Payment Gateways for eCommerce Stores

Ecommerce Guides

If you’re thinking of starting an online business then you’ll principally be wondering how your future customers will pay for your goods and services. Large or small, every business has to ensure that their website facilitates growth and – ultimately – profit. This means laying down a solid foundation for taking payments. The eCommerce world is fiercely competitive so understanding the best method for your customers to pay you will set you in good stead.

With so many established eCommerce websites out there, it’s very likely that you’ll already have a good handle on what makes a successful one. Think about the websites you use regularly and you’ll agree that the check-out process has a lot to do with why you might be a repeat customer; maybe you use single-click check-out which negates the need to fill in your card details every time, maybe the website offers PayPal functionality, or maybe you prefer to purchase via mobile so lean towards using sites with responsive payment pages. These payment features are no accident and are dictated by which payment gateway the eCommerce website is powered by.

There are plenty of payment gateways out there, all of which have different features and functionality. This article will compare five of the most popular ones currently dominating the payments landscape:  PayPal, Stripe,, Intuit and Worldpay. We will look at their positive and negative points and what their implementation means for growth, website productivity and scalability.

List of contents:

  1. Advantages of taking online payments
  2. eCommerce essentials
  3. Your eCommerce website
  4. What is a payment gateway?
  5. What is a merchant account?
  6. Online fraud: PCI DSS & SSL
  7. 5 payment gateways: pros and cons
  8. Quick view comparison table (including fees)
  9. Conclusion

If you want to take payments, understanding what a payment gateway is and how it fits into your business is important. As is understanding the implications of taking card payments – you’re about to start taking highly confidential customer data, after all.

Advantages of accepting online card payments

  • Consumers expect to be able to pay by card (and multiple card types)
  • Setting up a payment gateway is quick and easy – and payment occurs at time of sale
  • Card payments are more secure than cash
  • Debit and credit transaction costs are transparent
  • You can attract global customers

The eCommerce essentials

The internet has had a major impact on the way businesses trade and the way consumers shop. Online payments generate 10% of the UK’s annual GDP, and online sales are growing consistently year-on-year. Definitely worth the investment, there are three things you need in order to accept payments online:

  1. An eCommerce website
  2. A merchant account
  3. A payment gateway

Your eCommerce website

Take key learnings from large eCommerce websites: simple navigation and clear calls to action are good places to start when thinking about your long-term website maintenance plans. While aspects like imagery and copy are also fundamental to every website, deciding what kind of hosting platform you’ll use together with payments functionality will impact your projected growth plans. Choosing a hosting plan can seem daunting but these split into three main types:

  1. Out-of-the-box/Free static

This is arguably the most cost effective website hosting solution. Quick to implement, it means your website comes pretty much eCommerce ready, as hosting is a full package so it comes with pre-paid help from a professional web designer.

  1. Open Source

Many Open Source platforms are free to use but you’ll find with this option that you’ll still need to employ the time of a (or multiple) web developer or a web agency. A web agency will create and take care of your website’s development. This is, of course, unless you can take care of these technical aspects yourself.

  1. Bespoke/custom made

Usually reserved for businesses that operate on a larger scale, bespoke websites are developed by web agencies from scratch. This means that your website is built with your businesses’ exact requirements in mind.

You might have heard of a few website hosting platforms. Some popular ones include: Go Daddy, 1and1 and Names.

What is a payment gateway?

In a nutshell, a payment gateway is an eCommerce application service provider that authorises credit and debit card payments for online businesses and online retailers. An easy way to get your head round a payment gateway and what it might look like is by liking it to a physical point of sale (POS) in a shop – it handles the transaction between vendor and customer.

A payment gateway is the secure link between your eCommerce website and your merchant bank. The gateway protects customer credit/debit card details by encrypting this sensitive information – like the actual credit/debit card numbers – and ensures that this information is passed safely between 1) the customer and the merchant and 2) the merchant and the payment processor. There are quite a few factors and considerations that happen along the way, like checking for fraudulent activity.

This how a secure payment gateway works (and it takes 2 seconds):

  • Your customer is on your eCommerce website and decides to buy a product, so submits an order
  • The transactional information is relayed to the payment gateway’s secure connection where it is encrypted
  • The payment gateway then forwards the information to your acquiring bank’s payment processor
  • The payment processor forwards the transaction information over to the association that the card used belongs to e.g. Mastercard or Visa
  • Next, the credit or debit card’s bank receives this request and sends a reply to the processor with a special code which signals whether the transaction will pass or fail e.g. if there isn’t sufficient funds available in the bank account
  • The payment processor then sends this message onto the payment gateway
  • The payment gateway receives the message and then forwards it onto your website – and then sends this information back to the card holder and also the merchant.
May also like:  Creating an affiliate marketing program for your ecommerce website.

