GatewayCrypto GatewayCrypto
Log in Get Started
Let's meet at
SBC SUMMIT in MALTA
28 – 30 April
Book a meeting
Back to Guides

What Is a Payment Gateway? A Complete Guide to Fiat and Crypto Payments

Knowledge base16 min read
What Is a Payment Gateway? A Complete Guide to Fiat and Crypto Payments

A payment gateway is the software layer between your checkout and the financial networks that move money. It captures payment data, encrypts it, authorizes the transaction with the buyer's bank or blockchain, and returns an approved or declined response in under three seconds.

This guide walks through what a payment gateway actually is, how fiat card rails and crypto rails each work end-to-end, the economics of fees, chargebacks, and settlement, and how to pick the right gateway, or the right pair of gateways, for your business.

Boost Your Business by Accepting Crypto Payments

Accept crypto payments

Payment Gateway in 30 Seconds

A payment gateway is the software layer that sits between your checkout page and the financial networks that move money. It captures payment details from the buyer, encrypts them, authorizes the transaction with the issuing bank (for cards) or the blockchain (for crypto), and returns an approved or declined response, usually in under three seconds.

If you run an online store, a SaaS product, a marketplace, a forex broker, an iGaming platform, or any business that gets paid over the internet, a payment gateway is mandatory infrastructure. Without it you cannot legally and securely accept card, wallet, bank-transfer, or cryptocurrency payments at scale.

This guide is written for operators, founders, and product or finance leads who need to understand:

  • What a payment gateway actually is, and what it is not.
  • How a gateway works step-by-step for both card payments and crypto payments.
  • The difference between a gateway, a payment processor, a merchant acquirer, and a merchant account.
  • The economics: fees, settlement cycles, interchange, chargebacks, and how crypto changes all of them.
  • How to choose the right gateway, and when a crypto gateway outperforms a fiat one.

By the end, you will be able to talk to any payments provider on equal footing and pick infrastructure that fits your business model rather than somebody else's.

What Is a Payment Gateway, Precisely

A payment gateway is a PCI-compliant service that performs four jobs on every transaction:

1

Capture

Securely collect the buyer's payment credentials at checkout: card number, expiry, CVV; a wallet token; or a crypto payment request.

2

Encrypt and tokenize

Replace sensitive data with a token so the raw credentials never touch your servers. TLS 1.3 in transit, network tokens at rest.

3

Authorize

Ask the appropriate network (Visa/Mastercard rails, a digital-wallet provider, or a blockchain) whether the funds are available and the transaction is legitimate.

4

Route the response

Return approved, declined, or confirmed to your checkout, fire a webhook, and pass the transaction to clearing and settlement.

A useful analogy: a payment gateway is the point-of-sale terminal of the internet. A card reader in a retail store captures a tap, encrypts the chip data, and talks to the acquirer. A payment gateway does the same job for an e-commerce checkout, a mobile app, an in-app purchase, or a blockchain invoice.

A crypto payment gateway does the same four jobs, but the "network" it talks to is a public blockchain (Bitcoin, Ethereum, Tron, Solana, and others) instead of Visa or Mastercard. Instead of authorization and deferred settlement, it watches the mempool for the customer's transaction and confirms payment when the network mines the required number of blocks. The job is the same; the rails underneath are completely different.

Common synonyms and related terms

  • Online payment gateway - emphasizing e-commerce use.
  • Payment service provider (PSP) - an all-in-one provider that bundles gateway, processor, and acquiring into one contract.
  • Payment orchestration layer - a newer term for systems that route each transaction to the best-performing gateway of several.
  • Merchant gateway or gateway payment services - marketing terms; same thing.
  • Crypto processor, on-chain payment processor, Web3 checkout - crypto-specific variants of the same concept.

The Fiat Payment Flow, from Tap to Settlement

A card transaction looks instant, but under the hood it is a choreographed sequence of messages between five or six parties: the buyer, the merchant, the gateway, the acquiring bank, the card network, and the issuing bank.

The buyer enters their Primary Account Number (PAN), expiry date, and CVV/CVC into your checkout, or selects a saved card in Apple Pay, Google Pay, or a stored token from a previous purchase. If they tap Apple Pay, the device presents a Device Account Number (DAN) plus a cryptogram, not the real PAN.

The gateway wraps the payload in TLS 1.2 or 1.3 transport encryption and immediately converts the PAN to a network token (from Visa Token Service or Mastercard MDES) or a gateway-level token. From this point forward, the sensitive data leaves your systems entirely. This is what keeps you inside PCI DSS SAQ-A scope instead of the much heavier SAQ-D scope.

