Online Payment Gateway- A Comprehensive Guide

What is a Payment Gateway?

A Payment Gateway is an interface that allows you to process payments directly through your bank account. Set on an online platform, an online payment gateway lets you make transactions through internet banking, debit and credit cards, UPI, or online wallets, by connecting your bank account directly to the platform you’re required to make payment to. It functions by transferring key information between websites or mobile devices and banks or payment processors, and vice versa, making online payments a smoother and user-friendly affair. To ensure the security of your transaction and eliminate fraudulent activities on your website, an online payment gateway makes sure to encrypt all the sensitive information which comprises card and bank details.

Simply put, an internet payment gateway is an online representation of the real-time point of sale terminal that you must have seen in retail stores. A payment gateway’s prime role is to process payments from online customers dropping at your web store.

10 Reasons why your business should start accepting digital payments NOW!

Payment Gateway Architecture & Various Software Components Involved

When talking about a Payment Gateway, we never miss out on mentioning the security of the same. A payment gateway works under the 3D or 3 domain secured authentication XML-based protocol and has three basic components. This XML-based protocol, developed by  Visa, adds an additional security layer for online card transactions and has been adopted by other card networks like MasterCard, Amex, etc.

The 3D or domain secure has 3 genres namely- acquiring domain, issuing domain, and interoperability domain. The interoperability domain links the acquiring and issuing domains together.

But how do these domains work in a 3D-Secure payment gateway? Let’s have a look.

Issuer Domain: The issuer domain or the Access Control Server is where the issuing bank operates and issues cards to the account holders. These cardholders then indulge in online purchasing with these cards. Here, the issuing bank deploys Access Control Server or ACS to receive 3D secure messages, process the messages, and authenticate the card user and the transaction performed. 

Acquiring Domain: Acquiring domain is where the payment gateway and the acquiring bank comes into the picture. They deploy a Merchant Plug-in which initiates and authenticates the transaction made. 

Interoperability Domain: The interoperability domain comprises of the Directory Server which is deployed by the card network and deems as the foundation that holds the entire 3D secure mechanism together. This server acts as a directory for the acquiring and the issuing bank and enables the exchange of funds between them. The directory which holds the information of all BIN ranges of the corresponding issuing banks serves as a mapping server where the acquiring bank sends a message to the card network’s Directory Server. Once the Directory Server receives a message from the Merchant Plug-in, it checks the card number against the BIN range and forwards it to the current issuing bank. The issuing bank then proceeds with the authentication of the card user. 

An independent entity involved in facilitating communication in a payment process among the above-mentioned parties is a Payment Switch.

Payment Switch:  The Online Payment Gateway uses a switch exclusively to communicate with various stakeholders involved in a payment procedure and is highly flexible, and trustworthy. It promotes payment processing between providers, as it understands which providers it needs to process with and also accepts the payment requests. Upon understanding the providers, it formats the message for them, sends it, gets and edits the response, and finally sends it back to the initiator.

What is payment processing- payment processor vs payment gateway

Types of Online Payment Gateway

Before you get yourself into integrating a payment gateway solution for your website, it is essential that you hold in-depth knowledge about which payment gateway works best for your business.

Hosted Payment Gateway: A hosted payment gateway directs your customer away from your website’s checkout page and redirects them once the payment processes. When your customer clicks on the gateway link, they are directed to the Payment Service Provider (PSP) where they fill in their payment details and are then redirected to your website to complete the checkout process.


  • The transactions made are extremely secured with PCI DSS compliance and generally offer customer fraud protection.
  • They are customizable, as in, you could add your logo for reassurance.


  • With the gateway being external, it is impossible for merchants to retain the customer and control the whole user experience.

Non-hosted Payment Gateway: A Non-hosted or Integrated Payment Gateway eliminates the process of routing your customer to a PSP thereby, allowing them to complete the payment process on your website itself. Whenever a merchant is scared to lose his customers and wants to fully control the user experience, they go for an integrated payment gateway. A non-hosted gateway allows customers to directly enter their card or banking details on your checkout page and process payments through APIs or HTTPS query without being redirected to another PSP.


