Definitive guide to Payment Gateways

If you’re looking to start an online store, or you want to accept payment for services and subscriptions more easily, it’s likely you’re going to be in the market for a payment gateway.

But what is a payment gateway, what do they do, and how hard are they to set up? Learn everything you need to know about payment gateways, their costs and their uses in this definitive guide.

In this guide:

What is a payment gateway?

A payment gateway is a payment system which facilitates eCommerce transactions between a merchant and customer. It processes payments by verifying credit or debit card information and accepting, or declining, the payment on behalf of the seller.

In an eCommerce setting, payment gateways are better known by their front-end user interface – the ‘checkout’.  But, payment gateway technology is also used in physical stores to run POS systems. Today we’re exclusively talking about online payment gateways.

In order to have a payment gateway service enabled on your website, you will need to sign up with a gateway provider and open a special bank account called an internet merchant account – which you can read about later in this guide, or by clicking the link below.

Learn more: What is a merchant account?

How do online payment gateways work?

When a customer places items in their shopping cart and selects the option of paying by credit or debit card, a payment gateway service takes over the payment process on behalf of the merchant.

Payment gateways summarised

When a customer makes a purchase online via your payment gateway, it sends out a signal to their credit or debit card company, and then the customer’s bank, to make sure there’s enough funds there to make the transaction. Then, it helps settle the payment so that money can be transferred.

Payment gateways in full

1. Card information sent to merchant’s website
The customer’s credit or debit card details (entered after checking out) are encrypted by the buyer’s web browser using an SSL encryption. This data is then forwarded to the merchant’s site for further action.

2. Details of purchase sent to payment gateway
Purchase details, i.e. the total amount, are conveyed by the merchant’s website to the payment gateway for processing. Here too, the information goes through SSL encryption before being forwarded.

3. Purchase sent on to merchant’s bank account
Payment information is taken by the gateway and conveyed to the merchant’s bank account.

4. Merchant’s bank accepts transactions and forward to buyer’s bank
The information is accepted by the seller’s bank and the transaction details are forwarded to the buyer’s bank for authorisation by the card issuing authority.

5. Buyer’s bank accepts or rejects payment
Now, the buyer’s bank can either accept or reject the payment, which will be done based upon a number of factors (such as checking if the buyer has enough funds to make the payment). The card-issuing authority will generate a response code based on whether the payment was accepted or rejected.

6. Response returned to merchant’s bank 
This response code now returns to the payment gateway and is transmitted back to the merchant’s bank account. 

7. Sale is confirmed and transaction ID issued
The transaction details are sent to the merchant to inform them on whether the sale has been made or not. The gateway provides both the buyer and the seller with a transaction ID for future reference.

8. Money transfers
If the buyer’s bank approves the payment, the sale is clocked and the money is deposited into the seller’s bank account at a scheduled interval.

Online payment gateway vs. payment processor

In your research you may find that there are two terms relevant to the above-mentioned process flow: a payment gateway, and a payment processor.

A payment gateway is technically only the beginning and end of the flow, transmitting information between the buyer, seller and payment processor.

The payment processor is the system which is authorised to contact banks and credit card schemes to authenticate transactions and ensure the funds transfer securely.

It’s very common for most modern online payment gateways to include payment processing, although it never hurts to check.

Online payment gateway vs. online shopping cart

Shopping carts and payment gateways, while often confused as the same thing, are in fact two separate components of the payment process. 

Shopping carts allow customers to select products and services on an eCommerce website and ready them for purchase.

Payment gateways facilitate the process of payment.

Benefits of online payment gateways for merchants

1. Provide options for online customers

Not everyone likes to pay by card. Indeed, in New Zealand a variety of payment options are popular, including card, POLi, Buy Now/Pay Later and payment apps such as PayPal. Merchants must be able to offer a variety of payment options to ensure all customers can pay for their items regardless of their preferences. 

Most modern payment gateways offer a variety of payment options out of the box, or can be integrated with additional options.

2. Get paid instantly

For a lot of Kiwi businesses, it’s the norm to deliver a service then send an invoice. This may work at a smaller scale, but it can be difficult to grow if you need access to cash flow which keeps getting delayed by late-paying customers.

It’s for this reason that even service-based businesses can benefit from adding a payment gateway to their website. This would allow you to charge customers in advance of a job, or at the conclusion of work, sending them to an online checkout where they can pay instantly online with their preferred method.

3. Minimise security concerns

Payment gateway providers spend a considerable amount of money on data security so you don’t have to. For example, all gateways must comply with the Payment Card Industry Data Security Standard (PCI DSS), which offers a minimum level of fraud security and protection for customers and, by extension, merchants.

If you decide not to use a trusted gateway and instead opt to collect, store and process all customer financial data yourself (like credit card info), you’ll be accountable for the security of that data. Should your servers crash, you suffer a data breach, or that data is lost in some way, it could cause a legal nightmare.

Gateway providers take care of all of this, as it’s part of their service.

How much does a payment gateway cost?

Payment gateways all come at quite different costs, depending on the provider, the payment options available, whether payments are being made internationally, and various other factors.

Specific payment structures do differ between providers, but they tend to include one or more of the following:

Transaction fees

Transaction fees are charged on a per-transaction basis as a percentage of the total amount, typically varying between 1-6%.

Additionally, payment gateways sometimes charge a flat rate fee per transaction to cover the merchant sales fee (MSF) levied on credit card payments. The credit card company, merchant account service and payment gateway share this commission.

Monthly fees

Most payment gateways charge a monthly fee as well. In some cases, this is a tiered system with the fee increasing by the number of transactions and services used.

Monthly fees typically include the administrative charges for your account, plus fees for services such as fraud detection, auto billing and customer support.

Setup fees

This is an initial sign-up fee that you may be charged for initiating a merchant account. It’s usually a one-time charge, and varies from one service to another.

Other fees

Depending on your service, you may be charged other fees as well. These could include:

  • Chargeback fees
  • Security
  • Customer support
  • Fees for recurring billing
  • Currency conversion charges for international payments

How risky are payment gateways in New Zealand?

Like any financial service, there are some risks involved in offering online payment options through a gateway. 

That said, as we mentioned earlier, gateway vendors tend to invest quite heavily in security to mitigate these risks – far more than most smaller Kiwi organisations could ever invest in their own security.

The two biggest risks of using a payment gateway are credit card fraud and prepayment risk.

What is credit card fraud?

Credit and debit card fraud occurs when someone’s card details are stolen and then used to make purchases online by a person other than the cardholder.

How do people’s credit card details get stolen?

Card details can be stolen a variety of different ways, some of which are highly sophisticated (and others which are incredibly blunt). Examples include:

  • Physically stealing a card, picking up a lost card, or diving through trash to find old cards which weren’t cut up before binning.
  • Tricking someone into handing over their card information.
  • Hacking someone’s computer to record keystrokes, or setting up a fake public Wi-Fi to intercept sensitive information.
  • Stealing credit card information at the POS (e.g. via a card skimmer).

Once the thief has someone’s credit card details, they are free to make purchases online.

All reputable payment gateways have procedures in place to prevent such fraud.

Prepayment risk

A prepayment policy is where the purchaser has to pay for goods or services in advance of receiving them, e.g. paying a subscription service in a lump sum at the start of the year instead of paying each month.

In this scenario the customer pays the merchant in advance with the belief that the goods will be delivered on time, in the manner expected. If for some reason the goods are not as specified, or cease to be available (e.g. the website being paid closes down), the customer is at risk of losing their money.

Most payment gateways have stringent policies regarding prepayment. These ensure that the customer does not lose their money, and that it can be returned to them if there is a dispute.

A comparison of NZ’s top payment gateways

The top five payment gateway providers in New Zealand are:

  • Flo2Cash
  • Paystation
  • Windcave
  • Bambora
  • Stripe

Flo2Cash, Paystation and Windcave are all local companies, while Bambora and Stripe are headquartered overseas.

To help you understand at a glance the difference in offerings and price between each payment gateway, we’ve written up a handy guide. Check it out at “Top 5 New Zealand Payment Gateways”. 

