How to Keep Your Transactions Safe


Payment gateways are a key target for hackers and scammers, and companies that rely on online payment processors are often hit the hardest. ECommerce merchants are at high risk if sophisticated cyberattacks, which can ruin a business either through reputation or even bankruptcy. While some who have been hacked, such as Apple, seem to carry on as if a teenager had never broken into their website, others like Yahoo have peered into the abyss of inevitable decline as users shutter accounts in droves.

A 2018 Thales Data Security Report showed that 75{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} of US retailers have suffered at least one cybersecurity failure with their online stores. One security research company said that about 90{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} of total login attempts to online retailers’ websites were hacking attempts.

ECommerce payment gateways can help you fend off these attacks in real-time by providing a buffer of encryption between buyer and seller. High-quality payment gateways also help you reduce load time.

A high-quality payment gateway can also reduce cart abandonment rate. Surveys report that some of the top reasons for abandoning a shopping cart can be addressed in the quality of your gateway:

  • 15{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} abandon the shopping cart for a better in-store experience.
  • 6{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} abandon due to a lack of payment options.
  • 4{21dc2fe1b43c4cf57a2e25a56b286f09fbb32a45ddf34dcf04be366972dd7b06} abandoned carts due to technical issues.

Knowing which payment gateway is going to be best for your business requires first understanding what a payment gateway is.

A payment gateway is a merchant service that processes credit card payments for eCommerce sites and traditional brick and mortar stores.

The gateway acts much like a cash register. It accepts, processes and stores payments. Most payment gateways accomplish that in a few seconds with these steps:

  • Encryption of the user’s browser and the retailer’s server. A payment gateway will encrypt (encode for private use) data for exclusive use between the buyer and seller.
  • Request: The authorization request occurs when a payment processor gets approval from a credit card company or financial institution to proceed with the transaction.
  • Fulfilment: When the payment gateway has the authorization, it allows the website and interface to proceed to the next action.

The payment gateway also serves other functions, such as screening orders, calculating tax, and using geolocation for location-specific actions.

You may hear payment “gateways” and “processors” used interchangeably, however, they are distinctly different.

  • Payment processor: Analyzes and transmits transaction data, which means that it transmits relevant information to an issuing bank, such as the credit card or debit card number that links to a bank account.
  • Payment gateway: As well as doing the same work as a payment processor, it also authorizes the transfer of funds between buyer and seller.

The gateway is the overall system at the point of purchase: a metaphorical cash register.

The processor is the step in the process that “swipes” the card and runs the information by the issuing bank.

Like a payment gateway, a processor can include both a digital and hardware component — or it can handle the processing solely through software.

There are generally three types of payment gateways:

1. Redirects

Redirects might include an option for a PayPal payment, for example.

When the gateway takes a customer to a PayPal payment page to handle the complete transaction (i.e. processing and paying) it becomes a “Redirect.”

This provides simplicity for the retailer. A small business can use a Redirect gateway to incorporate the convenience and security of a major platform like PayPal, but the process also means less control for the merchant — and a second step for customers.

2. Checkout on site, payment off-site.

Stripe’s payment gateway means that the front-end checkout will occur on your site, but the payment processing happens through Stripe’s back end.

Like redirected payment gateways, there are some advantages to handling your payments this way, including simplicity.

However, you won’t be able to control the user’s entire experience through the payment gateway, so their user experience is out of your hands.

3. On-site payments.

Large-scale businesses tend to use on-site payments using their own servers. The checkout and payment processing on behalf of the customer all work through your system.

This means that you have more control, but also more responsibility. If you handle payments on-site, every variable counts.

Examples of The Best-Known Payment Gateways


PayPal is popular as a redirect payment gateway because it has a reputation as trustworthy and it offers multiple options, such as a $0/month checkout payment gateway hosted by PayPal, or a $25/month option with more checkout customization features. PayPal includes fraud protection security at no additional fee.


Square is a credit card processor and payment gateway provider made famous for physical credit card swipers that attach to your phone. Square’s solutions suit small businesses that need credit card processing for in-person transactions. They charge a premium for transactions entered manually.


Stripe is a popular payment gateway provider with a broad focus on mobile eCommerce, SaaS, non-profits, and platform-based payments. Stripe is also capable of handling companies with a large volume of transactions. makes it possible to accept payments through a wide variety of processors, which in turn gives retailers the ability to accept PayPal payments, Apple Pay, and most major credit cards.

Payment Gateways Limitations

All payment gateways have limitations, many of which are inherent to the payment gateway infrastructure.

1. Gateways rarely accept all types of cards/payments.

Before you select a payment gateway, make sure that you understand what your customers need to use, where the limitations lie, and what’s excluded.

2. International shoppers may not have a payment option.

In China, Alipay is much more popular than payment options that might be familiar to customers in the EU. Merchants looking to capture a broad international audience need to make sure their payment gateway can handle international shoppers.

3. Security flaws (limited).

More than one-third of consumers hesitate to place an order online due to security concerns. Although a high-quality payment gateway should be secure, there are some security vulnerabilities you’ll have to keep in mind:

  • Data breaches: TLS encryption helps most payment gateways handle the processing of privileged data like card information, but once the data is on a server, that server remains a risk.
  • Mobile payment issues: You might control much of the security at the transaction, but you still don’t control who has access to your customer’s mobile device.
  • Malware: Malware that reads passwords and infiltrates user accounts can still send apparently-authentic transactions through secure payment gateways, even while the transaction itself is a fraud.

Stacking Payment Gateways

You can reduce or even eliminate some risks by stacking payment gateways. By employing multiple gateways on your eCommerce platform you maximize your customers’ payment options. This practice has multiple benefits:

1. Making it easier for your customer.

Using a payment gateway that allows Visa and MasterCard will cover many of your bases, but offering more options means securing more sales.

2. Give everyone a second option.

Customers using PayPal, Venmo, or Apple Pay want options to make secure purchases online, so ad these options to your site and secure sales.

Choosing a Secure Payment Gateway

To ensure that you’re working with a secure payment gateway, ask the following questions:

1. What payments do your customers use?

It’s one of the fundamental questions you need to ask: what are your customers already using to handle their payments?

If you stack your payment gateways and facilitate a payment type they can use, you’ll run into fewer problems and run fewer security risks.

2. What is the fee from the payment gateway?

The costs of eCommerce fraud can add to your bottom line.

If a payment gateway’s lower costs are outweighed by the cost of additional security and fraud detection, it might not be worth the investment.

3. How secure is their encryption?

The company needs to be PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is a system of standards put in place to uphold security provisions for the electronic payments.

4. What is their reputation?

Choose a well-known provider with a reputation for security and compliance.


Share this post