Every update, fix, and new feature — documented as we ship it.
Webhooks v2 introduces fine-grained per-event filtering, allowing you to subscribe only to the exact events you need. The dashboard now shows a full delivery log with retry status, latency, and response codes for every webhook attempt.
Instant Payouts are now available in Sweden, Norway, Denmark, Finland, Poland, Czech Republic, Austria, Portugal, Belgium, Netherlands, Ireland, Greece, Hungary, and Romania. Funds arrive within 30 minutes. Fee: 1.0% per payout.
Fixed an issue where the revenue chart in the Dashboard displayed daily totals in UTC regardless of the account's configured timezone. Revenue figures now correctly reflect your local timezone for all date-range reports.
We've deployed CRYSTALS-Kyber (NIST PQC standard) for encrypting stored card data and API secrets. All new keys generated from March 28 use post-quantum cryptography. Existing keys will be rotated automatically over the next 60 days.
No action required. Your API keys and integrations continue to work unchanged.
Adaptive Checkout uses machine learning to rank payment methods by predicted conversion probability for each individual customer. Based on device, location, purchase history, and time-of-day signals. Early access shows +12–19% conversion improvement.
You can now submit evidence for up to 50 disputes simultaneously via the Dashboard or the POST /v2/disputes/bulk-respond API endpoint. Evidence templates are now available for common dispute reason codes.
The new GET /v2/fx/rates endpoint provides live exchange rates updated every 30 seconds for 150+ currency pairs. Lock in rates for up to 60 minutes for customer-facing price displays.
Updated 3D Secure implementation to version 2.3 per card network mandate. Improves frictionless authentication rates by approximately 8% for EU transactions. PSD2 SCA compliance maintained.
Rebuilt the Dashboard frontend with server-side rendering and aggressive caching. Initial page load dropped from avg 3.2s to 1.3s. Transaction list and chart rendering are now 4× faster on large accounts (1M+ transactions).
Merchants and customers can now pause active subscriptions for 1–6 months without cancellation. The subscription resumes automatically at the end of the pause period. Available via Dashboard, API, and the Customer Portal.
API v1.0 will reach end-of-life on December 31, 2026. Migrate to v2.0 before this date to avoid service disruption. All v1.0 endpoints will return a deprecation warning header from April 1, 2026.
Migration guide →Automated revenue recognition engine supporting both ASC 606 (US GAAP) and IFRS 15 standards. Generates compliant deferred revenue schedules, recognition journals, and audit-ready reports. Integrates with NetSuite, Xero, and QuickBooks via direct connectors.
Smart Routing now considers real-time network success rates per card BIN, issuer, and acquiring bank combination. Merchants on Growth+ plans saw an average +2.4% authorization rate improvement in beta testing.
Issue virtual and physical Visa/Mastercard cards programmatically via the Issuing API. Set per-card spend limits, merchant category controls, and real-time authorization webhooks. Available for EU and UK-incorporated platforms.
Paymentgate received its annual SOC 2 Type II renewal covering the period June 2024–June 2025 with zero exceptions across all five trust service criteria. Report available on request from your account manager.
Fully redesigned Payment Links with drag-and-drop field editor, custom domain support, A/B testing for CTA copy, and built-in analytics. Create, share, and track a payment link in under 60 seconds without writing code.
Dunning retry logic is now fully configurable per subscription plan. Set custom intervals, maximum attempts, customer notification templates, and grace period duration. Smart retry mode uses ML to pick the optimal retry time based on card issuer patterns.
Paymentgate is now certified under PCI DSS v4.0, the most current version of the standard. Covers our entire acquiring, tokenization, and storage infrastructure. Attestation of Compliance (AoC) downloadable from the compliance dashboard.
White-labeled customer portal your subscribers can use to update payment methods, view invoices, change plans, and cancel subscriptions — without contacting your support team. Embedded via a single line of JavaScript or a hosted link.
Platform merchants can now split a single payment across multiple connected seller accounts in real time. Set platform fees as a fixed amount or percentage, route funds to sellers instantly, and manage multi-party payouts via the Connect API.