What is a merchant account?


A merchant account allows you to accept card payments through different channels, whether that’s in a physical store or through an eCommerce website (and mobile, etc). It fulfils a different function to a business account.

The type of merchant account you’ll need depends on how you intend to operate your business. If you’re operating online then you’ll need an eCommerce merchant account.  There are others, including MOTO (mail and telephone) accounts and also card terminal merchant accounts.

Costs do vary, however. Setting up and running a merchant account will vary from merchant bank to merchant bank. As a vendor, you’ll typically be charged a percentage rate of each credit card transaction and then a flat fee per debit card transaction. Depending on the bank you opt to go with, you may also get charged for the initial set up, refunds and additional authorisations.

If you’re just starting out, you might find it difficult getting a merchant account because you won’t have much trading history. However, if your website is ready and good to start taking payments, then you won’t come across too many stumbling blocks.

Many payment gateways will help set up a merchant account for you – though you will be charged at the provider’s rates.

Online fraud

Whether you’ve chosen to operate online, offline, or both, security should be every vendor’s primary concern. UK businesses alone lose thousands of pounds every year because they are not equipped to deal with fraudulent activity. At the same time, the chance and risk of encountering fraud can deter internet users from using websites if they don’t feel that the payment process (the check-out page) is secure. Making sure your customers are checking-out securely is a way of safeguarding your business and retaining their custom.

There are varying levels of fraud protection out there and the type of goods or services you’re selling will dictate the level you’ll need – some goods are a lot more risk heavy, for example jewellery and furniture. The size of your business will also affect the level of anti-fraud you’ll need.

When you’re choosing your payment gateway, you’ll need to factor in potential charges for anti-fraud tools. Plenty of payment service providers will include fraud tools as standard, but plenty also do not – be very careful because the price can add up.

Tip: As a rule, you should make sure the cover you choose includes these three basic online fraud screening tools:

  1. Address Verification System (AVS)

This is where the customer’s billing details are checked against the card’s registered address.

  1. Card Security Code (CV2)

When the customer is asked to input the last three digits on the back of the debit/credit card.

  1. 3D Secure

This is a password, generated by the user, which can also authorise payments.



If you’re going to take card payments online then you will have to be aware of Payment Card Industry Data Security Standards (PCI DSS). This is essentially the payment industry’s governing body. It is a framework of strict rules that every business (no matter how large or small) must adhere to – created to ensure that cardholder data is always encrypted and protected.

While PCI DSS isn’t a legal requirement for businesses, the best advice to follow is to make sure you have some level of it. If you’re a start-up then you won’t need an especially high level of PCI DSS but as you grow you’ll need to get it elevated. This is because the level of compliance you’ll need is directly dictated by the number of card transactions you process. Level 1 is the highest level and most payment gateways will be this level if they are PCI DSS compliant. This means that will collect and manage customer data instead of you.


SSL, or Secure Sockets Layer, is a type of security technology that is used for establishing an encrypted link between a server and a client, e.g. between a website and a browser. The data usually sent between a browser and a web server is plain text, which is unprotected from fraudsters and is easily accessible. SSL securely transmits this information; including credit and debit card numbers, logins and passwords and even things like social security numbers. SSL is a security protocol, which means that it describes in what way the algorithm handling the data should be transmitted.

Features you can expect to find (in varying forms – cost dependent):

  • Warranty
  • Bit encryptions
  • Browser compatibility
  • Malware scanning
  • Verification seal
  • IDN support

Importantly, you don’t always need a SSL certificate when setting up a payment gateway.

5 payment gateways compared


Founded: 1998

Household name and recognised all over the world, PayPal have won the hearts of many businesses and even more consumers. Easy to set up and even easier to use, PayPal might seem an obvious answer to those setting up an eCommerce website, but approach this giant with eyes fully open.


  • Partnered with fellow payments provider, BrainTree
  • Multiple card payment methods accepted
  • Strong household name with global customer base
  • You don’t need a merchant account – simply log in with your email
  • You also don’t need a SSL certificate
  • No monthly charges
  • PayPal introduced the PAYG model – useful for start-ups
  • Supports eCommerce websites that operate using WordPress with special plugins e.g. if you operate using WooCommerce, you can benefit from PayPal Advanced and PayPal Express (among others).
May also like:  Logistics and Administration


  • Transaction rates vary between 1.9% – 3% + 20p per transaction, but are usually closer to 3%.
  • PayPal’s individual transaction fees are much higher than most payment gateways, so if you take a large volume, you’ll notice these steep charges.
  • Going through PayPal is like going through a third party – so you’re paying them a service charge instead of using your bank account.
  • They hold 30% of vendor transactions for 90 days.
  • Slow support – 24 hour email service.


