How gateways keep card data safe
As opposed to reading a card electronically through a credit card machine, payment gateways use sophisticated technology to verify that the manually entered card details are legitimately submitted by the cardholder.
Online gateways do that by using APIs (application programming interfaces), which let websites talk to underlying payment processing networks.
But in order to accept credit cards, merchants of any size must be in compliance with the Payments Card Industry Data Security Standard (PCI-DSS) which, put simply, is the standard to which card holder data must be encrypted.
Fortunately, almost all payment gateways come with specially designed technology that encrypts card holder information. These technologies are called Transport Layer Security (TLS) and Secure Electronic Transaction (SET). They establish an encrypted link between servers and browsers and block out the card details of customers, and any gateway that has them is automatically PCI-DSS compliant.
Gateways also offer an additional layer of security. Visa 3-D Secure (3DS) is a great example. It uses lots of contextual data to verify the identity of the person making a transaction. Often, the cardholder will be prompted to complete a challenge, like giving a one-time password, to confirm they initiated the purchase.