BrokenRubik
How payment processing works in NetSuite
Payment processing in NetSuite has a specific architecture for how payments flow through the platform, and understanding it saves you from making expensive integration mistakes.
At the highest level, NetSuite processes payments through payment plugins — server-side SuiteScript implementations that sit between NetSuite transactions and external payment processors. When a customer pays an invoice, places an order through SuiteCommerce, or when your AR team processes a credit card payment manually, that payment request routes through a payment plugin to the gateway, then the response comes back and NetSuite updates the transaction accordingly.
The payment flow looks like this: a sales order or customer payment record triggers the plugin, the plugin formats the request for the specific gateway's API, the gateway processes the charge (or authorization, or refund), and the plugin maps the response back to NetSuite fields — approval codes, transaction IDs, AVS results, CVV verification. The transaction record in NetSuite then reflects whether the payment was authorized, captured, declined, or pending.
This matters because the quality of your payment plugin determines how much manual cleanup your team does. A well-built plugin handles partial captures, voids, refunds, and error states cleanly. A poorly built one creates orphaned authorizations, mismatched amounts, and reconciliation nightmares.
SuitePayments: NetSuite's payment plugin framework
SuitePayments is the framework that replaced NetSuite's legacy SiteBuilder payment processing. If you're running a modern NetSuite environment (2020+), this is the architecture you should be using.
The old approach tied payment gateways directly to SiteBuilder web stores with hard-coded integrations for a limited set of processors. SuitePayments replaced that with a plugin-based architecture where any payment processor can integrate with NetSuite through a standardized SuiteScript interface. The plugin implements a set of defined functions — authorize, capture, void, refund — and NetSuite calls those functions at the appropriate points in the transaction lifecycle.
Why this matters for you: SuitePayments plugins work across all NetSuite entry points. Whether a payment comes from SuiteCommerce, a manual entry in the NetSuite UI, a SuiteScript-driven process, or a RESTlet called by an external system, the same plugin handles it. One gateway configuration, one set of business rules, consistent behavior everywhere.
Oracle maintains a set of SuiteApp payment plugins in the SuiteApp marketplace for major processors. These are pre-built, Oracle-supported plugins that you install and configure. Third-party developers also build SuitePayments plugins, and you can build custom ones in SuiteScript 2.x if your processor doesn't have one available.
The key configuration lives under Setup > Accounting > Payment Processing. You'll define payment processing profiles that link a plugin to specific credentials, currencies, and subsidiaries. A multi-subsidiary company might have Stripe for US operations and Adyen for European subsidiaries, each with their own profile.
Stripe + NetSuite: the modern default
If you're starting fresh and don't have legacy constraints, Stripe is probably where you should start. It's the most developer-friendly payment processor on the market, and its NetSuite integration has matured significantly.
How it connects. Stripe offers a SuitePayments plugin available through the SuiteApp marketplace. The plugin handles credit card authorization, capture, void, and refund operations. Stripe's tokenization means card numbers never touch NetSuite — the plugin works with Stripe tokens, which simplifies your PCI compliance scope dramatically.
What syncs. Payment authorizations and captures flow from NetSuite to Stripe. Transaction confirmations, decline reasons, and settlement data flow back. If you're using Stripe beyond just payment processing (Stripe Billing for subscriptions, Stripe Connect for marketplace payouts), you'll need additional integration work — the SuitePayments plugin handles payment processing, not Stripe's full product suite.
Pricing. Standard Stripe pricing is 2.9% + $0.30 per transaction for online card payments. Volume discounts are available for companies processing over $100K/month — typically negotiable down to 2.5% + $0.25 or lower. International cards add a 1% cross-border fee. ACH transfers through Stripe cost 0.8% capped at $5.
Where Stripe shines with NetSuite:
- SaaS companies using Stripe Billing for subscriptions with NetSuite as the ERP. The payment processing flows natively through SuitePayments while subscription management happens in Stripe.
- Modern ecommerce where you want Stripe's checkout experience (Apple Pay, Google Pay, Link, BNPL options) feeding into NetSuite order processing.
- Developer-heavy teams that want clean APIs and extensive documentation when building custom payment flows.
Where it doesn't. Stripe's in-person (POS) support exists but isn't its strength compared to processors with deeper retail roots. And if you need payment processing in regions where Stripe doesn't operate, you'll need a second processor.
