Shopify is a leading cloud-based multi-channel ecommerce platform. There are more than 600,00 businesses using the platform, and more than 1 million active users.

If you’re one of the many businesses selling on Shopify—or if you’re considering using the Shopify ecommerce platform—it is important to have a full understanding of all the features and functionality Shopify offers, and how those different options can affect integration with an ERP system or other third-party gateways.

While most of the information you need is available directly from Shopify, there are a few issues that we have encountered in our integration work with clients that are not apparent on the Shopify site. These challenges involve Shopify credit card processing, and impact both one-time and recurring payments.

We want to share these challenges with you, so you can make an informed decision when deciding if Shopify is the right ecommerce platform for your business.

A brief overview: Online credit card processing

One of the most common Shopify payment methods is via credit cards. Of course, Shopify must be— and is—compliant with the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS standards apply to all businesses that accept, process, store, or transmit credit card information to make sure a secure environment is maintained. There are multiple levels of compliance, which are determined based on transaction volume. To identify the level that applies to your business and for more detailed information on PCI DSS requirements, consult their FAQ resource.

The main issue ecommerce vendors need to be aware of is that these PCI DSS regulations have forced most credit card payment gateways to employ “tokenization.” When a customer enters their credit card information on a website, the details of that card are not stored on the ecommerce site. Rather, they are hosted in a payment gateway system. When a customer has chosen to save their credit card details for future purchases, and then returns to make more purchases, that person’s credit card information is retrieved from the authorization gateway server via an API (application programming interface) in the form of a token—consisting of letters and numbers—which represents that person’s information.

One of the most common payment gateways is Authorize.net. This provider (along with many other third-party payment gateways) employs a Customer Information Management (CIM) service for recurring credit card processing. A CIM service allows customers to save their billing, payment, and shipping information on file for future orders in the form of a token.

Because of the token, the customer is not required to re-enter and send his or her information each time he orders, and also has the option to choose between several credit cards, if he wishes to store more than one card.

So in summary, the CIM system stores sensitive payment data on the secure server of the payment provider, simplifying PCI DSS compliance. The customer’s credit card information is stored entirely on the Authorize.net system. When you are ready to charge the customer, the credit card details are retrieved with a token via the CIM module.

The deep dive: Shopify credit card processing

Here’s the challenge with Shopify: It will not deploy CIM functionality when using non-Shopify third-party gateways. The card profile (card number, name, address, etc.), or more specifically, the token used to retrieve that profile, is not saved in the Shopify system.

What this boils down to is that Shopify does not support a common functionality across the most common payment gateways for security and compliance. Obviously, Shopify is trying to push sellers toward their own Shopify Payments system, but this is not a solution for everyone. The Shopify Payments system is not available in all regions, and some businesses have been deemed “high risk” and therefore ineligible, despite the plan being offered in their area. Some businesses have also complained about funds being held for longer periods of time. This may be due to issues with refunds, suspicious activity, or other pending issues with your account.

The lack of support for third-party payment gateways has two main repercussions if your store is hosted on Shopify. It affects the processing of repeat purchases (and its subsequent effect on customers). And, it affects integration with your ERP, when you want to be able to send information about a repeat purchase into your ERP. Let’s look at these one at a time.

The effect on your customer’s experience

Today’s customers expect to be able to store their payment details when making a purchase, so they can come back later and buy from the same vendor without having to re-enter their payment information. Sellers want to offer this functionality,  as it makes purchasing more convenient and encourages repeat purchases.

When a customer returns to your store, and goes to make a new purchase, the usual method is to make a call out to Authorize.net (or any other third-party payment gateway you are using) to retrieve the token that represents that customer’s information. But this token retrieval requires third-party CIM functionality, which Shopify does not support. Your customers will be forced to re-enter their details, which can be seen as an unwanted hassle and lead to shopping cart abandonment.  

Another issue arises if you want to take a two-step approach to credit card processing. When a customer makes a purchase in your Shopify store, you have the option to delay charging the card until you are ready to ship the item. But in the meantime, you will want to authorize the purchase—at the time of purchase—to make sure that there are sufficient funds available on the credit card account. Using this method, and a third-party gateway, the initial authorization validation will return an associated authorization token. Once you are ready to ship the item, you would then want to charge the card. The authorization token is used to capture (or settle) the funds.