Third-generation fraud model trained on 2.8 billion transactions. Adaptive scoring adjusts thresholds per merchant category, geography, and time pattern. False positive rate reduced by 31% vs v2 while maintaining the same fraud catch rate.
Live transaction feed with sub-second latency, custom dashboard builder with 40+ chart types, scheduled report delivery to email/Slack, and CSV/Excel export. Revenue Intelligence module added: cohort analysis, LTV forecasting, and churn prediction.
Patched a privilege escalation vulnerability where restricted API keys could access resources outside their declared scope under specific conditions. No evidence of exploitation found. All restricted keys auto-rotated as a precaution. CVSS score 7.1 (High).
After 9 months of beta, API v2.0 is now generally available. Key improvements: unified payment intents model, cursor-based pagination, structured error codes, idempotency across all write endpoints, and OAuth2 support alongside API key auth. v1.0 deprecated (EOL Dec 2026).
Rebuilt Shopify and WooCommerce plugins from scratch. One-click installation from the respective app stores, automatic webhook configuration, real-time sync of refunds and disputes, and support for Shopify Markets multi-currency checkout.
New metered billing engine supports per-unit, tiered, volume, and graduated pricing models. Report usage events via API at any frequency; Paymentgate aggregates, calculates, and invoices automatically at period end. Supports pre-paid credits and overages.
Expanded acquiring coverage to 40 additional countries across Southeast Asia, Latin America, and Africa. Local acquiring in Nigeria, Kenya, Brazil, Vietnam, and the Philippines now available. Local currency settlement for all new markets.
Paymentgate is now a certified Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) token requestor. Network tokens replace PANs with network-managed tokens, improving authorization rates by ~3% and eliminating card-expiry failures.
Native Apple Pay and Google Pay support in Paymentgate Checkout and via the JS SDK. Displays automatically on compatible devices and browsers. No additional setup required for existing integrations using Checkout.js v3+.
Launched official React, Vue 3, and Angular component libraries. Pre-built, customisable payment form components with built-in validation, 3DS handling, and accessibility (WCAG 2.1 AA). TypeScript types included. Available on npm.
Complete redesign of the merchant dashboard. Unified navigation, configurable homepage widgets, improved transaction search with 20+ filter dimensions, and a new Developer Tools section consolidating API keys, webhooks, logs, and sandbox controls.
SEPA Instant (SCT Inst) support for euro-denominated payouts across the EU and EEA. Funds arrive in recipient bank accounts within 10 seconds, 24/7/365. Available as an optional payout method for all EU-incorporated merchants at a flat €0.20 per transfer.
Webhooks now use exponential backoff with jitter for retries (5s → 30s → 5m → 30m → 2h → 8h → 24h). Failed events are held in a dead-letter queue for 72 hours and can be manually retried from the Dashboard. Delivery success rate improved from 97.3% to 99.6%.
3D Secure 2.0 support with built-in frictionless authentication, challenge flow fallback, and exemption management (TRA, low-value, MIT). Full PSD2 SCA compliance for EU/UK merchants. Merchants using Checkout.js are automatically enrolled; API integrations require a one-line update.
Subscription engine reached general availability after six months of beta. Features: unlimited plans and tiers, trial periods, proration, invoice generation, and a Customer Portal. Handles the full subscription lifecycle from signup to cancellation. Processes recurring charges in 47 currencies.
Upgraded core payment processing infrastructure to active-active multi-region with automatic failover across EU-West, EU-North, US-East, and US-West. Reduced P99 API latency from 280ms to 94ms. SLA upgraded from 99.95% to 99.99%.
First release of Paymentgate's proprietary ML fraud detection model. Scores every transaction in under 50ms using 200+ signals including device fingerprint, velocity, behavioural biometrics, and network graph analysis. Replaces the legacy rule-based system. Fraud rate in beta reduced by 67%.
Merchants can now accept and settle in 135 currencies. Automatic currency conversion at interbank rates + 0.5% FX fee. Presentment currency is independent of settlement currency — show prices in local currency, receive payouts in EUR, GBP, USD, or SEK.