PayPal + NetSuite: checkout conversion booster
PayPal isn't just a payment method — for many ecommerce businesses, it's a conversion tool. Customers who see PayPal at checkout convert at higher rates because they don't need to enter card details. That behavioral reality makes PayPal worth considering regardless of your primary processor.
PayPal Commerce Platform is the current integration path for NetSuite. It replaces the older PayPal Express Checkout and PayPal Payments Pro integrations. The Commerce Platform consolidates PayPal's payment products — PayPal Wallet, Pay Later (BNPL), Venmo (US), card processing, and local payment methods — into a single integration.
SuiteCommerce integration. PayPal works as a payment option within SuiteCommerce checkout. The customer selects PayPal, gets redirected to PayPal's hosted payment page (or uses the in-context mini-browser), completes payment, and returns to your SuiteCommerce site. The SuitePayments plugin captures the authorization and maps it to the NetSuite sales order.
Pricing. PayPal's standard rate is 3.49% + $0.49 for standard card processing, though PayPal Wallet transactions (where the customer pays from their PayPal balance or linked bank account) are lower at 2.99% + $0.49. These rates are higher than Stripe's, which is why most businesses use PayPal as a secondary payment option rather than their sole processor.
The real value of PayPal in a NetSuite setup is offering customers choice. Run Stripe as your primary card processor (lower fees) and PayPal as an alternative for customers who prefer it. The conversion lift from offering PayPal typically outweighs the higher per-transaction cost.
CyberSource (Visa) + NetSuite: enterprise-grade processing
If chargebacks are a line item on your P&L, CyberSource is worth evaluating before anything else. Its Decision Manager — a real-time fraud detection engine — scores transactions based on hundreds of data points and can auto-accept, auto-reject, or flag transactions for manual review. Custom fraud rules, device fingerprinting, velocity checks, address verification, and integration with Visa's global fraud intelligence network give you control that Stripe Radar and PayPal Seller Protection can't match.
The NetSuite integration runs through a SuitePayments plugin handling the standard authorize/capture/void/refund operations, with Decision Manager layered on top.
Pricing is not published publicly. CyberSource uses custom enterprise pricing based on volume, transaction types, and which features you enable. Expect a per-transaction fee (typically $0.20-0.35) plus a percentage (typically 2.2-2.8%) plus monthly platform fees. More expensive than Stripe for simple card processing, but competitive once you factor in fraud management that you'd otherwise buy separately.
CyberSource makes the most sense for companies processing $5M+ annually in card payments, businesses with significant fraud exposure, or organizations that need Visa's direct processing relationship for compliance or contractual reasons.
Adyen + NetSuite: global payments and unified commerce
If your NetSuite instance runs multi-subsidiary with operations across countries, Adyen solves a problem that most other processors only approximate: local acquiring. Adyen supports 150+ currencies and local payment methods -- iDEAL in the Netherlands, Boleto in Brazil, Alipay in China, UPI in India -- and can process payments locally in each market through a single integration. No separate processors per region.
Most payment processors are aggregators sitting between you and various acquiring banks. Adyen is a direct acquirer in most major markets, which means faster settlements, lower cross-border fees, and higher authorization rates compared to routing everything through a US-based processor.
NetSuite integration. Adyen offers a SuitePayments plugin supporting both online (card-not-present) and in-person (card-present) payment processing. If you need unified commerce where online sales and in-store POS transactions all flow into NetSuite through the same processor, Adyen is one of the few options that handles both natively.
Pricing. Adyen charges a processing fee (typically EUR 0.10-0.12 per transaction) plus the interchange fee (passed through at cost) plus the scheme fee. This interchange-plus model is transparent and generally cheaper at volume than Stripe's blended pricing. Minimum monthly processing fees apply (EUR 120/month or equivalent).
Adyen fits best for international businesses with multi-currency needs, companies wanting unified online and in-person payment processing, or organizations that need local payment methods in non-US markets.
Authorize.net + NetSuite: the legacy workhorse
At 2.9% + $0.30 per transaction (plus a $25 monthly gateway fee on the standard plan), Authorize.net isn't the cheapest option. It isn't the most feature-rich either. But it has been processing payments since 1996, and it remains one of the most widely deployed gateways in the NetSuite ecosystem for a simple reason: switching payment processors is a project that nobody volunteers for.
