E-commerce payment gateways: How to choose, integrate, and optimise for UK and European merchants

E-commerce payment gateways act as the bridge between your customers and your bank account, ensuring transactions are processed securely and efficiently. They are more than just a tool for accepting payments; they are a crucial part of enhancing the customer experience and maintaining cash flow. Without one, businesses are left relying on manual bank transfers or cash on delivery, neither of which meets the expectations of modern online shoppers, and neither of which can support growth at scale.

Choosing the right gateway means building trust, improving cash flow, and delivering a seamless shopping experience. This article explains how e-commerce payment gateways work, what types are available, and how to select and integrate the right one for your UK or European business.

What are e-commerce payment gateways?

Here is what happens from the moment a customer initiates a payment:

1. The gateway encrypts the payment details, ensuring data security.
2. It communicates with the customer’s bank or payment service provider to validate the transaction.
3. Once approved, the funds are transferred to the merchant’s account.

E-commerce payment gateways support various payment methods, including credit card payments, mobile commerce, and contactless payments, catering to diverse customer preferences.

How a CBD merchant uses an ecommerce payment gateway

GreenLeaf Botanicals is a hypothetical CBD business based in London, selling organic products including their flagship Calm Oil (1000mg) at £49.99.

Before integrating a dedicated gateway, the business faced three practical problems:

• Multi-currency checkout: European customers could not pay in their local currency, creating friction at checkout.
• Shipping cost visibility: Costs (£4.99 UK, £9.99 international) were not automatically displayed, contributing to cart abandonment.
• Fraud prevention: Selling CBD products across UK and EEA markets requires authentication and fraud detection tools that generic processors do not reliably provide.

A dedicated payment gateway resolved all three, while real-time transaction reporting gave the business clearer visibility into cash flow as order volumes grew.

Types of e-commerce payment gateways

• Hosted: Redirects customers to a third-party payment page to complete their transaction, then returns them to your site.
• Self-hosted: The entire checkout occurs on your own website, with payment data passing through your servers.
• API-based: Integrates directly into your site or application through code, giving you full control over the checkout experience and transaction logic.
• Local bank integration: Connects your payment process directly to a bank’s own systems, suited to regional businesses with straightforward domestic transaction needs.
• Mobile: Optimised for smartphone transactions, supporting payments via apps, QR codes, and contactless methods including Apple Pay and Google Pay.

Factor	Hosted	Self-hosted	API-based	Local bank	Mobile
Control over checkout	Low	High	Full	Low	Medium
Security responsibility	Shared with provider	Merchant	Merchant	Shared with bank	Shared with provider
Setup complexity	Low	Medium	High	Low	Medium
Best-suited business type	Established merchants wanting low-maintenance integration.	Businesses with compliance resource and conversion focus.	Merchants needing custom billing or subscription logic.	Regional businesses with domestic-only transaction needs.	Merchants with mobile-first customer base.

E-commerce credit card payment gateway: How card payments work online

When a customer enters card details at checkout, the gateway encrypts and forwards an authorisation request through your acquiring bank to the card scheme (Visa or Mastercard), which routes it to the customer’s issuing bank. The issuer checks funds and fraud signals, then returns an approval or decline in real time. 

Because the card is not physically present, issuers treat these transactions as higher risk, which is why authentication requirements exist and why your gateway’s handling of them affects both security and conversion.

Strong Customer Authentication and 3D Secure 2

SCA is mandatory for electronic transactions under PSD2 in the EEA and equivalent FCA rules in the UK. It requires customers to verify identity using two factors: something they know, something they have, or something they are. 3D Secure 2 (3DS2) is the technical mechanism that delivers this, often invisibly through frictionless authentication. Where active verification is needed, customers receive a prompt via their banking app.

Not every transaction requires SCA. Exemptions apply to low-value transactions, subscription renewals after an initial authenticated payment, and transactions where transaction risk analysis is applied. Your gateway should handle exemption logic automatically. UK and EEA SCA rules diverged post-Brexit and are not identical, so confirm your gateway applies the correct rules for each jurisdiction. 

