Frequently Asked Questions

Payment Gateway Basics

What is a payment gateway?

A payment gateway is a software solution that enables businesses to securely process online payments by transmitting transaction data between the merchant, customer, and payment processor. It encrypts sensitive information, such as credit card details, to ensure safe and compliant transactions and protect against fraud. Payment gateways are essential for authorizing payments, managing recurring billing, and maintaining reliable cash flow for subscription and e-commerce businesses. [Source]

How does a payment gateway work?

A payment gateway works by capturing a customer's payment information at checkout, encrypting the data, and securely transmitting it to the acquiring bank for authorization. The process involves several steps: customer interest and data entry, encryption and fraud checks, authorization by the issuing bank, transaction decision (approval or decline), and settlement, where funds are transferred to the merchant's account within 2-4 business days. [Source]

What are the main types of payment gateways?

The four main types of payment gateways are:

Each type offers different levels of control, security, and integration complexity. [Source]

What is the difference between a payment gateway and a payment terminal?

A payment gateway facilitates online payments by transferring cardholder data between parties in an online transaction, while a payment terminal processes card payments in person using a physical device. [Source]

What is the difference between a payment gateway and a payment processor?

A payment gateway acts as a secure intermediary, transmitting encrypted payment data between the merchant, acquiring bank, issuing bank, and payment processor. The payment processor is responsible for moving approved funds from the customer's account to the merchant's account. [Source]

Features & Capabilities

What features should I look for in a payment gateway?

Key features to consider include support for multiple payment methods (credit/debit cards, digital wallets, bank transfers), recurring billing, robust fraud protection, PCI DSS compliance, integration options (APIs, plugins), global capabilities (multi-currency, multi-language), QR code support, and strong customer support. [Source]

Do payment gateways support recurring payments and subscriptions?

Yes, payment gateways are vital for managing recurring payments, making them indispensable for subscription-based businesses. They securely store customer information and initiate transactions on scheduled payment dates, supporting automated billing and reducing manual effort. [Source]

Can payment gateways handle multiple payment methods?

Yes, many payment gateways support a variety of payment methods, including credit and debit cards (Visa, Mastercard, AMEX), digital wallets (PayPal, Apple Pay, Google Pay), and bank transfers (ACH, wire). The specific methods supported vary by provider. [Source]

How do payment gateways help with cash flow management?

Payment gateways enable businesses to process payments on time, reducing manual reconciliation and improving financial planning. They accelerate the conversion of sales to cash and provide tools for tracking and analyzing payments, which helps optimize cash flow. [Source]

What analytics and reporting features do payment gateways offer?

Most payment gateways provide transaction monitoring, sales performance tracking, and reporting features. These insights help business owners make strategic decisions and improve operational efficiency. Some gateways offer more extensive analytics than others. [Source]

How do payment gateways support regulatory compliance?

Payment gateways typically ensure compliance with financial regulations such as PCI DSS by encrypting sensitive cardholder data and providing secure transaction processing. This relieves business owners of the burden of managing security compliance complexities. [Source]

Security & Compliance

Are payment gateways secure?

Yes, payment gateways employ robust security measures, including PCI DSS compliance, data encryption, tokenization, SSL/TLS protocols, and regular security audits. These measures protect sensitive cardholder data and help prevent fraud. [Source]

What is PCI DSS compliance and why is it important for payment gateways?

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to protect cardholder data during transactions. Only PCI-compliant payment gateways can process sensitive cardholder data, ensuring secure handling and reducing compliance risks for merchants. [Source]

How do payment gateways use encryption and tokenization?

Payment gateways use encryption to convert sensitive payment data into unreadable text during transmission, ensuring only authorized parties can access it. Tokenization replaces sensitive data with a non-sensitive token, which is used for transactions, further protecting customer information. [Source]

What fraud prevention features should a payment gateway have?

Effective payment gateways include fraud detection systems that use historical patterns, location, device data, 3D Secure verification, CVV checks, and address verification. Advanced solutions, like Zuora Fraud Protection, leverage adaptive AI to tackle online payment fraud. [Source]

How often should payment gateways undergo security audits?