  • Fully customizable and provides full control over your customer’s experience and the user interface of the payment.
  • It is highly versatile as by using an API you can integrate your internet payment solution with any device that connects over the internet.


  • Security is a major factor here. The merchants themselves are responsible for purchasing the SSL certificate and getting a PCI DSS compliance to provide their customers with a seamlessly secured interface.

Overview of an E-Payment System

How does Payment Gateway work?

Here are the basic steps that will give you an insight into the functioning of a typical payment gateway.

Step 1- Your customer places the order by pressing submit button or checking out, on your website.

Step 2- When the customer clicks on the checkout button, he is routed to the payment gateway or the payment page and is required to input his bank details in order to proceed with the payment. The gateway then takes the customer to the issuing bank’s page where he can authorize the transaction. This page is extremely secured and encrypted to avoid the misuse of the user’s banking details.

Step 3- Post authorization, once the payment gateway gets approval for the transaction, the bank checks to make sure that the customer holds enough funds in his account before processing.

Step 4- The processing message is sent to the customer according to the bank’s response. If the bank is unable to process the transaction, the reason for the failure is communicated with the customer. Similarly, if the bank can successfully process the transaction, the funds are directed towards the merchant hereby, completing the transaction.

Step 5- Finally, the bank settles the money with the payment gateway which in turn, makes the settlement in the merchant’s account, providing the customer with a confirmation message of the order placed.

How payment gateway works

Types of transactions in a Payment Gateway

Keeping the needs of your business in mind, here are the payment transaction types that merchants need to consider before integrating a payment gateway with their e-commerce site.

  • Authorization: Authorization determines a customer’s ability to pay and find out if there are enough funds in their card to process the transaction, without transferring funds. In cases where the merchant needs time to ship the products and needs to guarantee fund transfer by the card issuer, authorization comes in handy.
  • Capture: Capture works post-authorization of the funds. When you’ve sold a product online that takes time in manufacturing for shipping, you first need to authorize the payment before capturing it and settling it in your bank account.
  • Sale: Sale is an amalgamation of authorization and capture. When you fulfill your orders immediately, you use the sale transaction type where the money is charged and transferred at once.
  • Refund: Whenever an order is cancelled due to some reason, the merchant is required to refund the transaction and submit it for processing. A refund is most likely to be of the same amount as authorized and only applies to sale and capture transactions.
  • Void: Similar to refunds, the void transaction can only be made in case of an un-settled or un-captured transaction. Where it may take 3-5 days to process a refund, void transactions will disappear from their customer’s account statement within 24 hours and are much cheaper, in comparison.

Understand the Payment Settlement Process

What are Online Payment Gateways responsible for?

  • An Online Payment Gateway makes request to payment switch to process payments and communicates the received outcome with the customer. 
  • Payment Gateways shares receipts and confirmation with merchants and customers.
  • It ensures that transactions taking place on its portal are safe and encrypted, making sure that no data is leaked.
  • Internet Payment Gateways define the minimum and maximum transaction amount limit of a merchant and can also restrict transactions from cards issued from specific regions. 
  • Online Payment Gateways also define a sub-merchant ID for merchant payment configuration and use this ID to communicate with the payment switch in order to validate transactions. 
  • A payment gateway checks whether the cardholder is 3Domain Secure so that the related Merchant Plug-in can look up in card’s directory services and return the response to the payment gateway. 

How does Internet Payment Gateway keep your information secure?

We talk about how security and encryption is a prime aspect when talking about online payment gateways as every day millions of transactions are processed through it. 

So how does a Payment Gateway actually makes sure that your data privacy is impenetrable? 