You can use the “authorize then capture” approach in Shopify, for first-time or one-time purchases, through the Shopify Payments option or any third-party authorization gateway. Using this option, Shopify will automatically capture (or hold) the funds for you.

However, when it is time for you to ship the product, you have to manually go back in and tell Shopify to capture the card and click the “capture” button to complete the payment transaction.

While this isn’t the end of the world, it can slow down the ordering process.

The effect on your integration process

Obviously, this also affects integration between Shopify and your ERP system, as there is no way to accept a token representing the customer’s information, and then having that credit card information automatically sent to the ERP system as part of the ordering process.

Shopify will only provide the initial transaction token to authorize the card. It can’t provide a new token at the time of shipment, because Shopify doesn’t support the CIM system via third-party vendors. So, as we mentioned above, you’ll have to go in manually and tell Shopify to capture the card.

Alluvia does support an option that will help with the manual step, however. Once you get the initial authorization token from Shopify, it can be stored in Alluvia. When you are ready to deliver the order, Alluvia will send a capture command with the token to Shopify. Shopify can then call the Authorize.net (or other payment gateway) API to capture the card. This at least removes the manual step of going back into Shopify to initiate the capture.

Unfortunately, many tools that allow you to call the Authorize.net API and retrieve the data from Shopify also require CIM functionality. An example is B1 iPayment from Boyum IT Solutions. It is a popular add-on for storing and processing credit card information in SAP Business One.

These Shopify limitations are not obvious when you research the site and try to decide if Shopify is right for your business. But this information can have a serious impact on how you run your business—and your success.

It is worth noting that Shopify integration with ERP systems such as SAP Business One can be automated, opening more doorways for you to provide multiple payment options to your customers. We provide an automated integration tool, and have successfully handled the sticky issues associated with Shopify and ERP integration. We have worked with many clients selling on Shopify and other ecommerce platforms, and we are happy to share some of the obstacles we have uncovered in our work so others can benefit.

Integration Intelligence: Understanding Shopify Payment Options - Alluvia
Alluvia > Blog > Shopify Integration > Integration Intelligence: Understanding Shopify Payment Options

Integration Intelligence: Understanding Shopify Payment Options

Shopify is a leading cloud-based multi-channel ecommerce platform. There are more than 600,00 businesses using the platform, and more than 1 million active users.

If you’re one of the many businesses selling on Shopify—or if you’re considering using the Shopify ecommerce platform—it is important to have a full understanding of all the features and functionality Shopify offers, and how those different options can affect integration with an ERP system or other third-party gateways.

While most of the information you need is available directly from Shopify, there are a few issues that we have encountered in our integration work with clients that are not apparent on the Shopify site. These challenges involve Shopify credit card processing, and impact both one-time and recurring payments.

We want to share these challenges with you, so you can make an informed decision when deciding if Shopify is the right ecommerce platform for your business.

A brief overview: Online credit card processing

One of the most common Shopify payment methods is via credit cards. Of course, Shopify must be— and is—compliant with the Payment Card Industry Data Security Standard (PCI DSS).

PCI DSS standards apply to all businesses that accept, process, store, or transmit credit card information to make sure a secure environment is maintained. There are multiple levels of compliance, which are determined based on transaction volume. To identify the level that applies to your business and for more detailed information on PCI DSS requirements, consult their FAQ resource.

The main issue ecommerce vendors need to be aware of is that these PCI DSS regulations have forced most credit card payment gateways to employ “tokenization.” When a customer enters their credit card information on a website, the details of that card are not stored on the ecommerce site. Rather, they are hosted in a payment gateway system. When a customer has chosen to save their credit card details for future purchases, and then returns to make more purchases, that person’s credit card information is retrieved from the authorization gateway server via an API (application programming interface) in the form of a token—consisting of letters and numbers—which represents that person’s information.

One of the most common payment gateways is Authorize.net. This provider (along with many other third-party payment gateways) employs a Customer Information Management (CIM) service for recurring credit card processing. A CIM service allows customers to save their billing, payment, and shipping information on file for future orders in the form of a token.

Because of the token, the customer is not required to re-enter and send his or her information each time he orders, and also has the option to choose between several credit cards, if he wishes to store more than one card.

So in summary, the CIM system stores sensitive payment data on the secure server of the payment provider, simplifying PCI DSS compliance. The customer’s credit card information is stored entirely on the Authorize.net system. When you are ready to charge the customer, the credit card details are retrieved with a token via the CIM module.