Virtual Terminal lets any team member accept card payments over the phone or in person without a physical POS terminal. MOTO (Mail Order / Telephone Order) transactions with full PCI DSS scope reduction via Paymentgate's hosted fields — no card data touches your servers.
Received ISO/IEC 27001:2013 certification covering our information security management system. Published GDPR Data Processing Agreement (DPA) covering all EU/EEA data subjects. DPA downloadable from the compliance dashboard and automatically incorporated into all accounts.
General availability of the Paymentgate REST API, Checkout.js hosted payment form, webhook system, and sandbox environment. Full documentation, official Node.js and Python SDKs, and Postman collection published. 200+ merchants onboarded in the first 30 days.
After four years of operating the legacy Paymentgate system (2018–2021), we rebuilt the entire platform from the ground up. The new v2 architecture replaces the monolithic PHP/MySQL stack with a distributed microservices platform, a new REST API, hosted checkout, and a completely redesigned merchant dashboard. All legacy merchants were migrated automatically. This is the beginning of Paymentgate's new era.
The entries below are from the original Paymentgate legacy platform (v1). In February 2022, the entire system was rebuilt and relaunched as Paymentgate 2.0.
Released migration tooling to help legacy merchants export transaction history, stored customer data, and saved cards to the new v2 format. A v1-compatibility shim was provided to allow existing integrations to keep working during the transition window (through Q2 2022).
Selected design partners and high-volume merchants were invited into the closed beta for the rebuilt platform. 40 merchants joined. Feedback from this beta directly shaped the final v2.0 API design, dashboard UX, and webhook delivery system.
Dropped support for TLS 1.0 and TLS 1.1 across all API endpoints and the merchant dashboard. All integrations now require TLS 1.2 minimum (TLS 1.3 recommended). Notified all merchants with 90 days' notice. Fewer than 2% of integrations required updates.
Introduced improved bank routing logic reducing average payout settlement time from T+3 to T+1 for Swedish, Finnish, and Danish accounts. Added support for BACS (UK) and ACH (US) payout rails. Payout status webhooks added for real-time reconciliation.
Added native Klarna Pay Later and Pay in 3 as checkout options for Nordic and EU merchants. Swish integration for Swedish merchants allows instant mobile bank payments — payment confirmation in under 3 seconds. Both methods available through the existing hosted checkout with no code changes.
Overhauled the analytics section of the legacy merchant dashboard. Added customisable date ranges, CSV export, hourly transaction charts, and a new revenue by country heatmap. Average page load time reduced from 4.2s to 1.1s via query optimisation and result caching.
Fixed a session token rotation issue in the legacy dashboard that could allow a previously authenticated session to remain valid after logout under specific conditions. No merchant data was accessed. Tokens were force-revoked for all active sessions. All impacted merchants were notified.
Improved 3DS 1.0 pass-through coverage to 94% of issued cards in the Nordic region (up from 71%). Updated the Verified by Visa and Mastercard SecureCode ACS directory with new issuer endpoint data. Reduced 3DS timeout errors by 38%.
Added iDEAL (Netherlands) and Bancontact (Belgium) to the checkout. Both methods route directly through local banking networks with near-instant settlement. Merchant adoption in the Netherlands grew 320% within 60 days. Combined with existing SEPA coverage, Benelux merchants now had full local payment coverage.
Rewrote the legacy webhook delivery engine with exponential backoff retries (1m, 5m, 30m, 2h, 24h), a 72-hour delivery window, and a webhook delivery log in the dashboard. Failed deliveries could now be manually replayed. Delivery success rate improved from 91.4% to 99.2%.
As e-commerce volumes spiked 280% during the initial COVID-19 lockdowns, the legacy infrastructure was scaled horizontally across three additional EU data centres. Auto-scaling thresholds were tuned, CDN coverage expanded, and peak capacity increased from 1,800 to 6,400 transactions per second with no downtime event.
Implemented full PSD2 SCA compliance ahead of the September 2020 EU enforcement deadline. Exemptions engine handles low-value (<€30), low-risk, and recurring MIT transactions automatically. Merchants saw an average 2.1% conversion uplift from intelligent exemption routing vs. challenging every transaction.
