A payment gateway is a merchant service provided by an e-commerce application service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar. The payment gateway may be provided by a bank to its customers, but can be provided by a specialised financial service provider as a separate service, such as a payment service provider.
Depending on the payment gateway a website may not need a SSL. Using an API integration method, a website's visitor remains on the website through the entire transaction process, and a SSL is required. Using a simple method that some gateways provide, a visitor is redirected to the payment gateway to complete a transaction, where the SSL is handled by the Payment Gateway. The API method is more expensive because of the required SSL, but it provides a better user experience and if usually a better system for most websites.
A payment gateway facilitates a payment transaction by the transfer of information between a payment portal (such as a website, mobile phone or interactive voice response service) and the front end processor or acquiring bank.
If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's webserver. In between other methods, this may be done via SSL (Secure Socket Layer) encryption. The payment gateway may allow transaction data to be sent directly from the customer's browser to the gateway, bypassing the merchant's systems. This reduces the merchant's Payment Card Industry Data Security Standard (PCI DSS) compliance obligations without redirecting the customer away from the website.
The payment processor forwards the transaction information to the card association (I.e.: Visa/MasterCard/American Express). If an American Express or Discover Card was used, then the card association also acts as the issuing bank and directly provides a response of approved or declined to the payment gateway. Otherwise [e.g.: MasterCard or Visa card was used], the card association routes the transaction to the correct card issuing bank