Commerce integrates with a wide, and growing, variety of payment providers. Most integrations are included in the default installation, while some require an additional download.
Configuring a Payment Method
Where we call the technical implementation of a payment provider a "payment gateway", a payment method is an instance of it; a specific configuration.
Payment methods are managed through the merchant dashboard, under Configuration > Payment Methods.
After you choose a payment gateway and save the payment method, you will be presented with the specific configuration options for the gateway in a new tab. This may include options such as API Keys or other security references used to connect to the payment provider. Their descriptions, and relevant documentation, should tell you where to find the right information.
For each payment method you can also set when it should be available, based on order prices and test/live mode. The transaction fee can be waived, set as a fixed price, or as a percentage of the order total.
Available Payment Gateways
The table below contains a list of gateways that are currently available for Commerce.
On/off-site summarizes the integration. When an integration is "on-site", the customer doesn't leave the site but they enter their payment information in the checkout. When listed as "Off-site", customers are redirected to either a hosted payment page (where they can select a payment option and fill in their payment details), or for "direct" integrations they are sent directly to the payment source (e.g. iDeal/Sofort integrations redirect directly to the bank login screen).
SCA Ready indicates if the payment gateway has been updated in accordance with Strong Customer Authentication (SCA) regulation introduced in the Revised Payment Services Directive (aka PSD2). These requirements will go into effect for European customers on September 14, 2019.
Unless otherwise noted, the gateways below are included in the standard Commerce package and covered by standard support.
|Gateway||Payment options||On/off-site||SCA Ready?|
|Adyen (Gateway Pack 1)||Lots of global, regional, and local payments||Off-site (hosted payment page)||✓|
|Manual||None; marks all transactions as successful.||On-site (server-side)||Not applicable|
|Mollie||Many, including iDeal, Sofort, Bancontact, Credit Card, and others.||Off-site (direct or hosted payment page)||✓ (note 3)|
|MultiSafePay||Many, including iDeal, Sofort, Bancontact, credit card (hosted form), and others.||Off-site (direct or hosted payment page)||✓ (note 3)|
|PayPal||PayPal account, credit cards||Off-site (direct)||✓ (note 3)|
|SagePay||Credit Cards||Off-site (hosted payment page)||✓ (note 3)|
- Authorize.net has not yet published information on their path towards complying with SCA. One third party source suggests they do not intend to support the PSD2 regulation.
- For Commerce v1.1 we're updating the Braintree integration from the v2 Drop-in UI to the v3 Drop-in UI, and we're expecting that will satisfy SCA requirements along the way. We'll confirm that as that integration is complete.
- Gateways with note 3 indicate hosted payment pages. In those cases, the payment provider is responsible for the SCA interaction. While we have not in all cases verified current compliance for hosted payment options, we expect them all to be compliant before the September deadline.
- Paymill has confirmed in private communication that their existing integration will comply with PSD2/SCA, "with no or only minor changes in the integration". At this time we interpret that to mean our current integration is ready to go when Paymill finishes their systems. If changes end up being necessary, we'll update it in this list.
What about PCI compliance?
It may still be needed to fill out (yearly) PCI-related paperwork, usually in the form of a Self Assessment Questionnaire (SAQ) like
SAQ A or
SAQ A-EP. This is merchant-specific and typically part of the merchant acceptance process when signing up with a payment provider.
Is Commerce ready for PSD2 and Strong Customer Authentication?
We're actively working on upgrading payment gateways that need to be updated. Please see the SCA Ready column in the table above, and relevant notes, for details.
Before the September 14, 2019 deadline we expect all gateways to be ready to go.
Need another payment provider?
With hundreds (if not thousands) of payment providers available, it is likely you'll eventually need an integration we don't have available just yet. You can request and vote for payment gateways on our feature tracker.
To sponsor development of a payment integration, please contact [email protected] with details of the payment provider, and we'd be more than happy to provide you with a cost and time estimate.
Integrating Payment Gateways
To build an integration yourself, take a look at our developer documentation on Payment Gateways.