Added SEPA Direct Debit (SDD Core & B2B) for merchants with EU customers. Merchants can collect one-off or recurring mandated debits directly from customer IBAN accounts. Mandate management, pre-notification emails, and dispute handling all available through the legacy API and dashboard.
Merchants can now respond to chargebacks directly from the legacy merchant dashboard. Upload evidence documents (receipts, shipping confirmations, communication logs) through a guided flow. Merchants who used the portal for dispute responses won 58% of cases vs. the industry average of 31%.
Merchants can create, send, and track professional PDF invoices directly from the legacy dashboard. Invoices auto-generate a unique payment link. VAT calculation for EU countries built in. Sent-invoice tracking shows open/paid/overdue status with automatic reminders at 3, 7, and 14 days.
2FA via TOTP (Google Authenticator, Authy) became mandatory for all merchant admin accounts. Team member accounts could opt in voluntarily. TOTP enforcement reduced account takeover attempts by 96% within the first quarter. SMS-based 2FA was also made available for markets without smartphone access.
Merchants can now invite team members with role-based access: Owner, Admin, Developer, Finance, and Read-only. Each role has a distinct set of dashboard and API permissions. Activity logs record all user actions with timestamps and IP addresses. Teams of up to 25 members supported in the legacy system.
Added a dedicated Refunds endpoint to the legacy API supporting full and partial refunds on any captured transaction. Refunds are reflected in dashboard revenue reporting and settlement statements automatically. Merchants can issue up to 10 partial refunds per transaction.
Ahead of GDPR enforcement, added customer data export (JSON/CSV) and right-to-erasure tooling to the legacy platform. Merchants can submit data subject requests via API or dashboard. A DPA was published and made available to all merchants. PII handling documentation updated across all systems.
Merchants can now vault customer cards for one-click repeat purchases. Tokens are stored in Paymentgate's PCI-certified vault — merchant servers never touch raw card data. Token-based charges available via the legacy API. Returning customer conversion rate for beta merchants improved by an average of 22%.
After six months of assessment by a Qualified Security Assessor (QSA), Paymentgate received PCI DSS Level 1 certification — the highest tier, required for processors handling over 6 million card transactions annually. This allowed us to onboard enterprise clients and large-volume merchants that had previously been out of scope. A dedicated compliance page and shared responsibility model document were published for merchants.
Onboarded our first enterprise-tier merchant, a Stockholm-based e-commerce group processing over 50,000 transactions per month. Required dedicated infrastructure provisioning, a custom SLA, a named account manager, and a private integration support channel. Enterprise onboarding playbook created from this engagement.
Paymentgate crossed 1,000 active merchants in December 2017, three years after founding. Further private investment was secured at this stage — investor identities and amounts remain undisclosed by choice. Capital was earmarked for engineering headcount (target: 40 engineers by end of 2018), a second data centre in Frankfurt, and expanded compliance coverage for DACH markets.
Added idempotency key support to charge and refund endpoints — critical for preventing double-charges on network retries. Expanded error code catalogue from 18 to 64 structured codes covering decline reasons, validation failures, and rate limit responses. Pagination added to list endpoints (cursor-based, replacing offset). Developer feedback rating of the API improved from 3.1 to 4.4/5 in the quarterly survey.
Added 3DS 1.0 support via a redirect-based flow. Merchants can enable 3DS selectively per transaction or for all card-not-present payments. Integrations with Visa's Verified by Visa and Mastercard SecureCode ACS networks. Chargeback liability shift applied for authenticated transactions. Tested across 14 issuing banks in Sweden, Finland, and Denmark before launch.
Expanded payment processing to Estonia, Latvia, and Lithuania, completing full Baltic coverage. Added EUR settlement for Baltic merchants and integrated with local card issuer networks. Compliance requirements for each jurisdiction reviewed with local legal counsel. Latvian and Estonian merchant support added via email and a local-language knowledge base section.
Paymentgate merchants in EU SEPA-zone countries can now receive payouts via SEPA Credit Transfer with T+1 settlement (next business day). Previously, payouts were via domestic bank transfer with T+3 settlement. SEPA payouts support EUR only; DKK, NOK, and SEK settlements continue via domestic rails. Batch payout scheduling added to the legacy dashboard.
