Nov 20, 20187 min read

How Secure Is Your Payment Gateway?


If you’ve been checking out our latest content on checkout experiences, by now you know that payment gateways let merchants offer more payment options that, in turn, encourage more sales. (If you haven’t, don’t worry – it’s linked above)

More sales is music to retailers’ ears. But there’s another payment gateway feature that makes them super important for merchants: security.

Securing online transactions is a big concern for e-commerce merchants, as the past year has made all too clear. Large data breaches have hit at least 14 major retailers, with many of the hacks linked to their payment systems. Now’s the time for a check-in to see if your payment gateway provider is offering the security solutions you need to protect online shoppers.

What security features should you be looking for in a payment gateway? Why is it so important to make sure yours passes the test? Let’s take a look.

Secure Payment Gateway = Merchants’ B.F.F.

With almost all retail growth coming from online sales, being able to secure payments is one of the merchants’ biggest hurdles. Cybercriminals are only getting better at stealing payment data, even as more people shop online.

Though security is front-and-center in your mind, securing transactions is complicated and it can be hard to keep up with best practices. We get it.

Payment gateways are making it possible for merchants to have the top-notch security they need to confidently accept any and all payment transactions online. A good payment gateway makes sure that when a customer makes a purchase, the data is securely transferred to your payment processor for authorization. That data is what hackers are after, but a secure payment gateway stops it from being intercepted, stolen and used for fraud.

It seems pretty straightforward: you need a secure payment gateway you can trust, that will protect you and your customers, right? We think so, and we think of payment gateways as a merchant’s best friend in the payment processing ecosystem.

Payment gateways should:

  • Make sure merchants always get paid, at the moment of purchase, so you don’t have to worry about credit or fraud risk
  • Take every precaution to ensure secure transactions, including offering buyer protection


There are a few specific security features your payment gateway should be offering so you can achieve BFF status.

3 Features of Every Secure Payment Gateway Provider

How secure is your payment gateway? Those offering the best protection for merchants and consumers alike offer these three features.

Point-to-point encryption

Point-to-point encryption (P2PE) is viewed as one of the best ways to protect customer transactions. The digital communication that takes place from the moment a customer swipes, dips or taps their card, leaves a merchant vulnerable to fraud. Secure payment gateways use P2PE to keep hackers from being able to intercept payment data as it’s passed from a merchant to a payment processor.

With a payment gateway provider that offers P2PE, merchants can rest easy. It helps ensure less risk of loss of cardholder data or brand reputation in a data breach, of fines for compliance failures, and of lost revenue from fraud.


Tokenization substitutes an actual credit card number with a randomly generated string of characters, a one-time code associated with the transaction. This code or “token” can’t be traced back to the cardholder, and the numbers are meaningless to anyone trying to read them without the decryption key.

Following a data breach, hackers can’t decode these numbers into real values, so choosing a payment gateway that offers tokenization reduces the risk of payment fraud through the use of stolen data.

Tokenization also protects merchants because customers’ sensitive card data is never saved on their networks. It’s another way a secure payment gateway takes on the risk for the merchant. If merchants aren’t holding payment information in their systems, there is nothing for hackers to steal.

PCI DSS Compliance

Payment Card Industry Data Security Standard (PCI DSS) guidance was established by leading credit card brands in 2006 to help merchants and financial institutions provide secure payment solutions.

Some of the requirements for maintaining strong cyber defenses under the Standard include:

  • Buy and use only validated payment software at your POS or website shopping cart
  • Do not store any sensitive cardholder data in computers or on paper
  • Use a firewall on your network and PCs
  • Encrypt transmission of cardholder data across open, public networks
  • Teach your employees about security and protecting cardholder data


There’s a lot that goes into securing payment data during processing. By using a payment gateway, merchants don’t have to be PCI compliant themselves. A secure payment gateway offers PCI level 1 security, so the merchant can rely on the gateway for compliance with these industry-wide security standards.

Security & Smoooth Payments Go Hand in Hand

It used to be that merchants would have to integrate their own software to manage payments and security. Not now. Payment gateways act as a third-party solution, taking the burden of software integration away while giving merchants the latest and best security features they need.

We meet that promise at Klarna, too, giving merchants the potential to easily expand into new markets by offering new payment options, products and services with only one integration. Once the Klarna widget is in your checkout, the sky’s the limit. You’ll always have the security and compliance features you need in all the markets we serve.

Securing online transactions demands innovative solutions to keep up with cyber risk and to offer better payment experiences. Making sure you’re working with a secure payment gateway is one more step on the journey to smoooth payments.

Talk to a Klarna payment expert about our one-time integration payment gateway solution.