English
German
Spanish
French
Turkish
Back to Guides
How to Choose a Crypto Payment Gateway: A Merchant's Decision Framework
There are 50+ crypto payment gateways claiming to do roughly the same thing. The differences are buried in custody models, chain coverage, fee structures, and compliance posture - details that never appear on a landing page.
This guide gives you a 10-criteria scorecard, red flags to watch for, and a step-by-step evaluation process that turns a vague "which one is best?" into a decision you can defend to your CFO and your security team.
Boost Your Business by Accepting Crypto Payments
Start With Your Business Model, Not the Vendor List
The mistake most merchants make is starting with "who are the top 5 crypto gateways?" The right starting point is "what problem am I solving?"
- High fees on cards? You want the lowest flat rate you can get and automatic stablecoin conversion.
- Chargebacks eating margin? Any non-custodial crypto gateway with good UX will solve this. Fees are secondary.
- Global reach? You need broad chain and stablecoin coverage, a strong off-ramp in multiple fiat currencies, and good UX in non-English markets.
- High-risk vertical? You need a gateway with explicit acceptance of your category and licensed off-ramp partners who do not shut you down at volume.
- Crypto-native customer base? Prioritize wallet coverage, WalletConnect, and support for niche chains (Solana, Avalanche, Base) your audience actually uses.
Different problems lead to different gateways. Without a clear problem statement, every vendor sounds the same.
The 10 Evaluation Criteria
A scorecard that captures what actually matters, weighted by operational impact:
| # | Criterion | Why it matters |
|---|---|---|
| 1 | Custody model | Custodial, non-custodial, or MPC. Decides your counterparty risk and your operational burden. |
| 2 | Chain and asset coverage | BTC, ETH, Tron, Solana, major L2s, USDT, USDC. Must match where your buyers hold assets. |
| 3 | Fee structure | Flat percentage, off-ramp spread, withdrawal fees. Transparent vs bundled. |
| 4 | Settlement speed and currencies | T+0 to T+2 to your bank, in how many fiat currencies, with what cutoff times. |
| 5 | Fiat off-ramp jurisdictions | Which countries can the gateway pay you in, with what banking partners. |
| 6 | Compliance and licensing | VASP registrations, MiCA readiness (EU), MSB (US), Travel Rule compliance, sanctions screening. |
| 7 | Integration ecosystem | REST API quality, SDKs, Shopify/WooCommerce/Magento plugins, webhook design. |
| 8 | Fraud and address screening | Chainalysis, Elliptic, or TRM screening on inbound; rejection of sanctioned addresses pre-credit. |
| 9 | Reliability and uptime | Documented authorization uptime (target > 99.9%), status page, SLA, incident postmortems. |
| 10 | Support and account management | Response times, dedicated AM at volume, developer docs, sandbox parity. |
Score each vendor 1 to 5 on every criterion, weight by importance for your business, and let the total be the baseline for your negotiation.
Custody Model: The Most Important Decision
Custody is the question that separates a gateway from a counterparty. Get this one right and everything else is tuning.
Custodial
Funds sit in the gateway's wallet; you see a dashboard balance. Fastest onboarding, hardest to unwind if the gateway fails, insolvent, or loses a regulatory license.
Non-custodial
Funds sweep to your wallet on every payment. Zero counterparty risk. You own key management and have to understand hot/cold wallet policy.
Hybrid / MPC
Keys split between you and the gateway. Best of both worlds: no single party can move funds alone. Operationally more complex.
Rule of thumb: if you process under $100k/month, custodial is fine and faster. Between $100k and $1M/month, push for hybrid/MPC. Above $1M/month, non-custodial or MPC should be a hard requirement. Counterparty risk scales with balance.
Reading the Fee Structure
Published fees are rarely the full picture. The real cost is:
- Merchant fee - the headline percentage per transaction. 0.4 to 1% is normal; anything above 1.5% is expensive for crypto.
- Auto-conversion fee - if you want inbound BTC turned into USDC or EUR on arrival, there is a spread (0.5 to 2%).
- Off-ramp spread - on top of the conversion fee, the banking partner takes a cut when moving fiat to your account.
- Withdrawal fee - per-transaction cost to move funds out of the gateway. Can be flat ($5-25) or percentage.
- Network fees - paid by the buyer or the gateway depending on policy. On Ethereum mainnet, gas can be material.
- Minimums - monthly minimums, inactivity fees, account maintenance. Rare but worth asking.
Ask any vendor to price a full scenario: "I process $200k/month in BTC and USDT, auto-convert to EUR, withdraw daily to SEPA. What is my all-in cost?" The delta between headline and all-in is usually 0.5 to 1.5 percentage points.
Compliance and Red Flags
A crypto gateway is a regulated business in almost every jurisdiction that matters. Its compliance posture is your compliance posture when it comes to reputational and banking risk.
Green flags:
- Public VASP or MSB license number. Verifiable on a regulator's site.
- EU operations under MiCA registration (from 2024 onward).
- Named banking partners and licensed off-ramp providers.