Given the increasing sophistication of payment fraud, regular security audits are essential. These audits identify vulnerabilities and ensure that payment gateways remain compliant with the latest security standards. [Source]

Integration & Technical Requirements

How do I integrate a payment gateway with my business systems?

Integration can be achieved through APIs, plugins, or extensions compatible with your e-commerce platform. The complexity depends on your platform and developer resources. Providers with ample documentation and libraries in your tech stack of choice make integration easier. [Source]

What should I consider when choosing a payment gateway for global transactions?

Look for gateways that support cross-border, multi-currency, and multilingual transactions. Key aspects include supported currencies, languages, and countries, as well as in-house foreign exchange capabilities and consolidated global reporting. [Source]

How important is customer support when selecting a payment gateway?

Reliable customer support is crucial for resolving technical issues and ensuring smooth onboarding. Look for providers offering 24/7 support, dedicated account management, and self-help resources. Service level agreements (SLAs) for response times are also important. [Source]

Can I use more than one payment gateway for my business?

Yes, businesses often use multiple gateways to improve reliability, support regional payment preferences, and optimize transaction approval rates and costs. [Source]

Zuora Payments & Platform-Specific Questions

What is Zuora Payments?

Zuora Payments is a centralized payment management system that streamlines operations for businesses using multiple payment service providers. It supports over 40 payment gateways, offers fraud protection, and simplifies the management of digital subscription services. [Source]

Which payment gateways does Zuora support?

Zuora supports over 40 payment gateways, including Stripe, GoCardless, and Worldpay. This broad compatibility enables businesses to offer a wide range of payment options to their customers. [Source]

Does Zuora Payments support recurring billing and subscriptions?

Yes, Zuora Payments is designed to support recurring billing and subscription management, making it ideal for businesses with subscription-based revenue models. [Source]

How does Zuora Payments help with fraud prevention?

Zuora Payments includes fraud protection features and offers Zuora Fraud Protection, an add-on solution that leverages adaptive AI to detect and prevent online payment fraud. [Source]

Is Zuora Payments PCI DSS Level 1 compliant?

Yes, Zuora Payments is PCI DSS Level 1 compliant, ensuring secure handling of payment data and adherence to industry-leading security standards. [Source]

What integration options does Zuora offer for payment gateways?

Zuora provides extensive integration options, including REST and SOAP APIs, pre-built connectors, and a Connect Marketplace with nearly 100 apps. This allows seamless integration with platforms like Salesforce, HubSpot, NetSuite, and Snowflake. [Source]

Where can I find technical documentation for integrating Zuora Payments?

Technical documentation for integrating Zuora Payments is available in the Zuora Knowledge Center and Developer Center. These resources include API references, SDK documentation, and integration guides. [Docs] [Developer Center]

What security certifications does Zuora Payments hold?

Zuora Payments holds several security and compliance certifications, including PCI DSS Level 1, SSAE 16 SOC1 Type II, SOC2 Type II, ISO 27001, HHS HIPAA, and SOC 3. These certifications demonstrate Zuora's commitment to data protection and regulatory compliance. [Source]

How does Zuora Payments help businesses operating globally?

Zuora Payments supports multi-currency and multi-entity operations, enabling businesses to process payments in various currencies and comply with global tax and regulatory requirements. This makes it easier for businesses to scale internationally. [Source]

What are some real-world business impacts of using Zuora Payments?

Businesses using Zuora Payments have reported increased recurring revenue, improved operational efficiency, and faster time-to-market for new subscription products. For example, Swiftpage saw a 140% increase in subscription customers and a 131% global ARR growth after launching subscriptions on Zuora. [Case Studies]

What customer feedback has Zuora Payments received regarding ease of use?

Customers have praised Zuora Payments for its flexibility, ease of integration, and ability to simplify operations. For example, Mindflash's CEO highlighted the platform's flexibility and ease-of-use, while TripAdvisor noted a dramatic reduction in sync times from 5 hours to 5 minutes. [Case Studies]

How quickly can Zuora Payments be implemented?

Implementation timelines for Zuora Payments vary based on project complexity. Focused scopes can be completed in as little as 30 days, with typical implementations ranging from 30 to 90 days. Pre-built connectors can enable integrations within one day. [Source]

What industries benefit most from Zuora Payments?

Zuora Payments is used by companies in technology, SaaS, media, publishing, healthcare, consumer goods, manufacturing, telecommunications, and more. Its flexibility and scalability make it suitable for a wide range of industries with subscription or recurring revenue models. [Case Studies]

Who are some notable customers using Zuora Payments?

Notable customers include Zoom, Asana, The Financial Times, GoPro, and The Seattle Times. These companies have leveraged Zuora Payments to scale their subscription businesses and improve operational efficiency. [Case Studies]

Glossary Hub / Payment Gateways

Payment Gateways

payment gateway

TL;DR

  • A payment gateway is a service that securely processes online payments by transmitting transaction data between a merchant, customer, and payment processor.

  • It encrypts sensitive information (like credit card details) to ensure safe, compliant transactions and protect against fraud.

  • Payment gateways support multiple payment methods—such as cards, digital wallets, and bank transfers—enabling smooth checkout experiences.

  • They’re essential for subscription and e-commerce businesses to authorize payments, manage recurring billing, and maintain reliable cash flow.

 

Payment gateways serve as the essential bridge between customers and businesses, facilitating secure and efficient transactions. Business owners must ensure the payment process is quick and seamless, or risk losing a customer.

This is especially true in a period where many businesses process payments digitally, and unoptimized payment processes have contributed to a 70% abandoned cart rate in 2023 alone. 

This data proves that the more convenient and credible it is for customers to pay for intended purchases, the more likely they will make those purchases. This is where payment gateways come in.

In this article, we delve into the full spectrum of payment gateways, uncovering what they are, how they work, what types exist, their common features, and the factors to consider in choosing the right one for your business.

What is a payment gateway?

A payment gateway is a software solution that allows your customers to make online payments to your business without your direct involvement at the point of purchase. You can receive card and other non-cash payments while protecting customers’ sensitive information.

 

Think of payment gateways as technological portals or tunnels for online payments. As the name implies, the payment gateway is the entrance or passage to a successful online payment.

How does a payment gateway work?

Now that we understand what payment gateways are, let’s explore how they work.

 

Step 1: Interest

Customers find something they wish to purchase and click the buy/purchase button. This is where the power shifts from your hands as a business owner to that of the payment infrastructure you have put in place for your business.

At this stage, your customer is required to enter their payment data, like cardholder information, into the browser.

 

Step 2: Encryption

The browser then packages this data and transfers it to the online store’s server, verifying the parties in the transaction and handing over the data to the payment gateway. There are also platforms where the data is transferred directly to the payment gateway from the browser.

The payment gateway then acts as a shield, encrypting the customer’s payment data to ensure secure transfer to relevant parties throughout the payment process. The payment gateway checks for fraud at this stage, a core operational function. 

 

Step 3: Authorization

After the encryption and fraud checks are complete, the payment gateway sends the details to the acquiring bank (the financial institution that processes card payments on behalf of the merchant). The acquirer then transfers the data to the issuing bank (the financial institution that processes card payments on behalf of the customer) in an authorization request. The issuing bank then conducts an extra layer of security and verification checks — fraud, identity, bank details, available funds, etc.

 

Related: Guide to preventing payment fraud 

 

Step 4: Transaction decision 

Once the necessary screening measures are complete, the issuer will approve or decline the transaction. Whatever the decision, it is communicated to the acquiring bank, which reports to the payment gateway provider and, of course, the customer. The transaction decision informs the customer if their payment method has been approved or declined.

