Every online card transaction passes through two systems before money moves: a payment gateway and a payment processor. They’re often treated as synonyms, but they handle different jobs at different stages. Understanding the payment processor vs payment gateway distinction helps you choose the right vendors and avoid gaps that show up as failed sales.
What is a payment gateway?
A payment gateway sits between your checkout page and the financial network. Its job: capture the card number, expiry date, and CVV from the customer’s browser, encrypt that data, and pass it to the payment processor for authorization. Once the processor returns an approved or declined response, the gateway relays the result back to your checkout page.
Because the gateway handles raw card data at the point of entry, it carries the heaviest security load. Card-not-present fraud accounts for over 80% of all card fraud globally (Europol, 2023), and the gateway is where encryption and fraud screening happen first. In European markets, the gateway is also the integration point for Strong Customer Authentication via 3D Secure 2.
The global payment gateway market was valued at $26.7 billion in 2024, projected to reach $48.4 billion by 2029 (MarketsandMarkets, 2025). Gateways typically charge a monthly fee ($25-$50) plus a per-transaction fee.
What is a payment processor?
The payment processor picks up where the gateway leaves off. It routes encrypted card data through the card networks (Visa, Mastercard) to the customer’s issuing bank for authorization, then handles settlement, moving funds to the merchant’s account.
Visa and Mastercard alone processed $9.367 trillion in U.S. purchase volume in 2024 (Nilson Report, 2024). Every dollar passed through a processor.
Processors typically charge a percentage of each transaction (1.5-3.5%) plus a fixed fee ($0.10-$0.30). At higher volumes, processing fees are the larger cost component relative to gateway fees.
Payment gateway vs payment processor: key differences
| Function | Payment gateway | Payment processor |
|---|---|---|
| Primary role | Captures and encrypts card data | Routes transactions and settles funds |
| Where it operates | Between customer browser and payment network | Between payment network and issuing/acquiring banks |
| Security focus | Encryption at point of data capture | Network-level authorization and settlement |
| Typical fees | Monthly fee + per-transaction fee | Percentage of transaction + fixed fee |
| Required for online | Yes | Yes |
| Required for in-store | No (POS terminal handles data capture) | Yes |
The gateway collects and secures payment data; the processor moves the money. For online transactions, you need both. For in-store card-present transactions, a POS terminal replaces the gateway.
Providers like Stripe, Adyen, and Square bundle both functions into one platform. The technical distinction still exists, but the merchant interacts with a single vendor.
How gateways and processors work together in a transaction
Here’s what happens in the seconds between clicking “Pay” and seeing a confirmation:
- The customer enters card details on your checkout page.
- The payment gateway encrypts the data and sends it to the processor.
- The processor forwards the transaction through the card network to the issuing bank.
- The issuing bank checks validity, funds, and fraud rules, then returns an approve or decline.
- The response travels back through the processor and gateway to your checkout page.
- At end of day, the processor settles funds to the merchant’s acquiring bank.
Authorization (steps 1-5) completes in 1-3 seconds. Settlement takes 1-2 business days.
When any link fails, the sale fails. Failed payments account for up to 15% of lost ecommerce sales (Adyen, 2024), and false declines cost merchants $443 billion per year globally (Aite-Novarica Group).
Where payment orchestration fits in
Managing separate gateway and processor relationships means separate contracts, integrations, and failure modes. Add a second gateway for redundancy or a second processor for regional rates, and complexity multiplies.
Payment orchestration sits above both. It routes each transaction to the right provider based on cost, approval likelihood, and availability, without your systems needing to know which gateway or processor handles a given transaction.
What that changes in practice: if your primary gateway goes down, an orchestration layer provides automatic failover to a backup. If one processor approves more transactions for a specific card type, intelligent routing sends those transactions there automatically.
Key point: Orchestration improves authorization rates by 2-3% through dynamic routing (Capgemini Research Institute).
Need a new payment method or processor for a new market? Orchestration handles it through a single integration. Orchestra connects to 90+ payment providers through one JavaScript library, so adding a gateway or processor doesn’t require a separate build. For SaaS platforms that embed payments, a multi-gateway setup lets you support each customer’s payment requirements without custom integration work.
How to choose the right setup for your business
| Approach | Best for | Trade-off |
|---|---|---|
| Single bundled provider | One market, moderate volume, simple setup | Full dependency on one provider |
| Separate gateway and processor | Specific capabilities from each, higher volumes | Added integration and contract complexity |
| Orchestration layer | Multiple providers, new markets, PCI scope management | Additional platform cost |
Reducing processing fees through a multi-processor strategy can justify the complexity at higher volumes.
An orchestration layer is worth evaluating when you manage more than one gateway or processor, expand into new markets, or want to shift PCI compliance scope away from your application code. A payment routing guide can help you map which transactions should go where before committing to an architecture.
Frequently asked questions
Can a company be both a payment gateway and a payment processor?
Yes. Stripe, Adyen, and Square bundle both functions into one platform. The underlying technical roles stay distinct even when one vendor handles both.
Do I need both a payment gateway and a payment processor?
For online card-not-present transactions, yes. The gateway captures and encrypts card data; the processor routes it through card networks for authorization and settlement. In-store POS terminals may only need a processor.
Is PayPal a payment gateway or a payment processor?
PayPal functions as both. It collects payment data (gateway role) and routes transactions through card networks and bank transfers (processor role). This bundled model is common among full-stack providers.
What is the role of payment orchestration relative to gateways and processors?
Orchestration sits above gateways and processors, routing each transaction to the optimal provider based on cost, approval rates, and availability. It turns multiple gateway and processor relationships into a single integration point.
Which is more important for security: the gateway or the processor?
The gateway handles the most security-sensitive step: encrypting raw cardholder data from the customer’s browser. Both must maintain PCI DSS compliance, but the gateway’s role in initial data capture makes it the primary security touchpoint.