For European transactions under PSD2 Strong Customer Authentication (SCA) and for high-risk transactions elsewhere, the gateway invokes 3D Secure 2 (3DS2). The issuer either approves silently (frictionless flow) or challenges the buyer with a one-time code or biometric. 3DS2 shifts fraud liability from the merchant to the issuer when used correctly.

The gateway forwards the tokenized authorization to the merchant's acquiring bank. The acquirer routes it over the card network (Visa, Mastercard, Amex, Discover, or local schemes like CB in France and RuPay in India) to the buyer's issuing bank.

The issuer checks: is the card valid, is there enough available credit or balance, does the purchase pass the issuer's fraud models, does AVS (Address Verification System) match, is the CVV correct? It responds with an ISO-8583 authorization code, or a decline code (for example 05 "Do not honor" or 51 "Insufficient funds"). The decision comes back the way it went in.

Typically 300 ms to 3 seconds after checkout, the gateway returns approved or declined to your server, fires a webhook, and shows the customer a success or failure page.

An authorization is a hold, not a transfer. Funds move in a batch overnight (for most acquirers) through the card network's clearing file, and arrive in your merchant account on T+1 or T+2, minus interchange, scheme fees, and the acquirer's processor markup. Cross-border transactions settle in T+3 or later, and high-risk verticals often sit on rolling reserves.

For up to 120 days after the transaction (sometimes 540 for certain dispute reasons), the cardholder can file a chargeback. If the issuer sides with the cardholder, the acquirer pulls the funds back out of your merchant account automatically. This is the single largest source of operational cost and risk in card payments.

The total picture: eight steps, five parties, roughly 1 to 3 seconds of customer-facing latency, and up to five months of back-office uncertainty per transaction.

The Crypto Payment Flow, from Invoice to Confirmation

A crypto payment gateway compresses the eight-step fiat choreography into a much shorter sequence, but the tradeoffs are different. Here is what happens when a customer pays with Bitcoin, USDT, USDC, Ethereum, or any other supported asset.

Your server calls the gateway's API with amount=$199, currency=USD, order_id=1234. The gateway converts the fiat amount into the buyer's chosen crypto at a live exchange rate, generates a unique deposit address (or a payment URI such as a BIP-21 bitcoin: or EIP-681 ethereum: link), and returns a checkout page or JSON payload.

Because crypto prices move, the gateway locks the rate for a short window, typically 10 to 30 minutes. If the buyer does not pay inside the window, the invoice expires and a new one has to be created. This is the crypto equivalent of an authorization hold.

The buyer opens their wallet, custodial (a centralized exchange) or non-custodial (MetaMask, Trust Wallet, a hardware wallet), scans the QR code or clicks the WalletConnect link, and signs the transaction. The signed transaction is broadcast to the network's mempool.

The gateway's node or indexer sees the unconfirmed transaction within seconds. For low-value payments on fast chains (Tron, Solana, Lightning Network, Layer-2 networks like Polygon, Arbitrum, or Base) the gateway can already return a "payment detected" webhook at this point.

The network mines the transaction into a block. The gateway waits for a configurable number of confirmations, typically 1 to 2 for stablecoins on Tron or Ethereum L2s, and 3 to 6 for Bitcoin, depending on the transaction size and risk policy. Once the threshold is reached, the payment is final.

The gateway fires a payment.completed webhook to your server, and the funds are available in your gateway wallet. From there you can keep them in crypto (self-custody or gateway custody), auto-convert to a stablecoin (USDT, USDC) to eliminate volatility, or off-ramp to fiat via the gateway's banking partners, landing in your bank account as EUR, USD, or GBP on T+0 or T+1. This is the single biggest difference from card payments: once the required confirmations are in, the transaction is irreversible. There is no equivalent of a chargeback. Refunds exist, but they are outbound transactions you explicitly initiate.

The total picture: six steps, two parties (buyer and gateway), typical end-to-end time of 5 seconds (stablecoin on a fast chain) to 30 minutes (Bitcoin with 3 confirmations), and zero back-office chargeback risk.

Gateway vs Processor vs Acquirer vs Merchant Account

These terms are used interchangeably in marketing copy. They are not interchangeable in contracts.

  • Payment gateway - the software capturing payment data at the front end and transmitting it to the processor. Think of it as the checkout's translator and security officer.
  • Payment processor - the back-end service that moves the transaction from the acquirer to the card network and back. Some gateways are also processors; many are not.
  • Acquirer (acquiring bank) - the bank that holds the merchant account and is licensed by Visa/Mastercard to accept card transactions on your behalf.
  • Merchant account - a specialized bank account where card funds land after clearing, before being swept to your operating account. High-risk businesses often struggle to get one.
  • Card networks - Visa, Mastercard, American Express, Discover, UnionPay, JCB - the rails that route authorization and clearing messages.
  • Issuing bank - the cardholder's bank; the one that actually funds the transaction.

For crypto payment gateways, the stack collapses:

  • Crypto gateway = capture + authorize + settle + (optional) off-ramp, all in one provider.
  • Blockchain node / indexer = the analogue of both processor and network.
  • Miners / validators = the analogue of the issuing bank, but decentralized.
  • Merchant account is optional - you can be paid directly into a self-custodial wallet.

This collapse is why crypto checkouts usually have fewer moving parts and fewer fee layers than card checkouts.

RoleFiatCrypto
Captures payment dataGatewayGateway
Authorizes transactionIssuing bank via card networkBlockchain (consensus)
Processes transactionPayment processorBlockchain node
Holds merchant fundsMerchant account at acquirerGateway wallet or self-custody
Offers chargeback rightsIssuer (up to 540 days)None
Parties per transaction5 to 62

Fiat Payment Gateway vs Crypto Payment Gateway

This is the comparison most guides skip. Both gateway types solve the same business problem, "let customers pay me on the internet", but they trade off different things.

DimensionFiat gatewayCrypto gateway
RailsVisa, Mastercard, Amex, ACH, SEPA, local schemesBitcoin, Ethereum, Tron, Solana, Layer-2s, Lightning
Merchant fee1.5% to 3.5% + fixed fee per transaction0.4% to 1.0% flat
ChargebacksYes, up to 540 days; merchant bears costNone; payments are final
Settlement timeT+1 to T+3 domestic, T+3 to T+7 cross-borderT+0 to crypto wallet, T+1 to fiat
Currency support130+ fiat; FX spread chargedAny crypto; convert to 50+ fiat
High-risk verticalsOften refused or reservedBroadly accessible
Customer reachCardholders (~4B globally)Anyone with a wallet (~600M+, growing)
Fraud modelIssuer-driven; merchant bears chargeback riskOn-chain transparency; no reversals
Volatility exposureNativeRemoved by stablecoins + rate lock
KYC on buyerAt issuer level, invisible to merchantNone for payment; only at fiat off-ramp
Compliance burdenPCI DSS, PSD2 SCA, money-transmissionAML/KYC at off-ramp, travel rule for large transfers
Failure modeDecline codes, 3DS drops, issuer outagesNetwork congestion, high gas, wrong-network sends

The headline takeaway: fiat gateways optimize for buyer protection at the cost of merchant risk and fees. Crypto gateways optimize for finality and cost at the cost of consumer familiarity. A modern stack often runs both.

Payment Gateway Use Cases by Industry

Not every business needs the same gateway. Concrete patterns we see in the field:

E-commerce (retail, fashion, electronics)

One fiat gateway (card + Apple/Google Pay + regional APMs), optionally a crypto gateway for international and high-AOV buyers. Crypto typically contributes 2 to 8% of revenue once enabled, with cart sizes 30 to 40% larger than card orders.

SaaS and subscription businesses

Fiat gateway with network tokenization and automatic retries of failed recurring charges (dunning) is table stakes. Crypto for subscriptions is emerging - typically implemented as pre-funded account balances, since on-chain recurring charges require wallet-side approvals (EIP-2612 permits, account abstraction, or scheduled smart-contract payments).

iGaming, online casinos, sports betting

The archetypal high-risk vertical. Card acquirers charge 4 to 6% and impose 10%+ rolling reserves. Crypto gateways cut that to sub-1% with no reserves, and serve geographies where card deposits are routinely blocked. Deposits settle in under a minute with 1 to 3 confirmations on stablecoins.

Forex brokers and trading platforms

High decline rates on cards, heavy chargeback exposure. Crypto deposits bypass both. Instant same-day stablecoin withdrawals reduce churn compared to T+3 bank wires.

Marketplaces and platforms

Need split payments - paying multiple sellers from one buyer transaction. Card gateways handle this via payment-facilitator models; crypto gateways handle it natively with on-chain splits or smart contracts.

B2B and cross-border invoicing

SEPA and wire transfers can take days and cost $15 to $40 per transaction. A USDC payment on Ethereum L2 settles in under a minute for pennies. This is where crypto gateways have the strongest raw economics.

Fees, Settlement, and Chargeback Economics

For a card transaction, the merchant's total cost-of-payments breaks down into four layers:

  1. Interchange (paid to the issuing bank). Set by Visa/Mastercard; a typical US e-commerce rate is 1.5% to 2.1% + $0.10. In the EU, regulation caps it at 0.3% for consumer credit and 0.2% for debit.
  2. Scheme fees (paid to Visa, Mastercard, etc.). Around 0.10 to 0.15%.
  3. Acquirer / processor markup. Typically 0.3 to 1.0% on Interchange++ pricing, or baked into a flat rate like 2.9% + $0.30.
  4. Gateway fee. Either bundled into the processor's rate or charged separately ($0.05 to $0.20 per transaction).

A typical US e-commerce merchant pays around 2.9% + $0.30 on a blended basis, and more for cross-border, premium cards, or high-risk categories.

Layer in chargeback cost: each dispute costs $15 to $100 in fees regardless of outcome, plus the disputed amount if you lose. Card networks put merchants with chargeback ratios above 0.9% to 1.5% into monitoring programs, which add another 1 to 2% in scheme fines.

Crypto gateway fees

  • Network fee - paid by the buyer to the blockchain (Bitcoin miners, Ethereum validators). On Tron and L2s often under $0.10.
  • Gateway fee - typically 0.4% to 1.0% flat, sometimes 0 for stablecoin-only flows.
  • Off-ramp fee - a 0.5 to 1.5% conversion spread at the banking partner if you want funds in fiat.
  • Chargeback cost - zero.

On a $100 transaction, a typical card stack nets you about $96.80 after all fees (and less after chargebacks). A crypto stack with stablecoin-to-EUR off-ramp nets you roughly $98.50 to $99.20. The gap widens as transaction size grows.

Settlement timing

ChannelTypical settlement
Card, domesticT+1 to T+2, sometimes T+0 for premium acquirers
Card, cross-borderT+3 to T+7
Card, high-riskT+2 to T+14, with 5 to 10% rolling reserve for 6 months
Crypto, to crypto walletT+0, usually inside a minute for stablecoins
Crypto, to fiat bank accountT+0 to T+1 with an integrated off-ramp

For cash-flow-sensitive businesses, especially startups and high-growth e-commerce, the difference between T+7 and T+0 is a meaningful working-capital win.

Security, PCI DSS, and Compliance

A payment gateway is a security product more than a financial product. The core controls for fiat:

  • TLS 1.2/1.3 encryption on every request.
  • Tokenization - replacing the PAN with a token that is useless outside the gateway. Network tokenization (Visa Token Service, Mastercard MDES) further reduces issuer-side decline rates by 3 to 7%.
  • PCI DSS compliance - by using hosted fields or a drop-in SDK, most merchants qualify for SAQ-A (the lightest PCI scope) instead of the full SAQ-D audit.
  • 3D Secure 2 - the authentication layer that shifts fraud liability to the issuer when properly invoked, and is mandatory in the EU under PSD2 SCA.
  • AVS and CVV verification - basic fraud filters.
  • Fraud scoring - machine-learning models that score each transaction on device fingerprint, velocity, BIN country, and dozens of other signals.

Crypto gateway security

  • No PAN, no PCI DSS. You never handle sensitive card data, so PCI scope drops to near zero for crypto-only flows.
  • Key management - the real security question. Does the gateway use MPC (multi-party computation), HSMs (hardware security modules), or multisig? Are hot-wallet balances capped? Is there a cold-storage threshold?
  • Custody model - custodial gateways hold your funds (convenient, but a counterparty risk); non-custodial gateways route funds directly to your wallet.
  • AML/KYC and travel rule - apply at the off-ramp, not at the point of acceptance. Take crypto and keep it in crypto, and your regulatory footprint is minimal.
  • Chain-analytics screening - high-quality gateways screen incoming addresses against OFAC and sanctioned-wallet lists before crediting the payment.

Both models are secure in practice. They put the perimeter in different places.

How to Choose the Right Payment Gateway

A decision framework that actually works, in order of importance:

  1. Does it accept the payment methods your customers use? Not the ones you like - the ones they already have. If 40% of your traffic comes from Turkey, you need Troy; from the Netherlands, iDEAL; Brazil, PIX; India, UPI. If you serve tech-forward or international buyers, stablecoins are usually in that list.
  2. Is your vertical accepted? iGaming, forex, CBD, nutraceuticals, adult, and "high-risk" categories face declines or punitive reserves from many fiat acquirers. Crypto gateways have no such restrictions.
  3. What is your true blended cost? Get a quote on Interchange++ pricing, not just a blended flat rate. Include chargeback cost at your historical ratio.
  4. Settlement speed and working-capital fit. T+7 versus T+0 can be the difference between growing and running out of cash.
  5. Developer experience. Modern REST API, webhooks, idempotent retries, good SDKs, sandbox parity with production, and clear error codes. A bad API costs more than a bad rate.
  6. Global coverage. Multi-currency pricing, automatic FX, local acquiring, and for crypto: all the chains your buyers use (at minimum Bitcoin, Ethereum, Tron, Solana, plus major L2s).
  7. Fraud and dispute tooling. Chargeback alerts, representment automation, 3DS control, blocklists, velocity rules.
  8. Reliability. Ask for the last 90 days of uptime and declined-transaction data. Anything below 99.95% authorization uptime costs you real revenue.
  9. Compliance fit. PCI DSS scope reduction, PSD2 SCA support, data-residency options for the EU, KYC/AML package for crypto off-ramps.
  10. Roadmap alignment. Network tokenization, open banking rails, pay-by-bank, stablecoin settlement - the winners five years from now are the providers already shipping these today.

When a crypto payment gateway is the right choice

  • Your margins cannot sustain 3%+ card fees (digital goods, high-AOV electronics, gaming).
  • You serve a global audience where card penetration is low or volatile.
  • You operate in a high-risk vertical that card acquirers reject.
  • You prefer final, irreversible settlement over chargeback-driven reversals.
  • Your customers already hold crypto and prefer to pay with it.
  • You want instant cross-border settlement without SWIFT fees.

For most modern businesses, the answer is not fiat or crypto, it is fiat and crypto, side by side at checkout, with the buyer choosing. The right gateway makes both feel like one product.

That is exactly what GatewayCrypto does. A crypto payment gateway that plugs in alongside your existing card stack, supports Bitcoin, Ethereum, Tron, Solana, and all major stablecoins, and settles in crypto or fiat on T+0 to T+1, with flat fees under 1%, zero chargebacks, and no high-risk category restrictions. Talk to our team to see how it fits your checkout.

Boost Your Business by Accepting Crypto Payments

Get Started

Frequently Asked Questions

A payment gateway is the software that securely captures a buyer's payment details at checkout, asks the buyer's bank or blockchain to approve the transaction, and returns the result to the merchant. It is the online equivalent of a physical card terminal.

The gateway is the front-end that captures and encrypts payment data. The processor is the back-end service that moves the transaction between the acquiring bank, the card network, and the issuing bank. Many providers - including most crypto gateways - combine both roles into a single product.

For a card: the gateway captures the card data, encrypts and tokenizes it, sends an authorization request to the issuing bank via the card network, receives an approved or declined response, and then settles the funds to the merchant on T+1 or T+2. For crypto: it creates an invoice with a locked exchange rate, detects the buyer's on-chain transaction, waits for the configured number of block confirmations, and fires a webhook when the payment is final.

Fiat examples include provider-side checkout forms, hosted payment pages, and drop-in SDKs used by millions of e-commerce sites. Crypto examples include invoice-based checkouts that generate a unique deposit address or QR code for each order, supporting Bitcoin, Ethereum, Tron, Solana, and stablecoins such as USDT and USDC.

For card payments, yes - a gateway cannot settle funds without an underlying merchant account at an acquiring bank. For crypto payments, no - settlement happens to a crypto wallet controlled by you or the gateway, and an optional fiat off-ramp replaces the traditional merchant account.

Four main types for cards: hosted (buyer is redirected to a PSP-hosted page), self-hosted (buyer stays on your site and you take on more PCI scope), API or integrated (full control via REST API and SDKs), and local bank integration. Crypto gateways are classified by custody model (custodial vs non-custodial) and by chain coverage.

A typical US card stack blends to around 2.9% + $0.30 per transaction, plus chargeback and scheme fees. EU card fees are lower thanks to interchange caps. Crypto gateways usually charge a flat 0.4 to 1.0% with no chargeback costs, plus a small off-ramp spread if you convert to fiat.

Not exactly. PayPal, Apple Pay, and Google Pay are payment methods (or, in PayPal's case, a processor and wallet). A gateway is the infrastructure that accepts those methods alongside cards, bank transfers, and, increasingly, crypto at a single checkout.

Lower fees (sub-1% vs 2.9%+), no chargebacks, instant cross-border settlement, broader geographic reach, and acceptance in high-risk verticals that card acquirers reject. Most businesses run both in parallel rather than choosing one.

Yes, when you use a reputable gateway that handles key management (MPC or HSMs), screens incoming addresses against sanctions lists, and offers automatic conversion to stablecoins or fiat to eliminate volatility. Because crypto transactions are irreversible, the risk profile is actually lower than cards once operational controls are in place.

Integrate Any Coin