The legacy hosted payment page (iframe-embedded checkout) was redesigned from scratch for mobile-first UX. Auto-detects card brand from BIN, inline validation, Apple Pay and Google Pay added for compatible browsers. Average checkout completion time reduced from 48s to 31s. Mobile conversion rate improved 18% across beta merchants in A/B testing over 6 weeks.
Paymentgate received private investment backing from a small group of strategic individuals — details of investors and amounts remain private and undisclosed. The capital was used to hire four additional engineers, relocate to a dedicated colocation facility in Stockholm, and begin the PCI DSS Level 1 assessment process. Team grew from 7 to 14 employees.
Shipped the first version of recurring billing for legacy merchants. Supported fixed-interval subscriptions (monthly/annual) with automatic card charges. No proration or trial support yet — those came later. Used by 23 merchants within the first month. Subscription revenue as a share of total platform volume grew from 0% to 11% within 90 days.
Expanded card processing to Denmark, Finland, and Norway, bringing total supported markets to 4 (Sweden, Denmark, Finland, Norway). Each market required separate acquiring agreements, local compliance review, and currency settlement routing. DKK, NOK, and EUR added as settlement currencies alongside SEK. First Finnish and Danish merchants onboarded within 72 hours of launch.
Shipped the first real-time dashboard for legacy merchants: live transaction feed with search and filter, daily/monthly revenue graphs, approval rate trend charts, and a top-declined-reasons breakdown. Data refreshed every 30 seconds (polling). This replaced the previous reports-by-email system that merchants had used since the beta launch.
Reached 100 active merchants — a milestone celebrated within the team as proof of product–market fit. In the same month shipped Swish integration for Swedish merchants: instant mobile bank payments with confirmation in under 3 seconds. Swish became the second most-used payment method (after Visa/MC) for Swedish consumer merchants within 60 days of launch.
Completed migration of all legacy platform endpoints from TLS 1.0/SHA-1 to TLS 1.2/SHA-256. Driven by the major browsers' SHA-1 deprecation timeline and PCI DSS guidance. All merchants were notified 60 days in advance. A small number of integrations using outdated HTTP clients required support assistance to upgrade.
Five design-partner merchants in Sweden went live on the Paymentgate legacy platform: a furniture e-commerce store, a SaaS startup, a ticket seller, an independent bookstore, and a subscription coffee brand. All five processed their first transactions within 48 hours of integration. Combined, they processed 847 transactions in the first month with a 97.2% approval rate. Visa and Mastercard only; Swedish merchants only at this stage.
Launched the first merchant-facing dashboard. Features at launch: paginated transaction list with search, manual payout request (weekly batch), monthly revenue CSV export, and a basic approval rate counter. Built with PHP/Blade templates, deployed on a single VPS. No mobile support at this stage. Design heavily influenced by early Stripe dashboard screenshots.
Paymentgate AB was incorporated in Stockholm, Sweden on October 14, 2014 by Rhea Kalniņa and Maja Svensson. Rhea, a payment infrastructure engineer with six years across Baltic fintech firms, designed the core processing architecture. Maja led product and merchant relations. Markus Becker — a pioneer in Nordic e-commerce and logistics — joined as co-founder and early backer, contributing strategic direction and network access. The founding vision: a payment gateway built for Nordic and Baltic merchants with developer-first APIs and fully transparent pricing. The first internal prototype processed its first test transaction (SEK 1.00 to a test acquiring sandbox) on the founding day. Funded privately from day one — investment details undisclosed.
Signed the foundational acquiring bank partnership that enabled Paymentgate to process Visa and Mastercard transactions on behalf of Swedish merchants. The acquiring agreement took 11 months to negotiate from initial contact to signature — the single longest pre-launch task. Without this, no card processing was possible. The agreement covered Sweden only; additional countries required separate acquiring relationships, added later as the company expanded.
Get notified when we ship new features and improvements.
Or follow status.paymentgate.com for live updates.