability | More limited portability |
Contract | No long-term contracts | No long-term contracts |
No code and plug-and-play setup
Businesses can start accepting payments through payment links, virtual terminals, or ecommerce plugins for Shopify, WooCommerce, and WordPress without requiring developer resources.
For businesses with technical teams, Finix also supports API-based integrations with a lightweight implementation process, allowing companies to embed and manage payments directly within their products while maintaining greater control over the customer experience and payment operations.
Transparent interchange-plus pricing
Finix uses transparent interchange-plus pricing rather than blended flat-rate pricing. Every transaction shows the exact interchange fee charged by the card networks alongside Finix’s markup.
This structure gives merchants greater visibility into payment costs and typically becomes more cost-effective as processing volume increases. Finix pricing currently starts at $250 per month, making it best suited to businesses processing more than $5K monthly in card volume.
Dedicated support and 99.999% uptime
Finix combines direct processing infrastructure with dedicated merchant support. According to Capterra reviews, Finix holds a 4.7/5 overall rating and a 4.8/5 customer service rating, with average support tickets resolved in approximately five hours.
Merchants receive dedicated account support alongside phone and Slack-based communication channels. Finix also provides full card data portability, migration support, integrated fraud monitoring, and 99.999% uptime reliability.
Currently, Finix supports merchants in the United States and Canada. Buy now, pay later functionality is not yet available.