Payment Gateway

A payment gateway is the layer that securely captures card details at checkout and passes them into the payment network for authorization.

A payment gateway is the software layer that securely captures a customer's payment details at checkout and passes them into the payments network to be authorized. It's the bridge between your website or app and the banking rails — the piece that encrypts the card data and hands it off so the transaction can be approved.

What the gateway does

  • Captures and encrypts — collects the card number, expiry, and CVC at checkout and encrypts them immediately, often via tokenization so raw card data never touches your servers.
  • Submits the transaction — sends the authorization request toward the acquirer and the card network.
  • Returns the result — relays the approval or decline back to your checkout in real time.

By handling and encrypting the sensitive data, a good gateway keeps most of the PCI DSS burden off your own systems.

Gateway vs processor

The terms are often used interchangeably, and modern platforms like Stripe combine both roles, but they're technically distinct:

  • The gateway is the front door — it captures the payment data and transmits it securely.
  • The [payment processor](/glossary/payment-processor) is the engine behind it — it communicates with the banks to move the money.

Why it matters

For most businesses the distinction is invisible because one provider does both. What matters practically is that the gateway determines your checkout experience, which card types and wallets you can accept, and how much PCI scope you carry — because if the card data is captured directly by the gateway rather than your server, your compliance obligations shrink dramatically.

Related terms

Updated July 6, 2026