Tech Content
8 minutes

Updated: 8/18/2022

Many businesses can become interested in building their own payment gateway: merchants wanting to reduce payment service fees, startups looking into offering a gateway in an underserved region, or online companies who started out with a white label service that is now presenting them with technical limitations instead of support. 

However, too many do not fully understand the size and scope of building a payment gateway from scratch. There are many misconceptions about the steps involved with creating and running your own payment gateway. 

In this article, we’ll answer many questions to give you the full picture of what is necessary to build your own payment gateway solution from scratch.

Payment Gateway Market Overview

The rise in mobile payments, easy access to the internet, and growing e-commerce sales have contributed to the enormous growth of the payment gateway market. In 2021, the global payment gateway market size was valued at $22.09 billion USD, and is expected to expand at a compound annual growth rate (CAGR) of 22.1% from 2022 to 20301

Payment gateways like Amazon Pay, Apple Pay, Samsung Pay, and Android Pay have made the process of bill payments and online purchases even more easy and convenient. The shift in merchant and consumer preference for digital payments and money transfers has influenced various companies to expand their payment systems and will continue to propel the growth of payment gateways in the upcoming future.

US Payment Gateway Market Graph chart

Source

COVID-19 Impacts on Market

The pandemic is one of the driving factors in the growing e-commerce space. Since 2020, there has been a 13-20% increase in the number of customers who prefer to make purchases online2. Consumers' dependency on mobile and internet services has grown with the COVID-19 pandemic and has positively impacted market growth for payment gateways. 

Industry Trends

There has been a rise in the adoption of payment gateway solutions across various industries, especially in utility bill payments, online gaming, OTT platforms, and online pharmacies and grocery stores. 

Many businesses are attempting to keep up with the competition by quickly digitizing and incorporating efficient payment solutions. With online payment gateway markets garnering significant traction worldwide, there is no better time to figure out the right payment gateway solution for your business. 

Pie Chart Global Payment Gateway Market per Industry

Source

Where do I start?

You might think you need to speak with developers or fintech consultants when thinking about building a payment gateway. After all, it is a digital solution for accepting credit card payments. 

However, this belief is misguided; the first thing you will need to do is build business relationships with either a payment processor or an acquiring bank

Why do I need a payment processor?

If you wish to offer a payment gateway as a service, you need something to connect it to. This something is the payment processor. A payment processor, sometimes called a merchant service, moves the transaction through the payment network. Sometimes an acquiring bank can be a payment processor. 

The processor you choose to partner with will provide you with technical information to integrate your gateway with their system. Depending on the payment types you wish to be able to accept, you may need to partner and integrate with several processors.

Why do I need an acquiring bank?

If you are a merchant that wishes to have their own payment gateway, you’ll need a payment processor and an acquiring bank. Merchants already need a merchant account to accept digital payments, which are provided by acquiring banks. 

An acquiring partner is a bank or financial institution (FI) that processes credit or debit card payments on behalf of a merchant. The acquiring bank you choose will assume risk for your business, and as such, will require certain financial commitments due to chargebacks, refunds, ACH returns, and potential fraud. 

An acquiring bank is not the same as a commercial bank, which offers checking and savings accounts. A commercial bank may have an acquiring division, but not all commercial banks can underwrite merchant accounts. Make sure the financial institution you wish to partner with can set you up with a merchant account. 

The payment process has many players, but its many steps can happen within just a few seconds.

1. Customer initiates a digital purchase. 2. The merchant transmits the cardholder information to the payment gateway. 3. The payment gateway encrypts the cardholder information and transmits it to the payment processor. 4. The payment processor verifies the cardholder information and transmits it to the card network. 5. The card network transmits the information to the issuing bank. 6-9. Depending on the amount of funds in the cardholder’s account, an approved or declined message is transmitted back along the payment network. 10. If the payment is approved, funds are transmitted to the merchant’s account at their acquiring bank.

What technical specifications will I need?

Your payment processor of choice will provide the specifications necessary to integrate your payment gateway with their system and the overall payment network. If you plan to accept many different payment types, you may need to get additional specifications from other acquirers or processors. 

These technical specifications will inform what technology you can or should use to build your payment gateway. 

What if I want to sell in multiple geographic locations?

You will need a relationship with a processor that operates in all of the locations. This can mean a partnership with a specific processor that operates in multiple locations, or partnerships with multiple processors.

