When a customer clicks to pay on your online shop, they are taken to the payment gateway's own secure hosted page to enter their card details. That card data never passes through your shop or your server - it goes directly to the gateway. In under two seconds, the gateway handles everything and sends your shop a simple result: approved or declined. Understanding what happens in between - and which bits cost money - makes it much easier to choose the right payment setup for your business.
This guide explains it in plain English, without assuming any technical background.
What a payment gateway actually does
A payment gateway is the technology that sits between your shop and the banking system. The customer enters their card details on the gateway's own hosted page - not on your shop. From there, the gateway:
- Receives the card data on its own secure servers - your shop never sees it
- Encrypts and transmits it to the payment processor (which communicates with the card networks - Visa, Mastercard, etc.)
- The processor checks with the customer's bank that the funds are available and the transaction isn't flagged as fraudulent
- The bank sends an authorisation (or refusal) back through the same chain
- The gateway returns the result to your shop - "payment accepted" or "payment declined"
The money itself doesn't move instantly. Authorisation means the funds are reserved. The actual settlement - when the money lands in your account - typically takes 1-3 working days.
Gateway vs processor vs merchant account
Three terms that often get conflated:
- Payment gateway - the technical interface that connects your shop to the payment system. This is what you integrate with.
- Payment processor - the company that actually handles the transaction, communicating with card networks and banks. Often the same company as the gateway provider, or a partner they work with.
- Merchant account - a type of business bank account that holds funds from card transactions before they're transferred to your main account. Historically required separately; modern gateways often include this functionality.
With Stripe or PayPal, you don't need a separate merchant account - the gateway handles everything. With traditional providers like Worldpay or Opayo, you typically need a merchant account from a bank as well, which adds cost and complexity.
The main UK payment gateway providers
Stripe
The default choice for most new UK online shops and the one we most often recommend to Futurestore clients. No monthly fee, pay-as-you-go pricing, excellent developer integration, reliable uptime, and good fraud detection built in. UK card rate: 1.5% + 20p per transaction.
PayPal
Still widely used and trusted by consumers, particularly for higher-value purchases where buyers want the familiarity of PayPal's buyer protection. Not ideal as your only payment option (some customers prefer to pay directly by card without a PayPal account), but worth offering alongside a card gateway. UK card rate: 1.9% + 30p.
Worldpay
A long-established UK provider, good for higher-volume businesses and those who want UK-based support. Typically requires a merchant account and charges a monthly service fee (around £19-£45/month) plus transaction fees. The monthly fee makes it more expensive than Stripe for low-volume shops.
Opayo (formerly SagePay)
Popular with UK businesses, especially those already using Sage accounting software. Similar to Worldpay in structure - monthly fees plus per-transaction costs. Better suited to established businesses than startups due to the fixed monthly overhead.
Square
Originally designed for in-person card payments, Square has expanded into online shop payments. Worth considering if you sell both online and at markets or events and want a unified system.
| Provider | Monthly fee | UK card rate | Merchant account needed |
|---|---|---|---|
| Stripe | None | 1.5% + 20p | No |
| PayPal | None | 1.9% + 30p | No |
| Worldpay | £19-£45 | ~1.9% | Yes |
| Opayo | £25-£45 | Per-transaction varies | Yes |
| Square | None | 1.9% | No |
What the fees actually cost
Transaction fees feel abstract until you do the maths on your actual business. Here are some worked examples using Stripe's rate of 1.5% + 20p:
| Order value | Stripe fee | Effective % |
|---|---|---|
| £10.00 | 35p | 3.5% |
| £25.00 | 58p | 2.3% |
| £50.00 | 95p | 1.9% |
| £100.00 | £1.70 | 1.7% |
| £250.00 | £3.95 | 1.6% |
The fixed 20p per transaction matters much more on low-value orders. If you're selling items under £10, payment fees become a significant proportion of margin and are worth factoring into your pricing from the start.
On £50,000 of annual turnover with an average order value of £50, Stripe fees would amount to approximately £950/year. That's a predictable overhead to build into your business model.
Non-UK cards cost more
Stripe's 1.5% rate applies to UK Visa and Mastercard transactions. Non-UK cards are typically charged at 2.5% + 20p, and American Express at a higher rate still (usually 2.5-3.5%). If you sell internationally, factor this into your pricing or shipping thresholds.
PCI compliance - what you actually need to know
PCI DSS (Payment Card Industry Data Security Standard) is the set of security requirements that govern how card data is handled. If you're taking online payments, you are required to comply.
The key question is: does card data ever touch your server? With a hosted gateway like Stripe or PayPal, the answer is no - customers enter their card details on the gateway's own page, and the data goes directly to the gateway's infrastructure. Your shop receives only a transaction result. This keeps your PCI scope minimal - your primary obligation is to complete a short self-assessment questionnaire (SAQ) annually confirming your setup.
The alternative - where a custom payment form on your own site collects card details and then transmits them to a gateway - puts you in a much more demanding compliance category. You're handling raw card data, which means extensive security requirements, regular audits, and significant liability exposure if something goes wrong. There's no good reason to do this when hosted gateways are available.
All online shops built by Futurestore use the hosted gateway approach as standard. Card data never passes through our servers or yours - it goes directly from the customer's browser to the gateway. This is the right way to build an online shop, both for security and for minimising your ongoing compliance obligations.
3D Secure and Strong Customer Authentication
Since September 2021, UK regulations (as part of PSD2 / Strong Customer Authentication) require an additional authentication step for many online card payments. You'll recognise this as the extra screen that asks customers to confirm their identity via their banking app or a one-time code.
This is handled automatically by modern payment gateways - Stripe, PayPal, and others have built it into their checkout flows. It doesn't require any configuration from you beyond using a compliant gateway.
The practical effect: checkout has an extra step, which can fractionally reduce conversion for customers who find it inconvenient. This is unavoidable across all compliant payment setups in the UK, so it's not a reason to choose one gateway over another.
Which gateway should you choose?
For the majority of UK small businesses launching their first online shop, our recommendation is:
- Stripe as the primary card gateway - best rates for small volumes, no monthly fee, excellent reliability
- PayPal as an additional option - not everyone wants to use PayPal, but some customers strongly prefer it, and the extra checkout option costs nothing to offer
Graduate to Worldpay or Opayo if and when your volume justifies the monthly fee, or if you have a specific reason to need their particular features or support.
Don't overcomplicate this decision at the start. Stripe works. It handles everything correctly. Set it up, make sure it's integrated properly, and focus on the rest of your business.
Payment gateway setup is included
All online shops built by Futurestore include payment gateway integration as standard. You choose the gateway - typically Stripe - and Lawrence handles the technical setup and testing. You don't need to understand the integration details to have a correctly configured payment system. Built by an ecommerce web design studio - futurestore.co.uk