The general method is that the payment gateway will have an api. You basically send them out some variables. They process the transaction and return a code which signifies a confirmation (or declined, or error, etc.).
Unless you’re storing the data I don’t see why any method would be more/less secure than the other.