  • SSL or Standard Security Layer: SSL is the standard security protocol used for online transactions and aims at both protecting sensitive card information and authenticating cardholder’s identity. 
  • 3-Domain Secure Protocol: 3-Domain Secure Protocol is an additional security messaging protocol layer placed to authenticate merchants and customers. 
  • Data Encryption: Data encryption acts as the most crucial security feature as it scrambles the entered card and banking data so that it is indecipherable to fraudsters. 
  • Tokenisation: Tokenisation replaces sensitive card intel with a series of encrypted characters and makes transactions highly secure over an online payment gateway. 

Compliance Requirements to Integrate Payment Gateway

What are the charges involved with a Payment Gateway? 

An Online Payment Gateway’s charges are cumulative of several aspects and depends largely on the services and customisations that you opt for. Talking about an ideal internet payment gateway, three major elements are involved in determining its price. 

  1. Setup Fee: Setup fee is a one-time charge that you pay to integrate a payment gateway on your website. It inculcates charges of onboarding a merchant and infrastructural cost which is cumulative of charges that a bank levies.
  2. Annual Maintenance Charges: Annual Maintenance Charges or AMC includes operating expenses, software maintenance. It also largely depends on the payment options you choose to activate on your portal and any customisations that you might opt for.
  3. Transaction Discount rate or TDR: TDR is levied per transaction basis and differs on the mode of payment you customer uses to make the transaction. This TDR is then split among various parties involved namely, the Issuing Bank, Card Network, Acquiring Bank, Payment Switch Provider and finally your Payment Gateway service provider.

With Atom, get customisation in Transaction Discount Rates when you process large value and volume of transactions, annually. 

MDR Charges & other Digital Payments related Fees

Which Internet Payment Gateway is right for your Business?

Integrating the best payment gateway solution for your website may sound challenging. With a myriad range of internet payment gateways being present out there, here are a few things to keep in mind before you settle down with one.

  • Security: When choosing a payment gateway, the first thing you should look for is whether the gateway is PCI DSS compliant or not. Select the payment gateway that prioritizes security and uses the highest bit encryptions. This is essential to keep your customer’s data safe while avoiding fraudulent activities on your website.
  • Onboarding Process: Make sure you don’t go for a payment gateway with a long and comprehensive onboarding timeline. Look for a payment gateway that requires a maximum of 10-15 days to complete the entire onboard process to get you going.
  • Seamless Integration: Before you choose a payment partner, always make sure whether the platform offers quick and easy integration and is merchant and user-friendly? If your gateway provides you with shopping cart plugins and mobile SDKs, the more effortless your user interface will be.
  • Mobile Optimization: Keeping current trends in mind, mobile optimization undoubtedly, tops the list for most of us. Without proper mobile optimization, you could lose a major chunk of your potential business.
  • Customer Support: Every good payment partner believes in servicing their clients’ problems 24*7. Always look for a gateway that provides you customer support and solving your problems irrespective of what time of the day or night it is.
  • User Experience: When choosing an online payment gateway, it is essential to focus on the user-experience it provides. Select a payment gateway which is flexible, offers customisation and is unique and prompt in processing payments. This will surely uplift the shopping experience for your customers. 
  • Payment Options: The more, the merrier. The saying goes without a question when it comes to tying the knot of your website with an internet payment gateway. When you offer your customers the leisure to choose the most convenient payment option for them, they tend to make return purchases from you. Atom provides more than 265 digital payment options to you, ensuring that you never miss out on any sale opportunity. 

10 points to consider before choosing a Payment Partner

Finding and integrating the right online Payment Solution Provider is the key decision that you need to take for your business. By leveraging a payment solution built to fit the needs and demands of today’s customers, Atom has designed a unified payment platform that focuses on delivering an enhanced online customer experience by offering 265+ payment options and providing a frictionless journey every time you decide to pay through our portal. Atom’s highly competitive rates and quick merchant onboarding, in combination with resourceful and swift helpdesk, will not only alleviate your customer’s payment experience but will also provide them with a safe payment atmosphere.


  1. Thankyou for choosing Atom, for IVR feature please contact on (, +91 22 6686 4010)

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons