Yes, Salesforce can process payments — but it does not function as a standalone payment processor like Stripe or PayPal. Instead, Salesforce provides native tools and third-party integrations that connect your CRM to payment gateways, enabling you to accept credit cards, debit cards, ACH transfers, and digital wallets without leaving the platform. The key distinction is that Salesforce acts as the orchestration layer while a payment gateway or processor handles the actual movement of money.
This matters because every business that processes electronic payments must comply with the Payment Card Industry Data Security Standard (PCI DSS 4.0), which became mandatory as of April 1, 2025. Failing to meet PCI DSS requirements can result in fines ranging from $5,000 to $100,000 per month and potential loss of the ability to accept card payments altogether. Businesses using Salesforce for payments must also comply with the Electronic Fund Transfer Act (EFTA) and Regulation E when processing ACH or other electronic fund transfers.
According to Salesforce’s own reporting, Commerce Cloud now natively connects B2C, DTC, and B2B commerce with order management, payments, sales, service, and marketing on a single platform.
Here is what you will learn in this article:
- 💳 How Salesforce Payments works as a native solution and which payment methods it supports, including credit cards, ACH, PayPal, Apple Pay, and Google Pay
- ⚙️ How Salesforce Billing and Revenue Cloud handle subscription invoicing, usage-based billing, and automated payment collection
- 🔒 The specific PCI DSS 4.0 requirements your business must meet to stay compliant when processing payments through Salesforce
- 🔌 How third-party AppExchange apps like Chargent and Blackthorn expand payment capabilities across 30+ and 120+ gateways
- 📊 How Salesforce’s payment tools compare to HubSpot Payments, Zoho, and other CRM alternatives for processing transactions
What Salesforce Payment Processing Means
Salesforce payment processing refers to the ability to accept, manage, and reconcile payments inside the Salesforce ecosystem. This does not mean Salesforce itself moves money between bank accounts. A payment gateway — such as Stripe or Adyen — handles the secure transmission of payment data between the customer, the merchant’s bank, and the card network.
When you process a payment “in Salesforce,” the platform sends payment instructions to a connected gateway, which then communicates with the card networks (Visa, Mastercard, etc.) or ACH networks to complete the transaction. The transaction record, customer data, and payment status all sync back into Salesforce automatically. This keeps your CRM as the single source of truth for every customer interaction, including financial ones.
There are three primary ways to process payments through Salesforce:
- Salesforce Payments — the native, built-in solution powered by Stripe (and now Adyen)
- Salesforce Billing / Revenue Cloud — designed for invoicing, subscription billing, and payment collection on complex B2B deals
- Third-party AppExchange apps — tools like Chargent, Blackthorn, and Asperato that plug directly into Salesforce and connect to dozens of payment gateways
Each approach serves a different use case. A B2C retailer running Commerce Cloud needs a different payment setup than a SaaS company billing enterprise clients on annual subscriptions. Understanding which path fits your business prevents costly rework and compliance gaps later.
Salesforce Payments: The Native Solution
Salesforce Payments is the platform’s built-in payment processing tool, originally powered by Stripe. It supports credit cards, debit cards, ACH transfers (for U.S. payments), and digital wallets including PayPal, Apple Pay, and Google Pay. In 2025, Salesforce expanded its partnership to include Adyen as a native gateway option alongside Stripe, giving merchants the ability to bring their own gateway through a “Bring Your Own Gateway” (BYOG) model.
Salesforce Payments is included out-of-the-box with Starter Suite, Pro Suite, and Salesforce Foundations. This means smaller businesses can begin accepting payments without purchasing additional licenses or third-party apps.
How It Works in Practice
A sales rep can generate a secure payment link attached to any Salesforce object — an opportunity, a case, a custom object — and send it to a customer. The customer clicks the link, enters their payment information on a hosted payment page, and the transaction processes through the connected gateway. The payment record automatically attaches to the correct account in Salesforce.
For service teams, Salesforce Payments embeds a payment component directly into Sales Cloud or Service Cloud, allowing agents to take payments over the phone or by mail. This eliminates the need to switch between systems and reduces errors that come from manual data entry.