The deep dive: Shopify credit card processing

Here’s the challenge with Shopify: It will not deploy CIM functionality when using non-Shopify third-party gateways. The card profile (card number, name, address, etc.), or more specifically, the token used to retrieve that profile, is not saved in the Shopify system.

What this boils down to is that Shopify does not support a common functionality across the most common payment gateways for security and compliance. Obviously, Shopify is trying to push sellers toward their own Shopify Payments system, but this is not a solution for everyone. The Shopify Payments system is not available in all regions, and some businesses have been deemed “high risk” and therefore ineligible, despite the plan being offered in their area. Some businesses have also complained about funds being held for longer periods of time. This may be due to issues with refunds, suspicious activity, or other pending issues with your account.

The lack of support for third-party payment gateways has two main repercussions if your store is hosted on Shopify. It affects the processing of repeat purchases (and its subsequent effect on customers). And, it affects integration with your ERP, when you want to be able to send information about a repeat purchase into your ERP. Let’s look at these one at a time.

The effect on your customer’s experience

Today’s customers expect to be able to store their payment details when making a purchase, so they can come back later and buy from the same vendor without having to re-enter their payment information. Sellers want to offer this functionality,  as it makes purchasing more convenient and encourages repeat purchases.

When a customer returns to your store, and goes to make a new purchase, the usual method is to make a call out to Authorize.net (or any other third-party payment gateway you are using) to retrieve the token that represents that customer’s information. But this token retrieval requires third-party CIM functionality, which Shopify does not support. Your customers will be forced to re-enter their details, which can be seen as an unwanted hassle and lead to shopping cart abandonment.  

Another issue arises if you want to take a two-step approach to credit card processing. When a customer makes a purchase in your Shopify store, you have the option to delay charging the card until you are ready to ship the item. But in the meantime, you will want to authorize the purchase—at the time of purchase—to make sure that there are sufficient funds available on the credit card account. Using this method, and a third-party gateway, the initial authorization validation will return an associated authorization token. Once you are ready to ship the item, you would then want to charge the card. The authorization token is used to capture (or settle) the funds.

You can use the “authorize then capture” approach in Shopify, for first-time or one-time purchases, through the Shopify Payments option or any third-party authorization gateway. Using this option, Shopify will automatically capture (or hold) the funds for you.

However, when it is time for you to ship the product, you have to manually go back in and tell Shopify to capture the card and click the “capture” button to complete the payment transaction.

While this isn’t the end of the world, it can slow down the ordering process.

The effect on your integration process

Obviously, this also affects integration between Shopify and your ERP system, as there is no way to accept a token representing the customer’s information, and then having that credit card information automatically sent to the ERP system as part of the ordering process.

Shopify will only provide the initial transaction token to authorize the card. It can’t provide a new token at the time of shipment, because Shopify doesn’t support the CIM system via third-party vendors. So, as we mentioned above, you’ll have to go in manually and tell Shopify to capture the card.

Alluvia does support an option that will help with the manual step, however. Once you get the initial authorization token from Shopify, it can be stored in Alluvia. When you are ready to deliver the order, Alluvia will send a capture command with the token to Shopify. Shopify can then call the Authorize.net (or other payment gateway) API to capture the card. This at least removes the manual step of going back into Shopify to initiate the capture.

Unfortunately, many tools that allow you to call the Authorize.net API and retrieve the data from Shopify also require CIM functionality. An example is B1 iPayment from Boyum IT Solutions. It is a popular add-on for storing and processing credit card information in SAP Business One.

These Shopify limitations are not obvious when you research the site and try to decide if Shopify is right for your business. But this information can have a serious impact on how you run your business—and your success.

It is worth noting that Shopify integration with ERP systems such as SAP Business One can be automated, opening more doorways for you to provide multiple payment options to your customers. We provide an automated integration tool, and have successfully handled the sticky issues associated with Shopify and ERP integration. We have worked with many clients selling on Shopify and other ecommerce platforms, and we are happy to share some of the obstacles we have uncovered in our work so others can benefit.

Intuitive data integration for a reasonable price.

Smart solutions start with simplicity. Let us show you how quickly you can connect your ERP to ecommerce and marketplace systems using a simple drag-and-drop mapping interface powered by flexible integration architecture. Alluvia is a plug-and-play solution at a cost you can control.