A shopping cart is any plugin or system through which:
- a customer select product(s) to buy,
- pays for the products,
- and, for digital products, receives access.
A cart can be an eStore (e.g. WooCommerce), a membership plugin (e.g. MemberPress), an eCourse plugin (e.g. LearnDash), or simply a form that takes payments.
A gateway is the payment API and is responsible for:
- entering credit card information,
- interacting with the credit card’s bank,
- approving or denying a sale,
- handling the transfer of funds from the customer’s bank,
- and handling the transfer of earnings to your bank.
As you can see from above, the cart doesn’t ever handle any of the credit card information typed in. It simply embeds the gateway in its checkout process. The cart never has the full credit card, PIN number information.
What is a transaction ID?
During the payment transaction, the gateway gives the cart a unique transaction ID to store. This is the only link between the customer’s order and payments.
If the gateway is handling recurring payments of a subscription, it may also send a unique subscription ID to the cart.
A unique account id is also sent to the cart which holds the customer’s credit card information for future uses (e.g. recurring payments).
How are refunds handled?
The initiation of a refund is handled by the cart.
The request is sent by the cart to the gateway using the unique Transaction ID. The gateway let’s the cart know if the refund was processed successfully.
How are subscriptions handled?
It depends on the cart. Some carts will manage the payment schedule for a recurring subscription themselves. The cart sends a request to charge the credit card to the gateway when it is time using the unique customer id .
Other carts will tell the gateway what the payment schedule is and the gateway will handle all recurring payments. Each time the payment goes through, the gateway tells the cart if it is successful or not. For failures, it also sends an error code.
Who handles “about to expire” email notifications?
Some gateways allow the cart to store the last for digits of a credit card and the expiration date. The cart can use this information to and send out credit card expiration notices and display the last four digits on order.
It is also possible for a external source (e.g. ActiveCampaign, Keap) to send these emails.
Who handles email auto renewal notifications?
Auto renewal notifications are the responsibility of the cart.
It is also possible for a external source (e.g. ActiveCampaign, Keap) to send these emails.
Who emails the payment receipt?
It depends on how you setup your cart and gateway. You may want to turn off the receipt in one or the other.
Choosing a Payment Gateway
You need to take several things into consideration.
- Are all your customers in your own country or do you serve a global clientele?
- Is the gateway included in your cart? Do you have to pay extra?
- Will you be accepting other forms of payments besides the major credit cards?
- Will you be taking payments in person through at your retail location or a consulting session?
The table below compares some of the most popular gateways for U.S. based businesses. Fees may vary if you are using a card reader or completing a manual entry.
| Gateway | Monthly Fee | Within U.S. | Outside U.S. | eChecks | Countries Served |
|---|---|---|---|---|---|
| Paypal Standard | $0 | 2.9% + $0.30 | 4.4% + country specific fee | Same Fee | Over 200 |
| Stripe | $0 | 2.9% + $0.30 | 3.9% + $0.30 | 0.8%, cap $5 | 37 |
| Braintree | $0 | 2.9% + $0.30 | 2.9% + $0.30 | 0.75%, cap $5 | 8 plus Paypal |
| Square | $0 | 2.9% + $0.30 | Unsure | No | 5 |
Last Updated: April 29, 2020
If you already have a merchant account or are looking at using one, most likely you will need Authorize.net in order to take online payments.
This means you will need to pay the fees of Authorize.net plus your merchant account. You can use the chart below to calculate what each transaction fee is.The global reach depends on your merchant provider.
| Gateway | Monthly Fee | Within U.S. | Outside U.S. | eChecks | Countries Served |
|---|---|---|---|---|---|
| Authorize.net | $25 | $0.10 | $0.10 | $0.75 | Varies |
| Your Merchant |
My business is outside the U.S. What should I use?
The gateway comparison above is for U.S. based businesses. You will need to do some research for your country or region.
What is Authorize.Net?
Authorize.net is a middleman that handles online transactions between your website’s cart and your bank’s merchant account.
In order to connect your merchant account to your online cart, you will most likely need to buy Authorize.net. There is usually not direct connection between your merchant provider and your cart.
Can I use more than one Payment Gateway?
Yes. Quite a few online stores have more than one payment method.
It is common to use Paypal and a second gateway. This is because some customers prefer Paypal and others are repelled by it.
Also, since Paypal reaches most countries, it is very useful for businesses with a global reach.
Also you may have an offline payment method if you take some checks or use a merchant account for on-site transactions.
What is Braintree?
Braintree is a payment gateway that integrates with Paypal so you can take Paypal payment as well. It also accepts several other payment types such as Apple Pay.
Why not just use Paypal?
Paypal seems like the ideal solution because it so well known and reaches globally. However, there are some customers who will do anything to avoid using it.
AND it can be clunky. The checkout process can be a bit confusing because you are taken to Paypal to complete payment and then you have to wait a few seconds to be taken back to the site. Things can go wrong.
For Paypal Standard, the customer has to have a Paypal account. For the business, if you have a limited cart, weeding through subscriptions and transactions to refund can be cumbersome.
Stripe doesn’t notify me when a recurring payment fails.
This is correct. Stripe does not send out any email notifications for payment failures or, for that matter, when a recurring payment goes through.
This is the job of your cart or you can purchase a subscription with another service to handle upcoming expirations and payment failures.
What is an eCheck?
It is an electronic check. This form of payment takes days to clear. For online businesses, there is a risk involved in accepting this form of payment as it could “bounce.” Therefore, unless you are professional service that has one-to-one relationships with their clients, this form of payment is not recommended.
Square has a great blog post on how an eCheck works.
What are the minimum hosting requirements?
For e-commerce plugins like WooCommerce, Digital Downloads and CartFlows or membership and e-course plugins, you can use shared hosting as long as you have an unexpired SSL certificate installed. This is because the credit card information is not stored on the web server.
Any shared hosting plan is not HIPAA compliant. Other sensitive information such as contact information is stored on your web server.
A Let’s Encrypt certificate is fine for eStores that do not need the extra certificate validation.
To get started, a low-cost hosting company I recommend often is SiteGround.