 

Step 5: Settlement

Throughout the day, the merchant gathers the approved authorizations or ‘auth’ into a batch to be sent to the acquiring bank at the end of the day to begin the settlement process. On receiving the batch, the acquirer sends it to the issuing bank for payment. Once the issuer transfers the funds to the acquirer, the money is transferred back to the merchant within 2-4 business days.

Types of payment gateways

When setting up a payment gateway for your business, it helps to know that there are four major options available to cater to different business needs and infrastructure.

 

Hosted payment gateway

With hosted payment gateways, your customer is redirected from your merchant page to a third-party website to complete their payment process. These third parties, known as payment service providers (PSP), manage the intricate payment process so you can focus on your business.

If you don’t mind not completely controlling your customer’s checkout process, you can benefit from the stronger security protocols, easy integration process, and assurance of Payment Card Industry Data Security Standard (PCI DSS) compliance that hosted payment gateways offer.

 

Self-hosted payment gateway

Unlike hosted payment gateways, where customers are required to input their data into a third-party site, self-hosted payment gateways collect that information directly on the merchant’s website. This data is encrypted and securely transferred to the payment gateway for authorization.

With this option, merchants enjoy fuller control over their customers’ checkout experience while the customers themselves benefit from a more seamless experience with zero redirects and faster service.

 

API–integrated payment gateway

Choose an API-integrated payment gateway to build a custom payment system that completely integrates with your business’ branding and custom-designed checkout experience. Aside from having total control of your payment flow, API-integrated payment gateways can also be used on different devices and have become a top choice for merchants with more mobile shoppers. 

However, this option demands that the merchant be more hands-on regarding security, from securing customer data to running fraud checks and ensuring transactions comply with local and international financial regulations.

 

Local bank integration gateway

Local bank integration gateways are the same as hosted payment gateways, but banks host these gateways and not PSPs. Once the customer initiates the process, they are redirected to their local bank’s website to enter their payment information, and once that is done, they are returned to the merchant’s website to complete the process. 

Given its rudimentary features, this option is easy to set up and implement and may be ideal for small businesses or sole traders with low sales volumes.

What are the advantages of payment gateways?

The following are some benefits of payment gateways.

 

Increased sales and revenue

A payment system that guarantees that customers can easily and securely complete transactions is one that they are more likely to trust with their purchase decisions and return to in the future. For business owners, this means increased customer loyalty and retention, which, in turn, leads to increased sales and revenue.

 

Improved cash flow management

With payment gateways, businesses process payments on time, reducing the need for manual reconciliation and allowing for better financial planning.

 

Reduced dependency on cash

The use of payment gateways helps businesses reduce cash dependency by accelerating the conversion of sales to cash.

 

A better customer experience

Seamless, user-friendly payment processes contribute to a positive customer experience, leading to customer satisfaction and potentially fostering repeat business.

 

Payment tracking and analysis

While some payment gateways offer more extensive reporting and analytics features than others, all payment gateways give business owners room to monitor transactions and track sales performance. These insights can be used to influence strategic decision-making and success for the business.

 

Accepts recurring payments

Payment gateways are also vital in managing recurring payments, making them almost indispensable for subscription-based businesses. When a customer signs up for a recurring payment, the payment gateway securely stores their information and initiates the transaction on the scheduled payment dates. 

 

Regulatory compliance

Businesses must adhere to a few international and local financial regulations when dealing with the payment industry and sensitive cardholder information. Among those regulations is the PCI DSS. Payment gateways typically ensure that business transactions remain compliant with regulations, relieving business owners of the burden of managing security compliance complexities.

How to choose a payment gateway

Deciding that your business needs an integrated payment gateway is the first step to securing seamless online transactions for your customers. The important next step is understanding what to consider when choosing a payment gateway. 

Below are some of the crucial details to think about. 

 

Define your must-have features

You need to evaluate features that are critical for your specific business needs. Key features, like recurring billing, enable multiple pricing models and are crucial for SaaS businesses. Robust fraud protection is essential, especially if you operate globally or have high value orders. 

Identify 2-3 non-negotiable must-have features based on your business needs before comparing providers.

