Acquiring
Payment gateway
A technical layer that encrypts card data, forwards authorisation requests to an acquirer, and returns the result to the merchant.
A payment gateway serves as the digital conduit between a merchant's checkout interface and the acquiring bank, primarily responsible for the secure transmission of transaction data. It performs critical technical functions such as encrypting sensitive Cardholder Data (CHD) to ensure compliance with PCI DSS standards and facilitating the exchange of authorisation codes. When a customer initiates a payment, the gateway communicates with the acquirer, which then routes the request through the card schemes (typically Visa or Mastercard) to the issuing bank. The gateway also manages the presentation of 3D Secure (3DS) challenges to satisfy Strong Customer Authentication (SCA) requirements under directives like PSD2. While traditional gateways focus on connectivity and protocol translation, modern iterations often incorporate tokenisation and fraud screening tools to mitigate risk before a transaction reaches the settlement phase.
Frequently asked
What is the difference between a standalone gateway and a full-stack PSP?
A standalone gateway provides the technical connection but requires the merchant to have a separate Merchant Identification Number (MID) from an acquiring bank. In contrast, a full-stack Payment Service Provider (PSP) bundles both the gateway technology and the acquiring services into a single contract and technical integration.
How does a gateway impact transaction speed and latency?
The gateway introduces a processing leap where it must validate signatures, perform anti-fraud checks, and wait for the acquirer's response. While this typically occurs in under two seconds, latency can increase if the gateway's server location is distant from the merchant's customer base or if multiple third-party API calls are required for risk scoring.
Related terms
A vendor that provides payment-acceptance technology, gateway, vaulting, reporting, sometimes acquiring, under one contract.
The licensed bank or financial institution that holds the merchant's MID and settles card transactions on the merchant's behalf.
A PCI-DSS-compliant store of tokenised card credentials that lets a merchant charge a card again without holding the PAN.
Ready for velocity?
Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.