Interchange fees and conversion

Interchange—paid by your acquirer to the customer’s issuing bank—is typically the largest component of your processing cost. Under UK and EU regulation, consumer card interchange is capped at 0.2% for debit and 0.3% for credit. Commercial and non-UK/EEA cards are not subject to these caps.

For merchants in specialist industries such as CBD, online dating, or adult physical goods, where issuer decline rates can already run higher than average, a gateway that optimises authorisation logic and applies SCA exemptions correctly is a direct revenue consideration, not an implementation detail.

How to choose the best payment gateway for e-commerce

The right gateway is not simply the one with the lowest headline rate. For UK and EEA merchants, particularly those in specialist industries, the decision involves several interdependent factors that affect revenue, compliance, and operational efficiency.

Transaction fees and pricing models

Two pricing models dominate:

1. Flat-rate pricing bundles interchange and margin into a single percentage, which is simple to budget but typically more expensive at higher volumes. 
2. Interchange-plus passes the actual interchange cost through and adds a fixed margin on top, giving you transparency and lower effective rates as you scale. 

For merchants processing significant monthly volume, interchange-plus is typically the more cost-effective structure once you understand what you are actually paying for. Watch for fees beyond the headline rate: monthly gateway fees, PCI compliance fees, chargeback fees, and currency conversion markups are where the real cost differences between providers emerge.

Supported payment methods

A gateway that does not support the payment methods your customers expect will cost you revenue at checkout. At minimum, UK and EEA merchants should confirm support for Visa and Mastercard, major digital wallets (Apple Pay, Google Pay), and local payment methods relevant to their target markets. For subscription-based businesses, recurring billing with automated retry logic is a non-negotiable capability rather than an optional add-on.

Platform compatibility

If you operate on WooCommerce, Shopify, PrestaShop, or Magento, confirm that your gateway offers a maintained, well-documented plugin for your platform before evaluating anything else. A native integration reduces development time, simplifies updates, and lowers the risk of compatibility issues as your platform evolves. API-based integrations offer more flexibility but require developer resources to implement and maintain.

Security and compliance

PCI DSS compliance is not optional. It is a baseline requirement for any merchant accepting card payments. Confirm that your gateway holds PCI DSS Level 1 service provider certification, the classification that applies to providers processing over 300,000 transactions annually, and understand where compliance responsibility sits between you and the provider. 

Beyond PCI DSS, 3DS2 support and correct SCA implementation are mandatory for UK and EEA transactions. A gateway that handles SCA exemption logic automatically reduces unnecessary authentication friction and protects your conversion rate.

Multi-currency and cross-border capabilities

For merchants selling across the UK and EEA, local acquiring improves authorisation rates compared to routing all transactions through a single UK acquirer. Multi-currency settlement allows you to hold and reconcile funds in the currencies you actually transact in, reducing conversion costs. If cross-border growth is part of your plan, these capabilities determine whether your gateway supports that growth or becomes a ceiling on it.

Settlement timescales

How quickly funds reach your account affects working capital, particularly for businesses managing inventory or running subscription models. Standard settlement windows vary by provider and by market. Confirm the timescale upfront and understand whether rolling reserves apply to your account, as reserves can lock up a material proportion of monthly revenue for extended periods.

Merchant support

When a payment issue occurs, such as a processing outage, an unexpected decline spike, or an SCA configuration problem, the quality of support you can access determines how quickly it is resolved. For established businesses in specialist industries, a named account manager with knowledge of your sector is materially more useful than a ticketing system. Evaluate this as seriously as you evaluate fees: a support failure during a high-volume period costs more than a basis point difference in processing rate.

E-commerce payment gateway integration: What to expect

How you integrate a payment gateway depends on your platform, your technical resource, and how much control you need over the checkout experience. There are three primary approaches.