Key Capabilities
- One-click checkout on Commerce Cloud storefronts for returning customers
- Express checkout through PayPal, Apple Pay, Google Pay, Amazon Pay, and Link by Stripe
- Payment links embedded in Salesforce Flows for automated collections
- Field service payments where technicians can collect payment on-site through the Salesforce mobile app
- Offline payment processing via call centers using embedded payment components
The limitation of Salesforce Payments is that it ties you to Stripe or Adyen as your processor. If your business already has a relationship with a different gateway — say, Authorize.net or Worldpay — you cannot use Salesforce Payments natively and will need a third-party AppExchange solution instead.
Salesforce Billing and Revenue Cloud
Salesforce Billing, now part of Revenue Cloud, handles the financial lifecycle of a deal after the contract is signed. While Salesforce Payments focuses on collecting a single transaction, Revenue Cloud manages the ongoing complexity of subscriptions, usage-based pricing, invoicing, and payment collection across the entire customer relationship.
The Five-Stage Billing Lifecycle
Revenue Cloud follows a structured billing process from quote to cash:
- Quote to Order — After a quote is approved, Revenue Cloud converts it into an order. Product details, pricing, quantities, and terms carry forward automatically.
- Billing Schedules — The system defines when and how often to bill. Options include monthly, quarterly, semi-annually, annually, by milestones, or based on usage. Billing can happen in advance or in arrears.
- Invoice Generation — Invoices generate on schedule or on-demand, applying pricing logic, tax rules, credits, and adjustments. Invoices export as PDFs and can be emailed to customers.
- Payment Collection — Revenue Cloud supports payment through credit cards and bank accounts. Payment schedules provide a clear view of due, paid, and outstanding amounts.
- Subledger Recording — As invoices are issued and payments are collected, the system automatically creates journal entries to reflect revenue, taxes, credits, and liabilities.
When Revenue Cloud Makes Sense
Revenue Cloud is designed for B2B companies with complex billing models. Think of a SaaS company that charges $50,000 per year for a platform license, bills quarterly in advance, and adds usage-based overage charges each month. Revenue Cloud handles all of that — the prorations, amendments, cancellations, early renewals, and mid-term changes — without manual spreadsheet work.
It also manages credit memos, partial payments, and refunds automatically. If a customer overpays or cancels mid-cycle, the system calculates the correct credit and applies it to future invoices without human intervention.
Integration With Payment Gateways
Revenue Cloud does not process payments by itself. It calculates how much is owed and generates the invoice, but it relies on a connected payment gateway or a tool like Chargent to actually collect the money. As one comparison between the two explains: use Salesforce Billing to figure out how much needs to get paid, then use a payment processing tool to get paid by your customer.
Third-Party AppExchange Payment Apps
For businesses that need more flexibility than Salesforce Payments or Revenue Cloud provides, the Salesforce AppExchange offers dedicated payment processing applications. The three most established options are Chargent, Blackthorn Payments, and Asperato.
Chargent
Chargent is one of the oldest and most reviewed payment apps on the AppExchange, with over 250 customer reviews. It connects to more than 30 payment gateways and supports merchants and customers in 190 countries.
Chargent’s core strength is flexibility. It works anywhere inside Salesforce — on opportunity records, custom objects, Experience Cloud sites, and even Commerce Cloud. Key features include:
- Call center payments (agents take cards over the phone)
- Recurring and installment payments
- Payment links sent to customers via email or SMS
- ACH account validation
- Multi-gateway tokenization (store a single customer’s payment method across multiple gateways)
- Smart payment routing (direct specific transactions to specific gateways based on rules)
Chargent pricing starts at $8,000 per year (Startup plan) and scales to $16,000 per year (Growth plan), with enterprise pricing based on transaction volume. Nonprofit discounts are available.
Blackthorn Payments
Blackthorn Payments connects to over 120 payment gateways, making it the broadest gateway option on the AppExchange. It runs natively inside Salesforce and supports local currencies, digital wallets, and customizable invoicing.
Where Blackthorn stands out is field service payments. It integrates with Salesforce Field Service using Bluetooth card readers, allowing technicians to accept payments on-site through the Salesforce mobile app. This is a game-changer for industries like HVAC, plumbing, and home services where payment collection happens at the point of service.
Blackthorn also offers instant reconciliation — transactions reconcile automatically against invoices, reducing errors and improving cash flow visibility. Its pricing is available on request and varies based on feature set and volume.
