Payment processors and payment gateways can seem confusingly similar, yet certain qualities distinctly separate them.

For a surface-level distinction, payment processors handle central aspects of credit card processing, and payment gateways are the web interface to accept payments. Let’s add some context.

Payment gateways provide the technology, server space and security checks to accept credit and debit card transactions through an online checkout.

In recent years, physical card terminals are sometimes referred to as payment gateways, but the original and most widespread meaning refers to browser-based checkout pages in online transactions specifically.

Payment processors are payment companies or acquirers used by merchants to accept credit cards. They mediate much of the backend credit card processing that’s separate from the web interface. Processors ferry transaction information to the necessary parties, finalize payments, and help move money around.

How gateways keep card data safe

As opposed to reading a card electronically through a credit card machine, payment gateways use sophisticated technology to verify that the manually entered card details are legitimately submitted by the cardholder.

Online gateways do that by using APIs (application programming interfaces), which let websites talk to underlying payment processing networks.

But in order to accept credit cards, merchants of any size must be in compliance with the Payments Card Industry Data Security Standard (PCI-DSS) which, put simply, is the standard to which card holder data must be encrypted.

Fortunately, almost all payment gateways come with specially designed technology that encrypts card holder information. These technologies are called Transport Layer Security (TLS) and Secure Electronic Transaction (SET). They establish an encrypted link between servers and browsers and block out the card details of customers, and any gateway that has them is automatically PCI-DSS compliant.

Gateways also offer an additional layer of security. Visa 3-D Secure (3DS) is a great example. It uses lots of contextual data to verify the identity of the person making a transaction. Often, the cardholder will be prompted to complete a challenge, like giving a one-time password, to confirm they initiated the purchase.

Payment gateway vs processor diagram

How do the two connect?

To best understand how the two connect, it’s helpful first to know what each of them does in online payments.

The seller’s credit card machine (in person) or payment gateway (online) sends the encrypted transaction information to the payment processor and requests for it to be authorized. The rest happens behind closed doors. The processor communicates the transaction to the acquirer/merchant account and card network. The card network (e.g. Visa) contacts the customer’s bank and the merchant account, debiting one account and crediting the other.

Essentially, the payment gateway is like a castle gate and guards, and the processor is a messenger. When you approach the gate and ask to get in, the guards ask the messenger to run up to the castle and ask if you are who you say you are and are allowed in. If the messenger comes back and says yes, the guard lets you go in and use the facilities.

All-in-one solutions make the distinction obsolete

However, end-to-end solutions that make accepting digital payments easier for small businesses are becoming more common.

Some gateways are available as standalone platforms and require businesses to take out a merchant account with an acquirer. For example, Authorize.Net operates as a standalone gateway connecting several different processors on the back end.

Many modern gateways, however, come as an integrated service. Some act as payment processors by dealing with the acquirers and card networks behind the scenes. Sellers simply have to sign a contract with their chosen provider without having to worry about dealing with those involved in making payments work.

Major payment processors like FIS/Worldpay, PayPal, Stripe, and Square are excellent examples of processors with in-house gateway solutions.

As modern retail continues to advance, it’s possible that the difference between payment gateways and processors will cease to be a question that business owners or interested parties would think to ask.