Enable javascript in your browser for better experience. Need to know to enable it? Go here.

How to choose between a hosted or non-hosted payment gateway? (part 1)

For your customers to be able to complete their purchases on your e-commerce site, a payment gateway–a channel that links your account to your money transfer–is essential. You need one whenever you make an online payment to ensure that your transfer will be successful. Payers can use payment gateways to process online transactions using credit cards, debit cards, bank account number etc. In transactions, gateways encrypt financial data and issue authorization requests so that the client can proceed with the transaction (or not). How can merchants choose the type of gateway that will best serve their business?



First, we need to be familiar with the world’s current bank card system. It can be divided into four-party and three-party models. The main difference between the former and the latter is whether a bank can act as both an acquiring bank and an issuing bank. 

The four-party model



Four parties are involved in the transaction payment process: the customer, the customer's bank/issuing bank, the merchant and the merchant bank/acquiring bank.


  1. Merchants accept payments through their websites
  2. Merchants transmit transaction information to their acquiring bank via the payment gateway
  3. The Bank processes all transaction requests through the card scheme (e.g., Visa, Mastercard) the bank card belongs to
  4. After authorization is granted through the card scheme, the acquiring bank makes the payment to the account of the merchants in the issuing bank.
  5. After acquiring the money from the acquiring bank, it deducts the necessary formalities and then remits the money to the merchant's bank account.


It’s obvious that online transactions must involve payment gateways regardless of model.



Hosted payment gateways and non-hosted gateways


In the payment industry, there are two types of payment gateways: hosted payment gateways and non-hosted payment gateways (also called integrated payment gateways).


If a merchant uses a hosted payment gateway, then customers will normally be taken directly to the payment service provider's payment page to complete transactions. After the payment is completed, the customer is redirected to the merchant's website. In contrast, a non-hosted payment gateway accepts payments directly via API or HTTP. To complete a transaction, users need to enter their bank card information on a merchant's website. Let’s explore the difference between the two from five different perspectives.



Integration Complexity


Hosted payment gateways are usually easier to integrate with merchants than non-hosted payment gateways. With the former, the gateway’s provider implements a complete payment processing solution for the merchant. Instead of hiring technical experts to assist them in using a payment gateway directly, a small team is usually enough to assist the merchant in configuring and debugging during both integration and maintenance. Following subsequent maintenance and repair issues, the payment service provider will assist merchants in maintaining and updating the payment gateway. Unlike hosted payment Gateways, non-hosted payment gateways require more resources to integrate in the early stages. They also need to be supported by experts to resolve the many problems encountered during the middle and later stages of the process. In general, non-hosted payment gateways require more resources to perform the same basic functionality as hosted payment gateways without developing customized requirements.



Control of Payment Page


With respect to the ability to control the payment page, a non-hosted payment gateway is better than a hosted payment gateway because the merchant can directly provide the payment page to the customer. Therefore, it’s quite simple for the non-hosted payment gateway to track the user's data during payment, since the user won’t be taken away from the merchant's site. It’s possible to collect user data and use it for later marketing activities. The hosted payment gateway requires the merchant to host the entire payment experience to the payment service provider, which means that the customer must leave the merchant's site and go to the provider's site to complete their payment. As a result, merchants won’t be able to track user data during the payment process. However, nowadays many payment service providers give their customers data and charts that can assist merchants in discovering problems in the payment process, and improve customer experience.



In the next part, we’ll look at the difference between hosted and non-hosted payment gateways from the perspective of security, user experience and PCI DSS.

Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.

Keep up to date with our latest insights