Local regulations for the region or regions that you wish to do business in will also weigh on the choice of technology for your payment gateway. We have received requests to help create gateways to operate in, as examples, Latin America and Malaysia; local laws and standards can make growth difficult for other popular payment providers like PayPal, which seems to leave open a gap for other providers. 

However, obstacles for larger companies are obstacles for a reason; they are not always so easily addressed by others. 

How much does it cost to build a payment gateway?

Our ballpark estimation for creating a payment gateway minimum viable product (MVP) is between $200K and $250K. This is of course dependent on the functionality you wish to incorporate into your gateway. The MVP described here would at least get you set up in accepting credit and debit card payments.

How long does it take to build a payment gateway?

It can take years to build a payment gateway from scratch. A faster solution is to license a white label product, which can be up and running in just a few months. Many white label products can be customized to your company’s needs.

It can also take months or years for processors or acquirers to decide to integrate with your payment gateway, making it viable for market use. 

To build an MVP payment gateway from scratch, we roughly estimate up to six months. This estimate will likely fluctuate depending on the specifics of your request. 

Won’t I save money in the long term if I build my own gateway?

Maybe, if your processing volume is large enough. Many wrongly assume that if they host a payment gateway solution of their own that they can eliminate credit card processing fees that they are paying to their processor. 

Fees for card network usage and/or processing will always be required by providers like Visa and Mastercard. 

Interchange and settlement costs can only be eliminated with direct integrations with card network providers. This level of integration really only makes sense if your company processes very large transaction volumes, such as into the billions.

Surcharges can be reduced through owning your own payment gateway, but this is again dependent on whether your transaction volume offsets the cost of building and operating a payment gateway.

Owning and operating your own payment gateway also comes with the additional cost of paying for servers and gateway product maintenance. 

It is only worth taking an open source product in-house or developing your own if eliminating some of the third-party gateway-related fees offsets the annual price of gateway maintenance, PCI DSS audit, certifications, and other myriad costs.

Don’t forget about security

Partnering with a processor and getting technical specifications for integration are just the tip of the iceberg. Merchants look for secure payment gateways to boost customer confidence. Secure payment gateways with fraud detection mechanisms can help avoid chargebacks and other problems resulting from fraudulent purchases.

Over the next sections, we’ll discuss other concepts that can have an impact on your ability to build and operate your own payment gateway.

What is PCI DSS?

Businesses that handle cardholder information must comply with the Payment Card Industry Data Security Standard, or PCI DSS. PCI DSS is a list of practices that businesses use to improve the security of card transactions and defend cardholder information from theft. 

According to Rodolphe Simonetti, global managing director at Verizon, there is a close correlation between the lack of PCI DSS compliance and cyber breaches. “Our data shows that we have never investigated a payment card security data breach for a PCI DSS-compliant organization,” he was quoted saying in Verizon's 2019 Payment Security Report. “Compliance works.”

A security breach isn't just about losing customer information: businesses also suffer a loss of customer confidence, future sales, or the threat of legal action. They are subject to fines per PCI DSS noncompliance and, if they have one, the loss of their merchant account.

What PCI DSS compliance level do I need?

There are four levels of PCI DSS compliance. Deciding which one you need to meet is a complicated process, but generally breaks down into four areas:

  • Collection: Will cardholder information be collected on the customer's browser, the merchant's server, or the payment gateway server?
  • Storage: Will card data be stored on the merchant’s servers, or on the payment gateway’s servers?
  • Transmission: How will card data be transmitted to the gateway?
  • Processing: Will cardholder information be processed by the merchant or by the payment gateway?

The following technologies can aid in securing customer information and protecting against cyberattacks. However, use of one or a combination of these technologies themselves does not constitute PCI DSS compliance. 

PCI DSS compliance is a multi-faceted set of standards that cover a range of topics and disciplines. Learn more about PCI DSS on the PCI Security Standards Council’s website

EMV

EMV (which stands for EuroPay, Mastercard, and Visa) is the global standard for credit and debit payments based on chip card technology. Every chip card transaction contains dozens of pieces of information that are exchanged between the card, POS terminal, and the acquiring bank or processor's host. 

EMV does not replace PCI compliance; EMV was created to defend against fraudulent use of cards in a store. If you wish to accept card present transactions, you will need to be able to prove you have the backing to handle EMV transactions.

EMV 3-D Secure

EMV Three-Domain Secure, or 3DS, is a messaging protocol that enables consumers to authenticate themselves when making card-not-present (CNP) e-commerce and m-commerce purchases. The protocol provides an additional security layer that helps prevent unauthorized CNP transactions, protecting the merchant from fraud. The 3DS includes the three domains of merchant/acquirer domain, issuer domain, and the interoperability domain. 

EMV 3DS streamlines the user experience by improving communication 'in the background' between the issuing bank, the acquirer, and the merchant. 

Tokenization

Tokenization, the process of protecting sensitive data by replacing it with a token, is often used to prevent credit card fraud. In credit card tokenization, the cardholder's primary account number is replaced with the token. The token is then passed through the various networks needed to process the payment, but actual bank details are never exposed because they are held in a secure token vault. 

Tokenization in and of itself won't make a merchant PCI compliant, but it is considered a "best practice." It can help reduce PCI DSS scope. 

P2PE

P2PE, or peer-to-peer encryption, lets organizations create secure communication between devices and protects transmitted sensitive information from exposure to intermediate devices on the same network.

P2PE is often used as a compliance solution for PCI DSS.

Alternatives to building your own payment gateway

White label service

A white label service can be a quick way to get up and running offering your own payment solution. It can also reduce the cost of processing by reducing the number of middlemen between your business and your acquirer/processor. 

There are many flavors of white label service, from hosted solution to dedicated gateway to licensed open source payment gateway software. 

If you are worried that white label might not provide the level of customization you’re looking for, there are options. A client who spoke with us regarding that exact scenario learned that building a payment gateway from scratch was not a cost-effective solution for their issues regarding customizing their current white label gateway. Instead, they ended up negotiating for control over their source code in order to implement needed changes faster. You can also partner with a technology services provider to implement changes at your pace.

Replacement service provider

If you’re currently partnering with one of the well-known PSPs like Stripe, Paypal, or Square, there are alternatives out there. However, these providers are market leaders for a reason — their technical innovation has set them apart from the others. 

As such, while you can partner with one of their competitors, the price charged will not be much lower than what you are currently paying. Likewise, it will be difficult to find an alternative that has significant technological advantages over them because of their market leader status. Keep in mind that processors often use mainframe legacy platforms, which tie you to a single point of connection to the banking system. 

License payment gateway source code.

If you are a company with development resources but need to get to market quickly, then you can license the source code of an existing payment gateway. This way, you can deploy it in a PCI-certified environment of your choice and can customize the features you’d like. 

Benefits and Challenges to Building a Custom Payment Gateway

Creating your own payment gateway comes with both advantages and disadvantages. Before deciding whether to build or buy, it is crucial to consider how building a payment gateway from scratch can benefit your business, and also what challenges you may face.

Benefits of Developing Your Own Payment Gateway

Benefits of Developing Your Own Payment Gateway

No Vendor Lock-In

By building your own payment gateway you’ll have the advantage of being independent of pay service companies. Dependency on an external provider can lead to vendor lock-in, a situation where you can’t switch your payment gateway without massive drawbacks. If you are locked in with a vendor, you have limited influence. The terms of use and fees for a payment gateway can change over time to your disadvantage. Plus, if the provider has economic or security issues, it can hurt the reputation of your own platform. Having your own solution allows you to correct shortcomings, and have control over security, fees, and terms of use.

Custom-Made Features

Want your platform to stand apart from the rest? Innovation and smart functionalities help platforms rise to the top and become successful. For unique businesses, by creating your own payment gateway you will be able to have access to all the features you’d like - from recurring payments, support for marketing campaigns, and even cryptocurrency support.

Seamless User Experience

When you design a payment gateway from scratch, you can fine-tune the user experience. User-friendly payment flows, interfaces, and navigation will keep users happy. You can create your own onboarding too, which will lessen friction for merchants. When you build your own payment gateway, you are able to control all aspects of the marketplace business, including user and admin experiences.

Control Over Data

Although self-hosting can come with some costs, data sovereignty provides many benefits. You have the ability to analyze your customers’ payment data to learn about how they use their marketplace and see trends on your platform. This helps you refine your platform’s usability, integrate new features based on what your customers prefer, and even save costs since you can choose between different payment service providers via smart routing.

Long-Term Cost Savings

While payment gateways may cost more upfront to build, in reality, when you develop this product you are investing in the long-term growth of your company. Third-party payment gateways come with their own costs, from sign-up fees to per-transaction charges, which add up over time. 

However, it is important to keep in mind that even with your own gateway, you will still need to pay access fees, interchange fees, and more. The difference between using your own payment gateway and a third-party gateway is about 20 cents, so if you have a huge volume of clients, it may be worth it to build your own. For a smaller volume of transactions, you’d be better off with a third-party gateway. 