The NetSuite integration is mature and well-documented. Authorize.net was one of the original gateways supported in NetSuite's legacy payment processing, and the transition to a SuitePayments plugin has been relatively smooth. Standard card processing, ACH/eCheck, recurring billing through ARB (Automated Recurring Billing), and Customer Information Manager (CIM) for stored payment profiles all work with NetSuite.
The main limitation is that Authorize.net is showing its age. No Apple Pay, no Google Pay, no BNPL, limited global payment methods, and basic fraud tools compared to Stripe Radar or CyberSource Decision Manager. If you need modern checkout experiences or sell internationally, Stripe or Adyen offer significantly more.
If Authorize.net is already handling your payment processing without issues, though, migrating for the sake of migrating isn't worth the disruption. The integration works, your team knows it, and tokenized cards don't transfer between processors -- meaning migration has a real cost in re-collecting customer payment methods.
SuiteCommerce payment considerations
If you're running SuiteCommerce (or SuiteCommerce Advanced), your payment gateway choice has implications beyond basic processing. The checkout experience, security, and customer trust are all affected.
Tokenization is non-negotiable for SuiteCommerce. Your payment gateway must support tokenization so that credit card numbers are never stored in NetSuite or transmitted through your SuiteCommerce front-end. All major gateways covered in this guide support tokenization. The token gets stored on the customer record in NetSuite, allowing repeat purchases without re-entering card details.
PCI compliance scope. SuiteCommerce uses hosted payment fields (iframes from the payment processor) embedded in the checkout page. This keeps card data out of your SuiteCommerce code and reduces your PCI scope to SAQ A-EP (for ecommerce merchants using hosted payment pages) rather than the much more burdensome SAQ D. Your gateway choice affects exactly how those hosted fields render and behave in the checkout flow.
Checkout flow optimization. Different gateways offer different checkout experiences within SuiteCommerce:
- Stripe supports Payment Element with Apple Pay, Google Pay, and Link for one-click checkout
- PayPal offers the in-context PayPal button that keeps customers on your site
- Adyen provides Drop-in components with local payment methods based on the customer's location
- CyberSource supports Secure Acceptance for PCI-compliant hosted checkout
Testing is critical. Before going live with any gateway on SuiteCommerce, test every path: successful payments, declined cards, partial refunds, voided orders, saved payment methods, and guest checkout vs. logged-in checkout. We've seen gateway integrations that work perfectly for standard orders but break on edge cases like split shipments with partial captures.
B2B payment options in NetSuite
B2B payments are a different world from consumer ecommerce. Your customers expect payment terms, purchase orders, and payment methods that consumer gateways don't handle well.
Payment terms and invoicing. NetSuite's native AR functionality handles Net 30, Net 60, 2/10 Net 30, and custom payment terms without any payment gateway involved. The customer places an order, you ship it, NetSuite generates an invoice, and the customer pays by check, wire, or ACH within the agreed terms. This is still how the majority of B2B transactions work.
ACH/eCheck processing. For B2B customers who want to pay electronically but don't want to use credit cards (because of processing fees on large orders), ACH transfers are the standard. Stripe, Authorize.net, and most major processors support ACH through NetSuite. The fees are dramatically lower — typically 0.8% capped at $5-10 per transaction vs. 2.9% for credit cards. On a $50,000 order, that's $5 vs. $1,450. The difference is enormous.
Credit card on file. Some B2B customers prefer to keep a card on file for recurring orders or automatic payment on invoice due dates. NetSuite supports stored payment tokens (through your gateway's tokenization) linked to customer records. You can set up automated payment runs that charge stored cards when invoices are due — useful for smaller B2B accounts or recurring service fees.
Wire transfers remain common for large B2B transactions, especially international ones. These don't flow through a payment gateway — they're bank-to-bank transfers that your AR team matches to open invoices in NetSuite. NetSuite's bank feed integration and payment matching features help automate this reconciliation, but it's still more manual than card or ACH processing.
B2B ecommerce checkout. If you're running a B2B SuiteCommerce site, you likely need a checkout that supports both "pay now" (card/ACH) and "pay on terms" (generate an invoice against the customer's credit). SuiteCommerce supports this through customer-specific pricing, payment term assignment, and credit limit checks — but configuring it properly requires understanding both the commerce side and the AR side.