Asperato
Asperato focuses on automated payment collection. It connects to multiple providers including Stripe, PayPal, and GoCardless, and supports credit cards, direct debits, ACH, SEPA (Europe), and BACS (UK). It automatically retries failed transactions without manual intervention, which helps businesses avoid revenue loss from payment failures.
| Feature | Chargent | Blackthorn | Asperato |
|---|---|---|---|
| Gateway Connections | 30+ | 120+ | Multiple (Stripe, GoCardless, PayPal) |
| Field Service Payments | No | Yes (Bluetooth readers) | No |
| Recurring Payments | Yes | Yes | Yes (with auto-retry) |
| ACH Support | Yes | Yes | Yes |
| Experience Cloud | Yes | Yes | Yes |
| Multi-Currency | Yes | Yes | Yes |
PCI DSS Compliance and Security
Every business that accepts, processes, stores, or transmits credit card information must comply with the Payment Card Industry Data Security Standard (PCI DSS). As of April 1, 2025, the updated PCI DSS 4.0 requirements are mandatory for all merchants and third-party service providers. This is not optional — it is the cost of doing business when accepting card payments.
What PCI DSS 4.0 Requires
PCI DSS outlines 12 core requirements organized around six control objectives. The most relevant requirements for Salesforce payment processing include:
- Install and maintain firewalls to protect cardholder data environments
- Encrypt transmission of cardholder data across open, public networks
- Restrict access to cardholder data on a need-to-know basis
- Track and monitor all access to network resources and cardholder data
- Payment page scripts — organizations must implement controls for all scripts executed in consumers’ browsers on payment pages to prevent unauthorized modifications and data breaches
- Annual scope definition — organizations must document the scope of their PCI DSS assessment every year
How Salesforce Handles PCI Compliance
The good news is that Salesforce’s payment architecture is designed to minimize your PCI burden. When you use Salesforce Payments (powered by Stripe), sensitive card data never touches your Salesforce org. Instead, Stripe uses tokenization — the customer enters their card details into a hosted payment field that originates directly from Stripe’s PCI DSS-validated servers. Salesforce stores only the token, not the actual card number.
This approach means most businesses using Salesforce Payments can qualify for SAQ A — the simplest Self-Assessment Questionnaire — which requires meeting fewer than 30 compliance requirements instead of the full 300+. However, if your website delivers any element of the payment form itself (such as an embedded iframe), you may need to use SAQ A-EP, which includes additional requirements for securing your website.
Security Best Practices in Salesforce
Beyond PCI DSS, protecting payment data inside Salesforce requires additional steps:
- Use Salesforce Shield Encryption for sensitive information stored in custom fields
- Implement field-level security to restrict which users can view payment-related data
- Store only Stripe tokens, not card details, in Salesforce custom metadata types
- Use OAuth 2.0 for authentication between Salesforce and payment gateways
- Apply AES-256 encryption to all payment information transmitted between systems
- Set up audit logs to track and monitor every financial transaction
EFTA and Federal Regulatory Requirements
When your Salesforce payment setup processes ACH transfers or other electronic fund transfers, the Electronic Fund Transfer Act (EFTA) and Regulation E apply. This federal law governs transfers initiated through electronic terminals, telephones, computers, or magnetic tape that instruct a financial institution to debit or credit a consumer’s account.
What EFTA Covers
EFTA and Regulation E apply to a broad range of transactions relevant to Salesforce payment processing:
- ACH transfers (the most common payment method for B2B invoicing in Salesforce)
- Point-of-sale terminal transactions
- Debit card transactions
- Person-to-person (P2P) payments
- Recurring and preauthorized transfers
The critical compliance requirement is error resolution. Financial institutions — and in some cases, non-bank payment providers — must investigate error allegations within specified time limits, report results within three business days after completing the investigation, and correct errors within one business day after determining an error occurred.
ACH Authorization Requirements
If your Salesforce system collects ACH payments (which Salesforce Payments, Chargent, Blackthorn, and Asperato all support), you must follow specific authorization requirements under the EFTA:
- Obtain written or electronic consent before debiting the customer’s account
- Clearly state the amount, date, and frequency of each payment
- Provide clear cancellation information
- Provide evidence of the consumer’s identity and consent
- Keep authorization records on file for a minimum of 2 years after all payments are completed
- Send a receipt (by mail, email, or fax) for each transaction processed
Failing to meet these requirements exposes your business to CFPB enforcement actions, consumer lawsuits, and potential NACHA (the ACH network operator) penalties. Salesforce does not automate EFTA compliance for you — your team must build these safeguards into your payment workflows using Salesforce Flows, approval processes, and record-keeping configurations.