Extra Profits

Usually you will not only break even on the initial costs of developing your own payment, but you can actually make a profit if you run your own payment gateway as a side business. You will have the opportunity to sell or rent it to other companies needing solutions with similar feature sets. Also, you can run other businesses using your own payment gateway.

Biggest Challenges for Building a Payment Gateway

Biggest Challenges for Building a Payment Gateway

Development and Maintenance Expenses

It comes as no surprise that creating a payment gateway takes great up-front development costs. It should also not be forgotten that payment gateways include additional, and sometimes recurring, expenses for maintenance, insurance, and other costs. Complying with new regulations and integrating new payment methods come with high costs, but are necessary to stay competitive in the market. For small businesses with tight budgets, developing your own payment gateway may not be the right solution for you. 

Slower Time to Market

Building your own payment gateway, especially with tailor-made features, takes longer than integrating a third-party solution - this means that it will take much longer to get your marketplace up and performing. 

To reduce development time, creating a payment gateway should be one of the first things your developers start to work on, once you have decided on how your marketplace should look. To speed up the process more, you can hire development teams that are experienced in creating custom payment gateways. You should also factor in that the required certification processes can be time-consuming and somewhat out of your control. 

Responsibilities for Functionality and Compliance

As the developer and the owner of a payment gateway, all responsibilities for ensuring the functionality of your marketplace fall to you. This means your team will need to administer continuous comprehensive testing, maintenance, and debugging. You will have to deal with settlements, customer complaints, pending transactions, and many other client-facing issues that may develop. You will also be held accountable for PCI compliance and data security, which requires large costs and specific rules and restrictions. It is more than likely that you will need either additional know-how from your in-house team or from a reliable, external fintech partner.

Aspects to Keep in Mind for Developing a Payment Gateway

Developing a payment gateway is not a walk in the park, however, with the knowledge of what it takes to build a payment gateway, you are one step closer to understanding what is required of this undertaking. Before you get started on creating your payment gateway, have a plan in mind for how the following core aspects factor into your payment gateway solution.

Aspects to Keep in Mind for Developing a Payment Gateway

Interactions Between Buyers, Sellers, and Marketplace Operators

The foundation of your payment gateway solution should be built around the basic interactions between your buyers, sellers, and the platform itself. Before programming even starts, you will want to carefully consider what interaction flows should be set up, including how your consumers and sellers will use the payment gateway. To get started on this thought process, take into account the following questions:

  • How much data will your platform collect from buyers?
  • Will your customers be private, corporate, or both?
  • Is your marketplace C2C, B2C, or B2B?
  • Will you be onboarding private consumers or other companies?
  • What legal requirements do you need to adhere to?
  • Will your platform accept multi-party transactions?
  • Will your features include multi-currency support?

Data Collecting

 A key consideration before diving too deeply into design and development is how your system will handle customer and financial transaction data securely. In the case of development, this means using secure coding procedures. The payment gateway system you build must also comply with financial regulations and data protection policies, which may vary across countries.

Integration

If you offer online payment on your marketplace, you will come to a crossroads during development, where you must decide how to integrate payment service providers into your payment gateway. This can take two forms:

  1. PSP integration via API which uses an internal checkout page as a part of your platform’s frontend. Remember, designing this type of integration is the responsibility of your frontend team.
  2. Redirection, which leads the user to the Payment Provider’s designated, external checkout page. 

Neither of these options is necessarily better nor worse than the other, but before choosing, you should consider technical practicability and useability for consumers. Will customers want to be redirected outside of your site and deal with entering credit card credentials and waiting lines you can’t control? Additionally, keep in mind that various platforms may refuse some payment methods. 

Scalability

If you choose to develop a payment gateway from scratch, it is smart to have a good idea of potential transaction numbers, to make sure your system can adequately and efficiently support forecasted growth. It would be a shame to have your system work perfectly during your beginning phases, but fail to support a greater number of transactions in the future, as your business grows. 

You must build your system to scale to your future transaction needs and workload; making accurate estimates is the key to functionality. Here are a couple of numbers to consider:

  • Forecasted max, peak load in a day, an hour, and a minute, or at certain times (e.g. Black Friday and Cyber Monday sales windows)
  • Predicted quantity of transactions in 12 months, in a few years, and beyond.

Time to Market 

The implementation of a payment gateway varies quite a lot and is most influenced by the addition of various functionalities, flexibility, and scalability of your system. Our advice is the more complex the system and the more smoothly it will scale, the more time it’ll take to create it, and this ultimately means a prolonged launch. If you need a quick time to market, you might aim for creating a simpler system or use an already existing payment gateway.