How to choose the right payment gateway
The right gateway depends on how you sell, what you sell, and where your customers are.
Transaction volume and average order value. High volume with low AOV (consumer ecommerce) favors Stripe's simplicity and competitive blended pricing. High AOV with lower volume (B2B) favors ACH processing or interchange-plus pricing from Adyen or CyberSource where the per-transaction savings on large amounts add up fast.
International needs. If you sell globally, Adyen's local acquiring and payment method coverage is hard to beat. Stripe covers most major markets but routes through US acquiring for some regions, which can lower authorization rates. CyberSource and PayPal also have global reach but with different strengths per region.
Subscription billing. If recurring billing is core to your business, evaluate whether you want the gateway handling subscriptions (Stripe Billing) or NetSuite handling them (SuiteBilling). Stripe Billing is better for high-volume, self-service subscriptions. SuiteBilling is better when you need billing-to-revenue-recognition automation inside NetSuite.
Fraud risk. If chargebacks are eating into your margins, CyberSource's Decision Manager or Stripe Radar (with custom rules on the paid tier) provide the fraud management tools you need. For most businesses with standard fraud exposure, Stripe Radar's default ML-based detection is sufficient.
Existing infrastructure. Don't underestimate the cost of switching. If Authorize.net is working fine and your team knows it, the ROI of migrating to Stripe needs to be concrete — not theoretical. Migration involves new plugin setup, testing, customer payment method migration (tokenized cards don't transfer between processors), and retraining your team.
PCI DSS compliance: what NetSuite handles and what you own
PCI compliance confuses a lot of NetSuite customers. Here's the breakdown.
What NetSuite handles. NetSuite is PCI DSS Level 1 certified as a service provider. The platform infrastructure, data centers, and application security meet PCI requirements. If you're processing payments through SuitePayments with tokenization, card data is handled by the payment processor — not stored in NetSuite.
What you're responsible for. Even with NetSuite and tokenization, your organization has PCI obligations:
- SAQ completion. You need to complete the appropriate Self-Assessment Questionnaire annually. For SuiteCommerce merchants using hosted payment fields, this is typically SAQ A-EP. For businesses processing payments only through the NetSuite UI (no ecommerce), it may be SAQ C-VT.
- Access controls. Who in your organization can access payment-related records? Who can process refunds? Who can view stored payment tokens? Your NetSuite role permissions need to enforce least-privilege access.
- Network security. Your office network, employee devices, and any systems that connect to NetSuite need to meet basic security standards — firewalls, patching, anti-malware.
- Third-party management. You're responsible for verifying that your payment processor and any other third parties handling card data maintain their PCI compliance.
The practical reality: For most mid-market companies using NetSuite with SuitePayments and tokenization, PCI compliance is manageable. You're not storing card numbers, you're not transmitting raw card data, and your PCI scope is limited. But you still need to document your compliance annually and maintain security controls. Don't ignore it — a data breach has consequences regardless of your company size.
Frequently asked questions
Frequently Asked Questions
Choosing a gateway is just the start
Picking the right payment gateway matters, but the implementation is where things get real. Plugin configuration, SuiteCommerce checkout integration, testing, PCI compliance, and ongoing maintenance all determine whether your payment processing is a strength or a source of support tickets.
BrokenRubik
NetSuite Development Agency
Expert team specializing in NetSuite ERP, SuiteCommerce development, and enterprise integrations. Oracle NetSuite partner with 10+ years of experience delivering scalable solutions for mid-market and enterprise clients worldwide.
Get More Insights Like This
Join our newsletter for weekly tips, tutorials, and exclusive content delivered to your inbox.
Related Articles
NetSuite Ecommerce: Platform Options & Integration
Complete guide to NetSuite ecommerce. Compare SuiteCommerce vs external platforms, integration options, connectors, pricing, and how to choose the right approach for your business.
Shopify NetSuite Integration Guide: Sync & Scale
Complete guide to Shopify NetSuite integration. Compare Celigo, Boomi & FarApp connectors, avoid common pitfalls, and build a scalable integration between Shopify and NetSuite.
Best NetSuite Apps & SuiteApps: Top Applications for 2026
Discover the best NetSuite apps from the SuiteApp marketplace. Curated list of top SuiteApps and SuiteCloud platform extensions that extend NetSuite for SDN partners and businesses.