What is Payment Gateway?

Turkish: Ödeme Geçidi

A payment gateway is a system that securely processes customer payment information in e-commerce transactions, bridging the merchant and bank.

What Is a Payment Gateway?

A payment gateway securely receives customer payment information and communicates with banks, card networks, or payment institutions. It acts as a secure layer between an e-commerce checkout page and the financial transaction infrastructure.

A gateway can tokenize card data, start 3D Secure authentication, request authorization, report the result back to the merchant, and manage refunds or voids. In most setups, the merchant does not need to store raw card data on its own systems.

How It Works

  1. The customer enters payment details through a secure form or SDK.
  2. The gateway validates card data and creates a token.
  3. An authorization request is sent to the bank or payment institution.
  4. If 3D Secure is required, the user is redirected to authentication.
  5. The result is returned to the store through an API response or webhook.

Payment gateway and payment API are closely related. The gateway handles financial connectivity and security; the payment API lets the application initiate and manage those operations programmatically.

Business Use

Payment gateways are used in e-commerce, subscriptions, donations, reservations, marketplaces, and payment link flows. Selection should consider installment support, local bank agreements, commission rates, refund handling, fraud filters, reconciliation reports, and supported currencies.

3D Secure adds cardholder authentication and reduces some risks, but application-level issues such as duplicate charging, poor error handling, or missed webhooks still need careful design.

3D Secure

3D Secure is an EMVCo payment security protocol where the issuing bank adds an authentication step to online card payments.

Buy Now, Pay Later (BNPL)

Buy now, pay later lets shoppers receive goods immediately while paying in installments or after a delay through an alternative payment provider.

E-Commerce

E-commerce is the digital sale and management of products or services through websites, marketplaces, mobile apps, and connected systems.

Headless Checkout

Headless checkout separates the payment UI from the commerce backend, using APIs for cart, payment, tax, shipping, and order creation.

iyzico

iyzico is a payment service provider widely used in Turkey for e-commerce, offering easy integration and secure payment infrastructure.

Payment API

A payment API is a programmatic interface that allows applications to securely initiate, verify, and manage payment transactions.

Papara (Payment Provider)

Papara is a Turkish electronic money institution offering personal and business accounts, money transfers, prepaid cards, and payment services.

Param (Payment Provider)

Param is a Turkey-based payment provider used for virtual POS, card collection, payment links, and digital payment flows for businesses.

PCI DSS

PCI DSS is the payment card security standard for protecting cardholder data across systems that store, process, or transmit it.

POS System (Point of Sale)

A POS system is point-of-sale software and hardware that handles sales, payments, receipts, inventory updates, and shift operations.