• Plugin-based integration connects your existing platform (WooCommerce, PrestaShop, Shopify, Magento) to the gateway through a maintained plugin, with no custom development required. 
• API-based integration connects your site or application directly to the gateway through code, giving you full control over the checkout experience and transaction logic. It requires developer resources to implement and maintain, and is best suited to merchants with custom-built platforms or complex billing requirements.
• Hosted checkout pages redirect customers to a secure payment page on the provider’s domain, then return them to your site after the transaction. Technical lift is minimal and the provider handles PCI DSS compliance on the payment page. The trade-off is limited control over checkout design.

Testing and go-live

Before processing live transactions, test all payment methods, decline scenarios, SCA flows, and webhook delivery in a sandbox environment. Your provider will conduct an onboarding review, which for merchants in specialist industries includes a compliance check, before granting live access.

E-commerce payment gateways with Fibonatix

The through-line across every section in this article is the same: the gateway decision is not a technical afterthought, it is a commercial one. The provider you choose determines your authorisation rates, your compliance exposure, your checkout conversion, and the support you can access when something goes wrong.

For merchants in CBD, online dating, adult physical goods, and online trading, those variables carry more weight than they do in standard e-commerce. A gateway that works for a general retailer will not necessarily handle the fraud configuration, SCA exemption logic, or issuer relationships your industry requires. Getting that wrong costs revenue that is difficult to attribute and easy to overlook.

But at Fibonatix our service goes beyond technology. We deliver hands-on support, from onboarding to ongoing optimisation, ensuring your payment solution evolves with your business. Through business intelligence tools, compliance consulting, and bespoke payment strategies, we empower you to maximise opportunities in the fast-paced payment industry.

So whether you need seamless card payments, reliable subscription billing, or robust global payment capabilities, Fibonatix is your partner for smarter, more efficient payment solutions.

» Chat with an expert to take the first step towards sustainable growth and exceptional customer experiences

Disclaimer: Fibonatix is a UK-based, FCA-regulated payment service provider (FRN 768776) specialising in merchant accounts for B2C businesses globally, but B2B exclusively to the UK and EEA. Verify our regulatory status on the FCA Financial Services Register.

FAQs

What is an ecommerce payment gateway and how does it work?

An e-commerce payment gateway encrypts a customer’s payment details at checkout and routes an authorisation request through your acquirer to the customer’s issuing bank, which approves or declines the transaction in real time before funds are settled to your account.

What are the different types of payment gateways for ecommerce?

The main types are hosted, self-hosted, API-based, local bank integration, and mobile. They differ primarily in how much control you have over the checkout experience and where PCI DSS compliance responsibility sits.

How do I integrate a payment gateway with my ecommerce platform?

Most merchants on WooCommerce, Shopify, PrestaShop, or Magento integrate via a plugin. Merchants with custom platforms or complex billing requirements typically use an API-based integration instead.

What fees are associated with ecommerce payment gateways?

Common fees include transaction fees, monthly gateway fees, PCI compliance fees, chargeback fees, and currency conversion markups. The headline transaction rate is rarely the full picture.

What is the difference between a payment gateway and a payment processor?

The gateway encrypts and transmits payment data between your checkout and the payment networks. The processor is the institution that executes the transaction and moves funds between banks. In practice, many providers bundle both functions.

How do ecommerce payment gateways protect against fraud?

Gateways use encryption, tokenisation, 3D Secure authentication, and real-time fraud scoring to identify and block suspicious transactions before they complete.

What payment methods should an ecommerce payment gateway support?

At minimum: Visa, Mastercard, and major digital wallets such as Apple Pay and Google Pay. UK and EEA merchants should also confirm support for relevant local payment methods in their target markets.

How does Strong Customer Authentication (SCA) affect ecommerce payments in the UK and EEA?

SCA requires customers to verify their identity using two factors for most online card transactions. It is mandatory under PSD2 in the EEA and equivalent FCA rules in the UK. Your gateway should handle SCA exemption logic automatically to avoid unnecessary checkout friction.

What should I look for when choosing an ecommerce payment gateway for a specialist or restricted industry?

Confirm that the provider has direct experience with your industry and understands its compliance requirements. Authorisation rate optimisation, fraud prevention configured for your transaction patterns, and access to a knowledgeable account manager matter considerably more in specialist industries than in standard e-commerce.