Payment Processing

Payment gateways and processing platforms for accepting online payments, managing subscriptions, and handling refunds. European payment processors keep your transaction data, customer billing information, and financial records within EU infrastructure, ensuring GDPR compliance for your most sensitive financial data flows.

What to Look For

Card processing
Multi-currency support
Recurring billing
Payment links
Fraud detection
Developer API

GDPR Considerations

Payment processing involves the most financially sensitive personal data your business handles: credit card numbers, bank account details, billing addresses, transaction amounts, and purchase histories linked to identifiable individuals. Under GDPR, this financial personal data requires robust protection, and the PCI DSS standards that govern card data security are complemented by, not a substitute for, GDPR obligations around data residency and subject rights. When your payment processor is a US-based company, transaction metadata including customer names, billing addresses, purchase amounts, and payment method details is processed under US jurisdiction. European payment processors like Mollie, Adyen, and Stripe's Irish entity keep this data within the EU, combining PCI DSS security with GDPR data residency. For businesses processing recurring payments, the ongoing storage of customer billing profiles makes the choice of payment processor a long-term GDPR commitment.

How to Choose

With 4 European payment processing options available, choosing the right one depends on your priorities. Here's a quick guide:

Enterprise procurement requirements

Mollie, Adyen hold ISO 27001

European Payment Processing Software

Mollie screenshot
Mollie logo

Mollie

Developer-friendly European payment processing from the Netherlands

Per-transaction
Amsterdam
🇳🇱🇪🇺
GDPRISO 27001DPA
Adyen screenshot
Adyen logo

Adyen

Global unified commerce payment platform from the Netherlands

Per-transaction
Amsterdam
🇳🇱🇪🇺
GDPRISO 27001SOC 2DPA
SumUp screenshot
SumUp logo

SumUp

Accessible card payments and POS for small businesses across Europe

Per-transaction
London
🇪🇺
GDPRDPA
GoCardless screenshot
GoCardless logo

GoCardless

UK-based direct debit and recurring payment platform for businesses

Per-transaction
London
🇪🇺
GDPRDPA

Compare Payment Processing Products

Mollie vs Adyen
Mollie vs SumUp
Mollie vs GoCardless
Adyen vs SumUp
Adyen vs GoCardless
SumUp vs GoCardless

Payment Processing by Country

Payment Processing in Netherlands

🇳🇱 Browse payment processing hosted in Netherlands

Looking for US alternatives?

Stripe alternatives

European alternatives to Stripe
PayPal alternatives

European alternatives to PayPal
Square alternatives

European alternatives to Square

Payment Processing — Frequently Asked Questions

Is Stripe GDPR-compliant for EU businesses?
Stripe has a European entity (Stripe Payments Europe, Ltd. in Ireland) that processes payments for EU merchants. However, Stripe Inc. is a US parent company, and some data processing functions may involve US infrastructure. Stripe's privacy policy describes data sharing with its US affiliates for fraud detection and service improvement. For most EU businesses, Stripe's European entity provides a reasonable level of GDPR compliance. However, businesses with heightened data sovereignty requirements may prefer a purely European payment processor like Mollie or Adyen, which have no US parent company and process all data exclusively within the EU.
What personal data does a payment processor store beyond card numbers?
Payment processors store far more than just card numbers. Transaction records include customer names, email addresses, billing and shipping addresses, IP addresses, device fingerprints, transaction amounts, purchase timestamps, and refund histories. For subscription billing, the processor maintains ongoing customer profiles with payment method details and billing cycle information. Fraud detection systems build behavioral profiles based on spending patterns and device characteristics. All of this constitutes personal data under GDPR. An EU-based payment processor ensures this comprehensive financial profile stays within European jurisdiction.
How do European payment processors handle PSD2 Strong Customer Authentication?
European payment processors natively support PSD2's Strong Customer Authentication (SCA) requirement, which mandates two-factor verification for most online card payments within the EU. This includes 3D Secure 2.0 integration, exemption management for low-risk transactions, and delegated authentication flows. Because PSD2 is an EU regulation, European payment processors have built SCA compliance into their core product from the start, with optimised flows that minimise checkout friction while maintaining compliance. US-based processors have added SCA support as an additional feature but may not handle the nuances of exemptions and regional requirements as seamlessly.
See only GDPR-compliant Payment Processing