Key features to look for in a payment gateway

There’s no one-service-fits-all when it comes to payment gateways. As every business is unique, so too are payment gateways and the options available to merchants.

First, you have to ask yourself a question:

What is your business situation?

From a business perspective, there are a few things you should strive to be clear on before you embark on your selection process.

  • Will your business trade entirely online or will there be a mix of online and physical payments? What are the proportions?
  • How rapidly do you expect to grow?
  • How many transactions will take place each month?
  • Will your customers browse and pay using their mobile device or just a computer?
  • Do you envisage charging deposits or recurring payments (or both)?
  • Do your customers like to pay by card, or other payment methods?

With your answers in mind, you can directly compare features of NZ’s payment gateway providers to determine which fit your needs now, and which may fit your needs in the future.

1. Currency support

In an increasingly digital world, the opportunity to sell to customers in other countries (such as Australia) can arise very quickly. It’s not uncommon to begin trading over the ditch within your first 12 months!

If you intend to offer goods and services to overseas customers, you must ask your payment gateway a couple of key questions:

  1. Which currencies will the payment gateway accept from the buyer?
  2. Which currencies will the gateway pay out to the seller?

Bonus tip: Before you do anything else, check that the gateway will operate in your home country. This sounds obvious, but it’s easier to miss than you might think.

2. Hosted checkout

Most gateways offer a hosted checkout option. When customers are ready to pay, they are redirected to a ‘hosted’ payment page (i.e. a checkout which is hosted on the vendor’s website, not your own), which enables them to complete the transaction. They are then redirected back to your website.

Pros of a hosted payment gateway

  • Easy to implement with very little technical knowledge required.
  • Usually a more cost-effective solution for startups and small businesses.
  • You can typically style elements of the hosted pages to make them look and feel more like your brand.

Cons of a hosted payment gateway

  • Redirecting customers to a separate set of pages can often make them feel uneasy, given that their money is involved.
  • There is the potential to have a greater number of abandoned payments as a result of being redirected.
  • Even with branding, the environment rarely reflects your website’s design to the fullest.

3. Integrated checkout

An integrated checkout is where the checkout and payment all take place within a single environment – your website.

Pros of an integrated payment gateway

  • They tend to look more professional.
  • They feel more secure and trustworthy.
  • As they can be tailored, they often work better with other add-ons you have in your store (and thus can increase conversion rates).

Cons of an integrated payment gateway

  • They require more technical expertise to implement than hosted alternatives.
  • They are typically more expensive.

4. Point of sale (POS) and mobile support

If you run a business that accepts payments via an electronic POS terminal as well as online, you need to ensure your gateway supports and integrates with both. It is ideal to have all your payments processed in one place. There really is no benefit to having to manage two different systems with their own fees and policies.

If you like to use a mobile device for receiving payments, consider a payment gateway solution that integrates with your mobile operating system (i.e. Android or iOS).

5. Refunds

To ensure your customer refund process is as smooth as possible, you should explore how these transactions are managed by each gateway you’re considering.

Some gateways actually offer a refund module that is integrated with your merchant account, so you can seamlessly update all systems with the new payment information. However, this is quite sophisticated and many gateways don’t offer this level of integration.

6. Rebilling and monthly billing (i.e. membership fees)

Not all gateways are capable of offering recurring billing like membership fees, or the option to pay in instalments. Are these relevant to you? You’ll need to look for a gateway which offers this specific functionality.

7. Security and reputation

The security and reputation of a payment gateway can and will have a huge impact on your own reputation. 

Do your homework: Ensure the gateway is secure and conforms to the PCI DSS – at a minimum!

Also, look into how the provider stores and uses customer data. Does it retain data? If so, why and for how long does it retain it?

Bonus tip: Seek impartial reviews of the services online and see what other merchants are saying on social media about their experiences. Capterra and G2 are common review websites, though many more do exist.

8. Pay-out policy

Payment gateways act as an intermediary between the customer’s credit card scheme account and the merchant’s internet account. The time it takes a payment to land in your bank account following a completed transaction can vary greatly from one gateway provider to the next.