Founded: 2010

Relatively new to the payments world, Stripe have established themselves as one of the leaders of the pack fairly quickly. Whether you’re looking to build an eCommerce website or mobile app, Stripe do have all the features you’ll need. However, built for developers by developers, many find Stripe quite tech heavy.


  • You don’t need a high level of PCI Compliance if you’re primarily interested in taking recurring card payments
  • You also don’t need a separate merchant account
  • 5% – 2.9% plus 20p flat rate for transactions
  • There are no monthly fees
  • Privately owned and has profited from a lot of PR and exposure
  • Focused on small businesses and start-ups


  • Customer support is email only, which can be quite slow
  • Built mostly for developers, which can leave some vendors feeling out of their depth.
  • The more you sell, the more the transaction fees increase (more obviously than with other payment gateways).
  • You will need a SSL certificate.
  • There are supplier charges for PCI DSS compliance.
  • Do not support mobile payments (right now)


Founded: 1996

Reputable and largely within the UK market, Authorize are a subsidiary of Visa. Easy to integrate, Authorize offer custom payment forms that sit on their own servers. Popular with businesses who use WordPress, while Authorize are powerful, their prices are high.


  • They have an answer for every different type of eCommerce store
  • PCI DSS compliant
  • Multiple payment options available including recurring payments, customer information management and more.
  • Integrates well with typical and popular eCommerce software
  • Reasonable set up fees
  • Integrates with QuickBooks


  • 9 – 3.0% transaction fees
  • You’ll need to set up a merchant account
  • Their mobile app is somewhat limited
  • £20 monthly payment for the gateway itself
  • No monthly reporting tools


Founded: 1983

Intuit are one of those payments companies that has been around for a long time – they are seasoned payments professionals who can offer merchants the whole eCommerce package. However, Intuit are not especially prevalent internationally, with most of their business happening in the US.


  • 4% + 20p transaction fee per swiped transaction
  • Easy to integrate with most eCommerce platforms
  • No monthly fees
  • No set up fee
  • Quick to get a merchant account
  • If you use QuickBooks to keep your accounts then you’re in luck, as Intuit is probably the payment gateway that integrates best with this software.


  • 4% + 20p per keyed transaction
  • Conversely, if you don’t use QuickBooks, you might find account reconciliation with other software quite a challenge.


Founded: 1997

Prevalent worldwide, Worldpay are one of the biggest payment service providers out there. Worldpay offer a whole host of services and have competitive rates. They are not known for their customer service though, so it depends if the human touch is part of what you’re looking for – and how much support you might need.


  • Worldpay are very quick at obtaining merchant accounts for new businesses
  • They are full multichannel – so the chance to expand your business into other channels is a possibility.
  • If you intend to operate your business using invoicing, Worldpay offer an eInvoicing service.
  • Allows payment through PayPal integration
  • Fees reduce with large volume of sales
  • Quick set up process


  • While Worldpay are global with strong positioning, they are more focused on larger businesses.
  • This may be a con, or a pro, but Worldpay operate using capped transactions and bespoke pricing. So your prices will depend on what you’re quoted at the time.
  • Fraud support is charged additionally
  • Set up fee is expensive
  • Worldpay are not known for their sales approach
  • Often customers are tied into contracts
  • PCI DSS charges

Quick View Payment Gateway Comparison


While these payment gateways are by no means the only ones on the market, they can offer start-ups and new businesses a comprehensive and solid eCommerce experience. They are all well-established enough in their own right, but the one you choose will depend not on them but your business. For example, if you’re planning steady and swift expansion, then opting for a payment gateway that doesn’t charge for high volumes of sales might be worthwhile. And, for small businesses happy to tick along finding their own feet, you might prefer a gateway that doesn’t charge for set up or have any monthly fees so you can keep your costs down while you get to grips with eCommerce.

Importantly, do some research. Phone around and cold call. Don’t be afraid to get quotes and don’t be afraid to say no. Make a priorities list (e.g. must have fraud tools, PCI DSS, 24/7 customer support) and go from there – the right payment gateway for your business will soon present itself.

PCI DSS,Yes,Supplier charges,Yes,Yes,"Yes, 20 p/m"
Set up fee,No ,None,30 ,None,100
Transaction rates (debit and credit)","3% 3% + 20p ","1.5% 2.9% + 20p",2.9 - 3.0%,"2.4% + 20p 3.4% + 20p",Bespoke
Countries,20+ ,20+,20+,Limited ,20+
Monthly fees,None,None,20 ,None,19.95
Customer support,Yes - email only,Yes - email only,Yes ,Yes ,Yes
Merchant account,No ,No ,No ,Via QuickBooks,Quick to obtain