Payment Gateway is the essence of any e-commerce site. It refers to an e-commerce service that authorizes payments for e-businesses and online retailers. It is, in a way representation of a physical POS (Point-of-sales) terminal located in most retail outlets. One cannot think of making or receiving on-line payments without a Payment Gateway. Payment gateways encrypt sensitive information, such as credit card numbers, to ensure that information passes securely between the customer and the business. The payment card industry (PCI) denotes the debit, credit, ATM, and POS cards and associated businesses. The term, Payment Gateway is sometimes more specifically referred to the Payment Card Industry Security Standards Council, an independent council originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.

A payment gateway facilitates the transfer of information between a payment portal (such as a website) and the Front End Processor or acquiring bank.

When a customer orders a product from a payment gateway enabled merchant, the payment gateway performs a variety of tasks to process the transaction:

• A customer places an order on website by pressing the 'Submit Order' or equivalent button, or perhaps enters their card details using an automatic phone answering service.
• If the order is via a website, the customer's web browser encrypts the information to be sent between the browser and the merchant's web server. This is done via SSL (Secure Socket Layer) encryption.
• The merchant then forwards the transaction details to their payment gateway. This is another SSL encrypted connection to the payment server hosted by the payment gateway.
• The payment gateway forwards the transaction information to the processor used by the merchant's acquiring bank. The processor forwards the transaction information to the card association (i.e., Visa/MasterCard)
• If an American Express or Discover Card was used, then the processor acts as the acquiring bank and directly provides a response of approved or declined to the payment gateway.
• The card association routes the transaction to the correct card issuing bank. The credit card issuing bank receives the authorization request and sends a response back to the processor (via the same process as the request for authorization) with a response code. In addition to determining the fate of the payment, (i.e. approved or declined) the response code is used to define the reason why the transaction failed (such as insufficient funds, or bank link not available)
• The processor forwards the response to the payment gateway.
• The payment gateway receives the response, and forwards it on to the website (or whatever interface was used to process the payment) where it is interpreted and a relevant response then relayed back to the cardholder and the merchant.

The entire process typically takes 2-3 seconds. The merchant/website owner must provide the services or then ship the product prior to being allowed to request to settle the transaction. Merchant submits all their approved authorizations, in a "batch", to their acquiring bank for settlement. The acquiring bank deposits the total of the approved funds in to the merchant's nominated account.

This could be an account with the acquiring bank if the merchant does their banking with the same bank, or an account with another bank.

Tools to detect fraud include geographical location, velocity pattern analysis, delivery address verification, computer finger printing technology, identity morphing detection, and basic AVS checks.