All gateways pay out monies in batches that are processed periodically – daily, weekly or monthly. Depending on your business model and cashflow, you may want to look for a gateway that makes more regular payments.

Learn more: What are the fastest online payments options in NZ?

9. Support

Customer support services are usually tiered by payment gateway providers; if you want a greater level of service, you’d probably have to pay more for it.

Determine if the extra support is worth it for the extra cost to your business. Research your options and see what each provider’s existing customers have to say about the service they receive.

13 key questions to ask prospective payment gateway providers

1. Will I need an internet merchant account?

This is possibly the most important question you can ask. Do not skip this step!

While most mid-large online businesses will likely prefer to use their own internet merchant account, smaller businesses could find this a daunting prospect.

2. What currencies do you support in addition to NZD?

It is critical that the gateway operates in New Zealand and accepts NZD. However, you must also plan for future growth.

3. Do you offer an integrated checkout?

Should your business desire a seamless customer experience with no website redirects, you need a gateway that offers integrated checkouts. Different providers will offer different levels of integration.

4. How are refunds handled?

It’s important to be confident knowing that your chosen gateway can handle refund requests in a timely and stress-free manner (for both you and the customer).

5. How secure is your service?

As we discussed earlier, your gateway should comply with the PCI DSS at an absolute minimum. Your reputation – and your customers’ information – is on the line.

Note that payment gateways may also offer additional levels of security for a tiered fee, which you will have to compare across payment providers.

6. What is your payout policy?

If your business has cash flow problems, you would be wise to look for a payment gateway service that offers regular, small payouts over infrequent, larger ones. Payout policies will vary greatly between providers.

7. What rebilling services do you offer?

Rebilling is a useful service for any merchant that might have a need to charge its customers multiple times without having to take their payment information each time. 

Crucially, this means that the payment gateway you choose must be able to store customer payment details so that they can be used in this manner.

8. How much does your service cost?

If a payment gateway’s fees are not readily available, don’t hesitate to reach out to their customer service team. 

It is also worth noting that many providers offer customised package deals for larger customers, which may suit your organisation better if you can’t find a fee structure that works for you.

9. What are the terms of your contract?

It is critical that you fully understand how the gateway will use the sensitive data it processes on behalf of your business. You must also know how easy it is to cancel your service and what, if any, information you can take with you after you depart.

If you require an internet merchant account, there is even more paperwork!

10. Is it easy to set up the gateway?

This is a question perhaps more relevant to smaller businesses with lower levels of technical expertise.

Some gateways in NZ are incredibly easy to set up, whereas others can be more complicated. Always confirm which merchant accounts it will work with and consult the support documentation before making a decision. If in doubt, hire the services of a professional.

In addition, try to seek out clear instructions from all parties for how to connect your payment gateway to your website, merchant account and your business bank account.

Of course, whether you choose a hosted or integrated checkout will also change the level of complexity involved during the installation/integration stage.

Bonus tip: Try to find a way of running the gateway in a development environment and always read the support documentation before making a decision.

11. What will my customers see on their credit card bills?

This is an easily overlooked step, but it could affect your relationship with customers. Some gateways will show their company name on the statement, where others may allow you to personalise the details with your own business name.

Bottom line? Find out how the charge will appear on your customers’ bills and tell them before they purchase.

12. Who owns my data?

You are going to be processing large volumes of sensitive financial information. Before you sign up for any gateway service, ensure that you know precisely who owns the data that has been collected.

13. How easy is it to cancel the service?

You should know how to go about cancelling your subscription to the gateway service if you have to. You might need to give a notice period, pay a buy-out fee, or wait until the end of your contracted term. When you are dealing with a subscription as fundamental to your business as income and customer payment data, it pays to know.

The application process for merchant accounts can be quite lengthy (and expensive) in New Zealand, and it will involve a credit check (often an issue for startups that don’t have 24 months’ of business accounts).

What is a merchant account?

A merchant account (also known as an internet merchant account) is a special type of bank account that receives and holds funds which have been authorised by a payment gateway.

Your merchant account will hold onto these funds for a defined period of time before transferring them to your regular business bank account in batches. That way, your business account does not receive hundreds (or thousands) of individual deposits each day.

