Payment Options for Your Store
This guide covers the payment gateways available on your ecommerce webstore, how to configure them, and how you are protected as a user.
Available Payment Gateways
The Ecommerce platform supports three payment gateways. You can enable one credit card gateway and one PayPal option simultaneously.
| Gateway | Type | How It Works | Refunds Supported |
|---|---|---|---|
| Stripe | Credit/Debit Card | Customer enters card directly on your site | Yes (full & partial) |
| Authorize.net | Credit/Debit Card | Hosted payment form pops up over your site | No (must refund via Authorize.net dashboard) |
| PayPal REST | PayPal | Customer clicks PayPal button, authorizes on PayPal | Yes (full & partial) |
| PayPal Express | PayPal (Legacy) | Customer is redirected to PayPal | Yes (full & partial) |
Gateway Details
Stripe
Best for: Most dealers. Simple setup, modern checkout experience, supports refunds directly from dashboard.
What you need:
- Publishable Key (starts with
pk_) - Secret Key (starts with
sk_)
Both are found in your Stripe Dashboard under Developers > API Keys.
Customer experience: Card number, expiration, and CVC fields appear directly on your checkout page. Card data is tokenized by Stripe — it never touches your server.
Nuances:
- Supports USD and CAD
- Test mode available (use test keys from Stripe)
- Refunds can be issued directly from the Ecommerce Orders page
- Partial refunds supported
Authorize.net
Best for: Dealers already using Authorize.net for other business operations.
What you need:
- Login ID
- Public Client Key
- Transaction Key
Found in your Authorize.net dashboard under Account > Settings > API Credentials & Keys.
Customer experience: Customer clicks "Secure Checkout" and a hosted payment modal appears over your site (powered by Authorize.net's Accept.js). Card data is entered in this secure modal, not on your page directly.
Nuances:
- Uses Authorize.net's hosted payment form — PCI compliance is handled by Authorize.net
- Test mode available (requires a sandbox account at https://sandbox.authorize.net)
- If a customer navigates away from checkout and returns, the page may need to reload due to how the Authorize.net SDK works
PayPal REST (Recommended PayPal Option)
Best for: Dealers who want to offer PayPal as a payment option alongside a credit card gateway.
What you need:
- Client ID (NOT your PayPal email — this is an API credential)
- Secret
Found in the PayPal Developer Dashboard at https://developer.paypal.com under My Apps & Credentials.
Customer experience: A PayPal button appears at checkout. Customer clicks it, logs into PayPal, authorizes the payment, and is returned to your site. The payment is authorized first, then captured when the order is confirmed.
Nuances:
- If you also have Stripe or Authorize.net enabled, the PayPal button will not show a credit card option inside PayPal (to avoid duplicate card payment paths)
- PayPal REST uses authorize-then-capture — the customer's PayPal account is charged only after authorization completes
- Supports USD and CAD
- Refunds can be issued from your dashboard
- Common setup mistake: Entering your PayPal email instead of the API Client ID. The system will show an error: "Your Client ID should not be an email address."
PayPal Express (Legacy)
Best for: Dealers with existing PayPal Express Checkout (SOAP API) credentials who haven't migrated to REST.
What you need:
- API Username
- API Password
- Signature
Found in your PayPal account under Profile > My Selling Tools > API Access > NVP/SOAP API integration.
Customer experience: Customer clicks PayPal button, is redirected to PayPal's site, logs in, approves payment, and is returned to your webstore for order confirmation.
Nuances:
- This is the older PayPal integration — PayPal REST is recommended for new setups
- Test mode available (requires PayPal Sandbox credentials)
- Customer leaves your site to complete payment (redirect flow)
- Refunds supported from your dashboard
How to Configure Your Payment Gateway
- Navigate to Webstore Settings in your dealer dashboard
- Under Payment Settings, select your preferred Payment Gateway Provider from the dropdown
- Enter the required credentials for your chosen gateway
- Optionally enable Test Mode to verify the integration before going live
- Click Save
- If you also want PayPal, scroll to the PayPal section and enter your credentials there
Test mode enables sandbox/test environments for your gateway. Use test card numbers (e.g., Stripe: 4242 4242 4242 4242 ) to verify the checkout flow without processing real charges. Remember to disable test mode before going live.
Non-Transactional Mode
If you want to use your webstore for browsing and lead generation without accepting online payments:
- Go to Webstore Settings > Contact Information
- Check "Non-Transactional Store"
- Save
What happens:
- Customers can still browse products and add items to their cart
- At checkout, instead of a payment form, customers see: "Online payments are not being accepted at this time" with a Call Us button
- Customer contact information is still collected through the checkout flow
- No orders are created
Hide Prices is a related option that hides all pricing from your webstore AND automatically enables non-transactional mode.
Dealer Protection & Security
Every payment gateway integrated with the Ecommerce platform is designed to protect you, your business, and your customers' sensitive data.