 

Payment method

A payment gateway should support accepting all major payment modes such as Visa, Mastercard, and AMEX credit cards to allow customers flexibility. Processing debit cards is essential for those wanting to pay from bank accounts.

Allowing bank transfers via ACH and wire enables frictionless cash flow. Digital wallets like PayPal, Apple Pay, and Google Pay are becoming common, so supporting these is also vital. 

 

Consider the pricing model

Pricing models vary greatly amongst payment gateways. Transaction fees are charged on each payment, typically ranging from 2% to 4%. Monthly fees for maintaining the gateway account are also common. 

Pricing tiers based on your processing volume determine rates. For online businesses, estimating your annual payment volume and calculating total projected costs with each shortlisted provider’s pricing model is a good practice. This will allow you to identify the most cost-effective option.

 

Recurring billing and subscriptions

If you have a recurring revenue-based subscription model, automated recurring payments are a must. Customers can securely store card data for future billing without reentering details. It’s also important to consider how you will prevent revenue leakage due to expired cards or other payment processing issues. 

Most payment gateways facilitate creating plans, schedules, and metered usage billing, all tied to tokens/profiles. This recurring engine simplifies complex client billing.

 

Integration and APIs

The implementation process can be straightforward or complex depending on the gateway’s platform compatibility, developer resources for integration, and timelines. If choosing a gateway with plugins or extensions for your e-commerce platform (WooCommerce, Shopify, etc), setup is much easier vs. directly using APIs. 

If you’re dependent on developer resources, ensure ample documentation and libraries are available in your tech stack of choice. Also, confirm the estimated go-live duration to gauge the integration effort.

 

Fraud detection and risk management

Just as the reliance on non-cash transactions is increasing by the second, so is the sophistication of online payment fraud. To mitigate these risks, you should choose a payment gateway with a robust fraud detection and prevention system with the latest technology and advanced authentication methods. 

With e-commerce losses to online payment fraud estimated at $48 billion in 2023 alone, ensuring fraud detection and prevention mechanisms are in place for online payments has become non-negotiable for business owners.

Radar-like systems assess risk levels of transactions based on historical patterns, location, devices etc. Also, using 3D Secure verification, CVV checks, and address verification systems adds extra layers of protection. Zuora Fraud Protection, an add-on solution to Zuora Payments, leverages adaptive AI to tackle online payment fraud. 

 

Evaluate global capabilities

Your best bet is to choose a payment gateway that supports cross-border, multi-currency, and multilingual transactions. Key aspects to examine are supported currencies, languages, and countries for payment processing. 

This ensures customers from various locations can pay with familiar payment methods and localized interfaces. Having in-house foreign exchange capabilities and consolidated global reporting simplifies operations. 

 

QR code links

Since the popularity of QR code payments during the pandemic, many e-commerce customers, especially mobile shoppers, have preferred it. Projected to surpass $55.60 billion by 2033, this payment option has become a customer favorite.

If your business caters predominantly to mobile shoppers, a payment gateway that supports QR code links for payment initiation should be a top priority.

 

Customer support and service

Solid technical support during and after onboarding is key when issues arise. Many providers offer dedicated account management and 24/7 customer service via multiple channels (email, phone, chat). For larger accounts, customized implementation consulting before rollout is invaluable. 

Examining service partners, SLAs for support response times, and self-help options provides visibility into the reliability of ongoing support.

 

Automatic card reader

If you run a business with physical, on-site needs, then a payment gateway that can be integrated into your point-of-sale (POS) system is another important requirement.

 

Related: Mastering payments – The essential guide

Are payment gateways secure?

Payment gateways create robust security measures due to the sensitive information they collect. Below are some elements of the typical security apparatus of a payment gateway. 

 

PCI DSS-Compliant gateways

Established by the Payment Card Industry Security Standards Council (PCI SSC) to protect sensitive cardholder information throughout the transaction process, PCI DSS compliance is a set of security standards and best practices that all players working within the payment industry must adhere to. 

