Introduction
Small businesses rarely choose between “hosted” and “integrated” payment gateways in the abstract. They choose between faster time-to-revenue and full control over checkout UX.
- Hosted flows move card data collection off your domain (often simplifying PCI scope) but may add redirects or iframes.
- Integrated flows keep shoppers on your site with more design control—but often increase what you must secure, test, and monitor.
Below is a 2026-friendly comparison with decision criteria that match real WooCommerce, Gravity Forms, and Easy Digital Downloads deployments. For vocabulary, see our payment gateway glossary; for a deeper build process, see WooCommerce payment gateway integration checklist.
What “hosted” usually means
In practice, hosted checkout often means one or more of:
- Full-page redirect to the processor’s domain to pay.
- Hosted payment page with your branding but their URL.
- Hosted fields—iframes or JS components where card data never touches your server application logic.
Merchants still have configuration work: webhooks, API keys, allowed domains, and 3-D Secure behavior. “Hosted” does not mean “zero compliance homework.”
What “integrated” usually means
Integrated (or on-site) checkout typically keeps the customer on your domain for more of the journey. Card data might be:
- Entered in fields your theme renders (higher PCI scrutiny unless using certified hosted field components).
- Tokenized via hosted fields that still feel integrated—this hybrid is common in modern gateways.
The line blurs; what matters is where cardholder data flows and which SAQ path your acquirer expects. Confirm with your processor and PCI SSC materials—not blog summaries alone.
Comparison table: hosted vs integrated
| Factor | Hosted (redirect / processor-hosted) | Integrated (on-site UX) |
|---|---|---|
| PCI scope | Often narrower when card data stays off your origin—verify your exact integration | Often broader if raw card data hits your stack—unless using certified hosted fields |
| Dev / setup | Often faster to first live transaction | More theme, checkout block, and edge-case testing |
| UX control | Less control over every field and step | More control; must maintain across Woo updates |
| Mobile | Depends on processor’s mobile flow | Your theme + gateway JS quality matter more |
| Chargebacks / disputes | Same customer rules; tooling is gateway-dependent | Same—ensure descriptors and emails are clear |
PCI and compliance (high level)
Whether hosted or integrated, merchant obligations depend on how you take payments. Plugins should state checkout type clearly; if not, revisit how to evaluate payment gateway plugins.
For merchant-focused PCI context, see how to get PCI DSS certified as a WooCommerce merchant (high-level; not legal advice).
When hosted tends to win
- You need go-live quickly with a small team.
- Your processor’s best-supported flow is redirect or hosted page.
- You want to minimize custom checkout code and rely on the processor’s fraud and 3DS tooling.
When integrated tends to win
- Brand and checkout conversion are priorities and you can invest in QA.
- You need line-item presentation, B2B fields, or subscriptions UX that redirect flows handle poorly.
- You use hosted fields that keep data off your servers while preserving on-site UX—still plan for webhook monitoring (webhook monitoring for WooCommerce).
Plugin vs custom integration
If no catalog plugin fits your processor or workflow, compare payment gateway plugin vs custom integration before writing bespoke checkout code. PatSaTECH offers custom payment gateway integration for non-standard stacks.
Takeaways
- Pick processor-first (countries, methods, settlement), then checkout pattern that the processor supports well.
- Map hosted vs integrated to PCI and maintenance honestly—include webhooks and refunds in the plan.
- Re-test after every major WooCommerce or Blocks checkout update.
Related reading
- How to evaluate payment gateway plugins
- How to get PCI DSS certified as a WooCommerce merchant
- Payment gateway glossary
- WooCommerce payment gateway integration checklist
