Payment Gateway: How It Works & How to Choose One

A payment gateway is the technology that authorises and processes online card payments — the layer that takes a customer's card details at checkout, encrypts them, validates the transaction with the card networks and the issuing bank, and returns an approval (or decline) so the order can complete. For ecommerce brands, the payment gateway is core checkout infrastructure: it determines what payment methods are accepted, what fraud protection runs in the background, and how much margin gets eaten by transaction fees.

What a payment gateway actually does

Captures card data securely. The customer enters card details at checkout; the gateway tokenises and encrypts them so the merchant never handles raw card numbers (which is what keeps the merchant out of full PCI-DSS scope).
Authorises the transaction. The gateway routes the payment request to the card networks (Visa, Mastercard, Amex) and ultimately to the customer's issuing bank, which approves or declines based on funds availability and fraud signals.
Returns the result to the storefront. Approval or decline arrives back at the storefront within a few hundred milliseconds; the order completes or fails accordingly.
Settles funds. Approved transactions move funds from the customer's bank to the merchant's bank account, typically over 1–7 business days depending on the gateway and country.
Handles refunds and chargebacks. Reversing transactions, processing customer refunds, and managing the chargeback dispute process all run through the gateway.
Provides fraud protection. Modern gateways include risk scoring, 3D Secure authentication, and rule-based fraud filtering that block obviously fraudulent transactions before they reach the merchant.

Payment gateway vs. payment processor vs. merchant account

The terms get used loosely; the technical distinctions:

Payment gateway: the front-end technology that captures card data and routes it for authorisation.
Payment processor: the back-end service that actually moves funds between banks and card networks. Sometimes the same company as the gateway, sometimes a separate provider.
Merchant account: the bank account that holds card payments before settlement. Some gateways require a separate merchant account; aggregators (Stripe, Shopify Payments) provide a merchant account as part of the bundle.

Modern integrated providers (Stripe, Shopify Payments, Square, Adyen) collapse all three layers into a single product. Standalone gateways like Authorize.net are relatively rare in modern ecommerce.

Common payment gateway options for Shopify

Shopify Payments: Shopify's native gateway, powered by Stripe. Lowest transaction fees on Shopify (no extra third-party fee), tightest integration. The default for most Shopify merchants where it's available.
Stripe (direct): deep developer features, strong international support, broad payment-method coverage including ACP's SharedPaymentToken for agentic commerce.
PayPal: consumer-trust signal at checkout; many shoppers prefer it for the buyer protection guarantees. Often offered alongside cards rather than as the sole gateway.
Adyen: enterprise-grade gateway with strong global coverage, multi-currency, and unified payments across channels. Common at Shopify Plus / mid-market scale.
Klarna, Afterpay, Affirm: Buy Now Pay Later providers, technically not gateways but increasingly integrated as payment methods alongside traditional gateways.
Apple Pay and Google Pay: wallet-based payment methods that ride on top of the underlying gateway, accelerating checkout for mobile customers.

What to evaluate when choosing a gateway

Transaction fees. Typically 2.4–2.9% plus $0.30 per transaction in the US, with variations by card type and volume. Shopify charges an additional 0.5–2% if a non-Shopify-Payments gateway is used.
Payment method coverage. Does it support cards, wallets, BNPL, local payment methods relevant to the brand's markets?
International capability. Multi-currency processing, local acquiring, and country-specific payment methods for brands selling internationally.
Fraud tools. Native fraud scoring, 3D Secure handling, chargeback management features.
Subscription and recurring billing support. Native handling of failed retries, dunning, and updated card details.
Developer features. Webhooks, APIs, and integration depth for brands building custom payment flows.
Settlement timing. 1-day settlement is standard; longer hurts cash flow.

Common payment gateway mistakes

Paying double fees by using a non-default gateway. On Shopify, using a gateway other than Shopify Payments adds 0.5–2% per transaction on top of the gateway's own fees. The decision should be deliberate, not accidental.
Underestimating chargeback risk. Chargeback rates above 1% put the merchant on processor watchlists; sustained high rates can lead to account termination. Fraud filtering, address verification, and clear product descriptions all reduce chargeback risk.
Ignoring international payment methods. Cards are dominant in the US; in Europe SEPA and iDEAL matter; in Asia Alipay and WeChat Pay; in Latin America Pix and Mercado Pago. Brands selling internationally with cards-only checkout leave conversion on the table.
Not testing 3D Secure flows. 3DS authentication is now mandatory for European card transactions and increasingly common elsewhere. Checkouts that handle 3DS poorly produce conversion drops at the worst moment.