A PCI DSS-compliant gateway is a payment gateway that meets these set standards and has been certified PCI-compliant. By law, only PCI-compliant payment gateways can process sensitive cardholder data.

 

Data encryption

Data encryption is a major way payment gateways secure cardholder data. When a customer enters their payment data onto the platform, the payment gateway turns it into ciphertext that only its private key can decrypt. This guarantees that its contents are kept secure even as the data moves from one party to another.  

 

Secure electronic transaction (SET)

VISA, Mastercard, and other major credit card companies created SET to protect cardholder data in electronic transactions. This is achieved by concealing personal information on the card during the transaction so it is safe from hackers and thieves. 

 

Tokenization

While encryption turns sensitive cardholder data into unreadable text that only a private key can decrypt, tokenization creates a nearly irreversible and non-sensitive value called a token. The generated token is used for the transaction, securely storing the original data instead of transmitting personal data from one party to another.

 

Secure socket layer (SSL) and transport layer security (TLS)

SSL and TLS are different versions of the same communication protocol designed to encrypt data for secure transmission between different platforms. Payment gateways use SSL and TLS to create secure pathways between a user’s browser and the payment gateway, ensuring that any data exchanged during the transaction period is hidden from malicious actors. 

 

Regular security audit

Given the increasing sophistication of payment fraud tactics, regular security audits of payment gateways have become non-negotiable. Once conducted, these security audits identify threats and vulnerabilities in the security system and patch identified risks.

What is the difference between a payment gateway and a payment terminal?

Payment gateways and terminals are used to process electronic and card transactions. However, while payment gateways facilitate online payments by transferring cardholder data across different parties in the exchange, payment terminals process card payments in person and through a physical device.

What is the difference between a payment gateway and a payment processor?

The payment gateway and payment processor are crucial components of online payment processing. Payment gateways act as middlemen in an online payment transaction, transmitting encrypted and authenticated payment data between major actors, such as the merchant, the acquiring bank, the issuing bank, and the payment processor. 

 

On the other hand, the payment processor is primarily concerned with ensuring the transfer of approved funds from the customer’s account to the seller’s.

Overcome challenges with a centralized payment management system

Using multiple payment service providers offers flexibility and expands payment options, but it also presents operational challenges. Managing the complexity introduced by multiple integrations, diverse payment methods, various support and maintenance requirements, and fragmented data can strain your resources and hinder efficiency.

Zuora Payments is a centralized payment management system that simplifies this complexity by streamlining operations, making it easy to operate multiple payment services. Zuora can help you save time and resources while ensuring seamless customer experiences as you scale your digital subscription services and build your business.

Payment Gateway FAQs

What exactly does a payment gateway do?

A payment gateway securely captures and transmits a customer’s payment information to the appropriate payment processor and bank, enabling transaction authorization and settlement while protecting sensitive data.

Is a payment gateway the same as a payment processor?

No. A payment gateway securely sends transaction data, while a payment processor is responsible for communicating with banks and moving funds once the transaction is approved.

Do payment gateways support multiple payment methods?

Yes. Many payment gateways support credit and debit cards, digital wallets (such as Apple Pay or Google Pay), and bank transfers, though supported methods vary by provider.

Are all payment gateways PCI compliant?

Reputable payment gateways comply with PCI DSS security standards, helping ensure cardholder data is encrypted and reducing compliance responsibilities for merchants.

Can I use more than one payment gateway for my business?

Yes. Businesses often use multiple gateways to improve reliability, support regional payment preferences, or optimize transaction approval rates and costs.

What should I consider when choosing a payment gateway?

Key factors include supported payment methods and currencies, security and fraud prevention features, pricing structure, ease of integration, and support for recurring or subscription billing.

Keep Learning

The Decoupled Catalog: Why Your CRM, Billing, and Provisioning Need a Single Source of Truth

How BMC’s ERP Upgrade Transformed Monetization to Power SaaS Growth

Bookings vs Revenue: A Finance Leader’s Guide to Closing Technology Gaps in SaaS

What is enterprise billing, and is it right for your organization?