Real-World Scenarios
Scenario 1: B2C E-Commerce Retailer Using Commerce Cloud
Sarah runs an online home goods store on Salesforce Commerce Cloud. She enables Salesforce Payments with Stripe as her gateway and activates Apple Pay, Google Pay, and PayPal for express checkout.
| Setup Decision | Result |
|---|---|
| Enables one-click checkout for returning customers | Conversion rate increases as returning shoppers skip re-entering card details |
| Activates Apple Pay and Google Pay | Mobile checkout time drops, reducing cart abandonment on mobile devices |
| Uses Stripe’s hosted payment fields (tokenization) | Qualifies for SAQ A, the simplest PCI compliance pathway |
| Connects payment data to Marketing Cloud | Sends personalized post-purchase emails based on purchase history |
Sarah’s PCI compliance burden stays low because Stripe handles all sensitive card data. Her customers never enter card information on a page her website controls.
Scenario 2: B2B SaaS Company Using Revenue Cloud
Marcus sells enterprise software on annual subscriptions with quarterly billing. His deals include a platform license, per-seat charges, and usage-based API overage fees.
| Setup Decision | Result |
|---|---|
| Uses Revenue Cloud for billing schedules | Automates quarterly invoicing with prorated amounts for mid-term changes |
| Connects Chargent for payment collection | Customers pay invoices via credit card or ACH directly from a payment link |
| Enables automated retry on failed payments | Recovers revenue that would otherwise require manual follow-up |
| Sets up credit memo automation | Mid-cycle cancellations generate automatic credits applied to final invoices |
Marcus uses Revenue Cloud to determine what is owed and Chargent to collect how payment is received. This separation keeps his billing logic clean and his payment processing flexible.
Scenario 3: Field Service Company Using Blackthorn
Elena operates a plumbing and HVAC company. Her technicians complete jobs on-site and need to collect payment before leaving.
| Setup Decision | Result |
|---|---|
| Deploys Blackthorn Payments with Bluetooth card readers | Technicians accept credit card payments at the customer’s home |
| Integrates with Salesforce Field Service | Payment records attach to the correct work order automatically |
| Enables instant reconciliation | Back-office team sees real-time payment status without calling the technician |
| Supports digital wallets (Apple Pay, Google Pay) | Customers who forgot their wallet can still pay via phone |
Elena’s technicians never handle raw card numbers. The Bluetooth reader and Blackthorn’s tokenization ensure PCI compliance in the field.
Mistakes to Avoid
Storing raw credit card numbers in Salesforce fields. Salesforce is not PCI-certified for raw card storage. Entering card numbers into standard text fields violates PCI DSS and exposes your business to fines, data breach liability, and potential loss of the ability to accept cards. Always use tokenization through your gateway.
Assuming Salesforce Payments works with any gateway. Salesforce Payments only connects to Stripe and Adyen natively. If your business uses Authorize.net, Braintree, Worldpay, or another processor, you need a third-party AppExchange solution like Chargent or Blackthorn to bridge the gap.
Ignoring ACH authorization record-keeping. EFTA requires you to keep ACH authorization records for at least two years after all payments have been completed. Many businesses delete records after the transaction clears. This creates legal exposure if a customer disputes an ACH debit months or years later.
Using Salesforce Billing without a payment collection tool. Revenue Cloud generates invoices and calculates amounts owed, but it does not charge your customer’s card or debit their bank account. You must pair it with Salesforce Payments, Chargent, or another collection tool to actually receive the money.
Skipping PCI scope documentation. PCI DSS 4.0 requires organizations to define and document the scope of their PCI assessment annually. Many Salesforce admins assume compliance is “handled” by Stripe or their gateway. While the gateway reduces your scope, you must still document what is in and out of scope for your specific configuration.
Failing to set field-level security on payment objects. Every Salesforce user with access to the payment object can see transaction details by default. Without field-level security restrictions, sales reps, marketing users, and other non-financial staff may have visibility into sensitive payment data they should not access.
Do’s and Don’ts
Do’s
- Do use tokenization for every transaction. Tokens replace sensitive card data with a non-sensitive equivalent, keeping your Salesforce org out of PCI scope for raw card storage.