There are two types of merchant accounts:

Dedicated account

A dedicated merchant account is one that belongs only to you.

To get a dedicated merchant account, you will need to sign a legally binding agreement with the issuing bank and go through an in-depth credit check.

Aggregator account

An aggregator account is a shared merchant bank account used by a range of companies. The aggregator will process payments on your behalf, rather than a bank. PayPal is a well-known example of this.

Do you need a dedicated or aggregator account?

Dedicated accounts are typically best for…

Larger organisations or those processing a higher number of monthly transactions.

Setting up a dedicated merchant bank account is a lengthy (and often costly) process. It tends to suit larger organisations better, or organisations processing a large number of monthly transactions, because it gives them more control over their money than an aggregator account would – in particular, the speed at which they can access their funds.

Aggregator accounts are typically best for…

Smaller organisations with simpler needs.

Aggregator accounts are often very appealing to smaller companies and startups as they are far easier and faster to set up than dedicated accounts.

That said, they offer far less control and may come with additional fees.

Merchant accounts vs. payment gateways

A payment gateway facilitates online transactions between a merchant and their customers.

A merchant account is a holding place for the buyer’s money, where it waits to be deposited into the seller’s business bank account.

Internet merchant bank account fees

Like all services there is a fee for establishing and using merchant accounts. The fees will vary from one provider to another but watch out for these fees in particular:

Annual Fees

Most providers charge an annual maintenance fee. This can vary, ranging anywhere from $79 – $400.

Monthly fees

Some fees may be charged monthly, like statement fees or monthly minimums (the minimum amount a merchant will be charged irrespective of their actual processing charges).

Early termination fees

Some providers may charge a fee if a merchant terminates an account before the end of the contract term.

Merchant Service Fees (MSF)

The MSF is the fee paid to the credit card scheme providers for using their credit facility. Sometimes this fee is rolled into general transaction or account maintenance fees but it is good to check.

Other fees

There are a host of other fees that could be charged to a merchant including those for customer services, batch payments, chargebacks and transaction fees.

5 important questions to ask about merchant accounts and payment gateways

  1. Does the gateway have a list of specific merchant account providers you’ll need to choose from?
  2. Does the gateway require a merchant account to be set up independently or will it be bundled with the service?
  3. How long is the merchant account application process? Additionally, how complicated is it?
  4. What are the minimum requirements for a merchant account?
  5. How much will the account cost to set up, and what are the on-going fees?

What is PCI compliance?

The Payment Card Industry Data Security Standard (PCI DSS) is a set of internationally accepted regulations that all companies processing, storing or transmitting credit card data must adhere to in order to maintain a secure transacting environment. 

Regardless of the size of the business or the number of transactions processed, all merchants must be PCI compliant.

How do you get PCI compliant in NZ?

This depends on your size and setup. If your business is selling online and your gateway processes all of your payments, the responsibility for compliance falls on the gateway provider.

However, it is important to check with the gateway provider about this before working with them, particularly if you are using an integrated checkout rather than a hosted solution.

Bonus tip: Always ensure that your gateway is PCI compliant! Find out more on the official PCI Security Standards website.

What happens if you aren’t PCI compliant?

Payment service providers may penalise banks for not following PCI standards. The fines here could range from $5,000 to $100,000 per month! The banks then transfer the fee down to the merchant who will have to bear the cost of the fine or suffer increased transaction fees to cover the losses. At the very least, you can expect to have your merchant account terminated.

All merchants have to adhere to the standards at all times. Check your merchant account contract to see what the extent of your exposure is in case of a breach of PCI compliance.


An internet payment gateway is a system which processes customer transactions on your behalf, checking in with both banks and credit card companies, before ensuring the money transfers securely.

You may not need a huge amount of technical expertise to add a payment gateway to your website if you find one designed to host most of the tech side for you, though more customisable gateways do exist for organisations that want full control.

You’ll likely need a merchant account in order to use a payment gateway service, though some gateways offer them bundled with the service.

Annual, monthly and per-transaction fees will apply, with costs varying between providers.