How Your Webstore Protects Card Data
No card data ever touches your server. Every gateway uses tokenization — your customer's card number, expiration, and CVV are sent directly from their browser to the payment processor. The Ecommerce platform only receives a one-time token representing the transaction. This means:
- You cannot accidentally expose card data in a breach
- You are not responsible for storing or securing card numbers
- Your PCI compliance burden is significantly reduced
| Gateway | Tokenization Method | Where Card Data Is Entered | Card Data on Your Server? |
|---|---|---|---|
| Stripe | Stripe.js creates a token in the browser | Embedded form on your checkout page | Never |
| Authorize.net | Accept.js hosted modal creates opaque token | Authorize.net's popup modal over your page | Never |
| PayPal REST | PayPal handles all payment data | PayPal's own interface | Never |
| PayPal Express | PayPal handles all payment data | PayPal's own site (redirect) | Never |
PCI Compliance
PCI DSS (Payment Card Industry Data Security Standard) requires businesses that accept card payments to meet specific security requirements. Because Ecommerce uses tokenization across all gateways, your compliance obligation is limited to the simplest level:
- Stripe: The card form is embedded on your page but runs inside the processor's secure element/iFrame. You qualify for SAQ A-EP — the second-simplest self-assessment.
- Authorize.net: The customer enters card data on the processor's own hosted form/page. You qualify for SAQ A — the simplest self-assessment.
- PayPal: All payment data is handled entirely by PayPal. You qualify for SAQ A.
None of these gateways require you to undergo a full PCI audit or penetration test.
Fraud Protection by Gateway
| Gateway | Built-in Fraud Protection |
|---|---|
| Stripe | Stripe Radar — machine learning fraud detection included on all accounts. Automatically blocks suspicious transactions. Address Verification (AVS) and CVC checks enabled by default. |
| Authorize.net | Advanced Fraud Detection Suite (AFDS) — configurable fraud filters including velocity filters, IP blocking, and transaction limits. AVS and CVV verification included. |
| PayPal REST | PayPal Seller Protection — covers eligible transactions against unauthorized payments and item-not-received claims. Fraud monitoring built into every transaction. |
| PayPal Express | Same PayPal Seller Protection as REST. Chargeback protection on qualifying transactions. |
Chargeback Protection
A chargeback occurs when a customer disputes a charge with their bank. Here's how each gateway helps:
- Stripe: Provides a Disputes dashboard where you can submit evidence (tracking numbers, correspondence, etc.) directly. Stripe handles the response to the issuing bank.
- Authorize.net: Chargeback notifications sent via email. You respond through the Authorize.net dashboard with supporting evidence.
- PayPal: PayPal Seller Protection may automatically cover eligible disputes. For non-covered disputes, you respond through PayPal's Resolution Center.
Best practices to reduce chargebacks:
- Always ship with tracking numbers and require delivery confirmation
- Use clear billing descriptors so customers recognize the charge on their statement
- Respond to customer inquiries quickly — many disputes start because the customer couldn't reach the merchant
- Keep records of all communication with buyers
- Use the shipping address provided at checkout (not a different address requested via email)
Data Privacy
- Transaction IDs only: Ecommerce stores only the transaction reference ID from your payment processor — not card numbers, CVVs, or full account details.
- PayPal: Ecommerce receives only the authorization/capture ID. Customer PayPal account details are not shared with your webstore.
- SSL/TLS encryption: All communication between your webstore and payment processors occurs over HTTPS. Customer data in transit is encrypted.
Test Mode
Every gateway offers a test/sandbox mode. Always test your integration before going live:
- Enable Test Mode in your payment settings
- Use test credentials from your gateway provider:
- Stripe: Test key starts with
pk_test_/sk_test_. Test card:4242 4242 4242 4242 - Authorize.net: Create a sandbox account at https://sandbox.authorize.net
- PayPal: Create sandbox accounts at https://developer.paypal.com/tools/sandbox/accounts/
- Stripe: Test key starts with
- Process a few test transactions through the full checkout flow
- Verify orders appear correctly in your Orders page
- Disable Test Mode when ready to accept real payments
Test mode transactions are never charged to real cards or accounts.
Frequently Asked Questions
Q: Can I accept both credit cards and PayPal?
Yes. Enable one credit card gateway (Stripe, Authorize.net) AND one PayPal option. Both will appear at checkout.
Q: Can I switch payment gateways?
Yes. Change the Payment Gateway Provider dropdown in your settings and enter the new gateway's credentials. Existing orders processed through the old gateway are not affected, but refunds for those orders must be processed through the original gateway.
Q: What currencies are supported?
Currently USD and CAD. Your default currency is set in Account Settings > Currency Settings. All payments are processed in your default currency.
Q: Will my customers' card data be stored on my server?
No. All gateways use tokenization — card data is processed by the gateway provider (Stripe, Authorize.net) and never stored on Ecommerce servers.
Q: What happens if a payment fails?
The customer sees an error message and can retry. The order is not created until payment succeeds. No charges are applied for failed attempts.
Q: Can I use test mode to verify my setup?
Yes. Enable the Test Mode checkbox for your gateway. Use test card numbers from your gateway provider's documentation to simulate transactions without real charges.
Q: I enabled non-transactional mode but still want to collect customer information. Is that possible?
Yes. With non-transactional mode enabled, customers can still go through checkout and enter their contact and shipping information. They just cannot complete a payment. However, no order or lead is automatically created — consider using the product lead forms for lead capture instead.
Q: My PayPal integration isn't working. What should I check?
The most common issue is entering your PayPal email address instead of your API Client ID. The Client ID is a long alphanumeric string found in the PayPal Developer Dashboard, not your login email.
Q: Can customers pay with Apple Pay or Google Pay?
These are not currently supported as standalone options. However, if your customer has Apple Pay or Google Pay linked to their PayPal account, they may be able to use it through the PayPal checkout flow.