System Architecture 

After you have given consideration to interaction flows, data collection, scalability, and time to market, the next step is to outline your payment gateway in detail. On a technical level, that means laying down proper system architecture. To do this, your team must consider several crucial aspects, such as deployment, monitoring, and security.

Development

During the development process, you will have new design decisions to consider. With clear goals in mind, you will need to make various development choices:

  • Choosing the Right Team: If you plan to create a payment gateway with many different features, we advise you to work with experienced professionals who specialize in developing those functions. If you do not already have staff members with expertise in these specialties, you can hire experts who can provide a consultation on what features to include in your system and a team who can develop and implement them. Hiring skilled specialists externally can greatly speed up the development of your payment gateway and get you to market faster than you’d think. 
  • Coding the Solution: Your team and consultants should focus on automation to increase productivity, and will likely ensure the code’s quality through implementing integration, security examinations, and end-to-end (E2E).
  • Integrating Safety & Security: Security should always be prioritized - you can start by getting acquainted with AML and KYC requirements and local laws, as well as following global guidelines, like the standard PCI DSS. Payment gateway developers should obey safe coding procedures while working on a custom payment gateway. Approaches to guarantee privacy and security of personal and financial information, such as SSL encryption and two-factor authentication, should be factored in as well.
  • Adding a Dispute Resolution Interface: Consider providing your users with a simple and convenient interface so they can quickly contact and connect with the issuing bank. This will minimize customer frustration and keep them happy with your service.
  • Product Launch: When your feature-ready MVP is ready to go, taking care of infrastructure becomes a top priority. This means making sure all features work without delay or bugs, thorough security testing, auto-E2E, load examinations, and penetration tests.

Operations and Maintenance

After the excitement of a successful product launch, you may be tempted to sit back and relax. However, along with building additional payment gateway services, your team should be providing ongoing support. It’s important to keep your system running well, and unfortunately, bugs will occur at some point, requiring your team to quickly resolve them. At this stage, you can either have your internal teams provide maintenance, or hire external specialists to operate your software.

Keep in mind that continued operations may even be part of your contract if you had your payment gateway developed by external software engineers in the first place.

Ongoing Development

Your payment gateway may never be finished. Yes, you read that correctly! Chances are likely that you were unable to implement every feature you had planned into your MVP. Even if you did, in software, there is no such thing as “feature complete”. The landscape for payment gateways is so versatile and dynamic that there will always be new features and payment methods for your programmers to integrate.

Optional: API Design

Designing functional APIs for internal use is an important aspect of payment gateway building. If you want to open up an additional source of revenue for your company, you can provide access to your solution to other businesses for their respective platforms. 

Keep in mind that having others use your API can create external dependencies and requires a clear vision and strategies for upgrading. When it comes to APIs, design them with maximum stability, so one API can process as many different payment methods and as much data as possible. Also, make an API flexible enough for it to easily adapt to new payment methods since it is impossible to predict exactly what way of payment will hit the financial system next.

Will Your Payment Gateway be a Success?

In order to launch a successful, well-performing payment gateway, many aspects must be considered. Luckily, in software development, we have the flexibility to experiment, change what doesn’t work, and improve on things that do. If your payment gateway adheres closely to security, functionality, and useability requirements, plus it has a great user experience, it should triumph.


Building your own payment gateways can certainly be worth your time and effort, and may bring added value and profit to your business. If you are ready to build or update your legacy payment system, partnering with software providers that have domain experience will bring you one step closer to figuring out a solution. Softjourn has nearly 20 years of experience in the fintech industry and has helped countless clients create their very own custom-made payment gateway.

Conclusion

Now that you have a well-rounded perspective of what goes into creating a payment gateway, are you still interested in building your own gateway? Talk with one of our payments experts today.

Softjourn is a global technology services provider with over a decade of experience working with Cards & Payments service providers. We've built creative solutions or augmented in-house technical teams to provide support and project-specific expertise resulting in revenue-generating features. 

We specialize in enabling and preserving the security of prepaid cards, developing transaction simulators to save roll-out time, and creating repeatable and strategic approaches to managing payment recovery. We help our customers—payment processors, banks, transaction acquirers, and prepaid card service providers—by leveraging our expertise to increase market share.

 

 

1. Payment Gateway Market Size, Share & Trends Analysis Report By Type Grandviewresearch
2. US ecommerce grows 14.2% in 2021 Digital Commerce 360