- Chainalysis, Elliptic, or TRM integrated for inbound screening.
- SOC 2 Type II or ISO 27001 certification.
- Travel Rule compliance (Sumsub, Notabene, or in-house equivalent).
Red flags:
- No named compliance officer, no regulator registration, no license publicly visible.
- Vague "we work with banking partners" without naming any.
- Marketing around "no KYC" as a feature at the merchant level. Legitimate for buyers; a compliance hazard for merchants at scale.
- Headquarters in a jurisdiction with no crypto regulatory framework at all.
- No chain-analytics integration or public policy on sanctioned-address handling.
- Unexplained downtime incidents or founder changes in the last 12 months.
Integration and Developer Experience
You will touch the gateway's API thousands of times before it handles a single transaction in production. Good DX saves months.
- REST or GraphQL, not SOAP. Modern is modern for a reason.
- Idempotency keys. Mandatory. Any gateway that cannot explain them is a hard pass.
- Signed webhooks. HMAC-SHA256 minimum. Replay protection. Event IDs.
- Sandbox parity. The test environment should behave identically to production, including error codes and webhook timing.
- SDKs in your stack. JS/TS, Python, PHP, Go, Ruby, Java. If only one of those exists, integration doubles.
- Plugins. Shopify, WooCommerce, Magento, PrestaShop, OpenCart at minimum if you are e-commerce.
- Dashboard. Real-time transaction view, invoice drilldown, webhook logs with replay, team roles with granular permissions.
- Support SLA. Response time in the sandbox is a preview of response time in production.
A 4-Week Evaluation Process
A disciplined procurement process for a gateway in four weeks:
Shortlist
Write your business-model problem statement. Shortlist 4 to 6 vendors that explicitly solve it. Send a written RFI: custody, chains, fees, licensing, uptime, SLA.
Technical evaluation
Get sandbox credentials. Have an engineer build a happy-path integration and trigger every edge case: underpay, overpay, expire, wrong network, webhook retries.
Compliance and security
Review licenses, SOC 2 reports, Travel Rule policy, sanctions screening. Have your counsel do a paper review of the merchant agreement.
Negotiate and commit
Score the shortlist. Negotiate fees with the top 2 against each other. Insist on an exit clause and a data-portability commitment. Sign.
Any vendor unwilling to engage with a structured process this fast is a vendor that will not scale with you.
The Scorecard Template
| Criterion | Weight | Vendor A | Vendor B | Vendor C |
|---|---|---|---|---|
| Custody model fit | 15% | |||
| Chain / asset coverage | 10% | |||
| All-in fee | 20% | |||
| Settlement speed | 10% | |||
| Off-ramp jurisdictions | 10% | |||
| Compliance / licensing | 10% | |||
| Integration DX | 10% | |||
| Address screening | 5% | |||
| Uptime / SLA | 5% | |||
| Support | 5% | |||
| Weighted total | 100% |
Score each criterion 1 to 5. Multiply by weight, sum. Use the total as the starting point for the commercial conversation, not the decision itself - context always matters.
Boost Your Business by Accepting Crypto Payments
Get Started
Frequently Asked Questions
Custody model. It decides your counterparty risk, your operational burden, and what happens if the gateway fails or loses a license. Everything else is tuning once custody is right.
0.4 to 1% flat on the merchant fee is normal. Plus 0.5 to 2% on auto-conversion or fiat off-ramp if you want funds in a bank account. Anything above 1.5% on the headline fee is expensive for crypto.
At minimum: BTC, ETH, USDT, USDC, on Bitcoin, Ethereum mainnet, Tron, Solana, and the major Ethereum L2s (Polygon, Arbitrum, Base). That covers roughly 90% of crypto payment volume globally. More is nice; less is a gap.
Not mandatory, but recommended above $1M/month in volume. Custodial gateways are fine for smaller balances where the dashboard UX is valuable and the counterparty risk is contained.
Ask for their VASP, MSB, EMI, or equivalent license number. Verify it on the regulator's public registry (FinCEN for US MSBs, FCA for UK, BaFin for Germany, etc.). No registration, no deal.
Marketing "no KYC required" as a merchant-level feature. KYC on the buyer is genuinely optional; KYC on the merchant is mandatory in every regulated market. A gateway that advertises merchant-side "no KYC" is either misleading or operating outside regulation.
Four weeks is realistic for a structured process: shortlist, technical evaluation, compliance review, commercial negotiation. Faster is possible; slower usually means you skipped steps that will bite in production.
Yes, but the switching cost compounds. Insist on a data-portability clause (transaction history, invoice API compatibility, webhook schema) in the original contract. Non-custodial gateways have the lowest switching cost because funds are already in your wallet.
At scale, yes. A primary for most volume and a secondary for redundancy, specific chains, or specific geographies. Most merchants wait until $5M+ monthly before dual-sourcing.
No. Blockchain transactions are irreversible by design, so there is no equivalent of a chargeback. Refunds exist as outbound transactions you explicitly issue. This is a feature for merchants and a shift in consumer expectations.