- Do automate failed payment retries. Tools like Asperato and Chargent can automatically retry failed transactions, recovering revenue that manual processes miss.
- Do connect payment data to your CRM records. The entire point of processing payments in Salesforce is maintaining a single view of the customer — link every transaction to the correct account, contact, and opportunity.
- Do test in Salesforce Sandbox first. Process test transactions in sandbox before going live. Switching directly to production without testing risks payment failures, incorrect amounts, and customer-facing errors.
- Do send receipts for every ACH transaction. EFTA requires a receipt for each processed transaction — configure Salesforce Flow to send automated email receipts upon successful payment.
Don’ts
- Don’t store API secret keys in standard Salesforce fields. Keep your payment gateway’s secret keys in Salesforce Custom Metadata Types with restricted access, not in custom text fields visible to admins.
- Don’t rely on private network rules over federal law. The CFPB has clarified that private network rules providing less consumer protection than EFTA cannot be relied upon by financial institutions.
- Don’t assume one payment tool covers every use case. B2C checkout, B2B subscription invoicing, and field service collection each have different requirements — evaluate your needs before selecting a single tool.
- Don’t skip Salesforce Shield Encryption. If your org stores any payment-adjacent data (billing addresses, last-four digits, transaction amounts), encrypt it using Shield to prevent unauthorized access.
- Don’t process payments without documented consumer consent. Every electronic payment — card or ACH — requires clear, documented authorization. Without it, you face chargeback liability and EFTA violations.
Pros and Cons of Processing Payments in Salesforce
Pros
- Unified customer view. Payment data lives alongside sales, service, and marketing data in a single platform, eliminating data silos and reducing manual reconciliation.
- Automation reduces manual work. Salesforce Flows can trigger payment collection, send receipts, retry failed transactions, and update records without human intervention.
- Flexible payment methods. Between Salesforce Payments, Chargent, and Blackthorn, you can accept credit cards, debit cards, ACH, SEPA, BACS, PayPal, Apple Pay, Google Pay, Amazon Pay, and bank wire transfers.
- Scalable architecture. Revenue Cloud handles everything from simple one-time charges to complex usage-based subscriptions with prorations, amendments, and multi-currency support.
- Reduced PCI scope. Native integrations use tokenization by default, meaning sensitive card data never enters your Salesforce org.
Cons
- Cost adds up fast. Salesforce licensing fees plus Revenue Cloud plus a payment app like Chargent ($8,000–$16,000/year) plus gateway processing fees create a significant total cost of ownership.
- Native Payments limits gateway choice. Salesforce Payments only supports Stripe and Adyen. Businesses locked into other processors must use third-party apps at additional cost.
- Complex configuration. Setting up Revenue Cloud billing schedules, payment gateways, Flows, and field-level security requires a skilled Salesforce administrator or consultant.
- Compliance is your responsibility. While Stripe and Adyen handle card data securely, your organization is still responsible for PCI scope documentation, EFTA compliance, and internal security controls.
- No single tool does everything. Revenue Cloud handles invoicing but not payment collection. Salesforce Payments handles collection but not complex billing. Most businesses need at least two tools working together.
How Salesforce Compares to Other CRMs for Payment Processing
| Capability | Salesforce | HubSpot | Zoho |
|---|---|---|---|
| Native Payment Processing | Yes (via Stripe/Adyen) | Yes (HubSpot Payments via Stripe) | Yes (Zoho Payments) |
| Subscription Billing | Yes (Revenue Cloud) | Limited (recurring invoices) | Yes (Zoho Subscriptions) |
| Number of Gateway Integrations | 120+ via Blackthorn/30+ via Chargent | Stripe only (native) | Limited to Zoho ecosystem |
| ACH Support | Yes | Yes | Yes |
| Field Service Payments | Yes (Blackthorn + Bluetooth readers) | No | No |
| PCI DSS Tokenization | Yes (native) | Yes (native) | Yes (native) |
| Complex Usage-Based Billing | Yes (Revenue Cloud) | No | Limited |
| AppExchange Payment Apps | Dozens of options | Very few | Zoho Marketplace (limited) |
| Typical Starting Price | $25/user/month + payment app fees | $20/user/month (Starter) | $14/user/month |
| Customization Depth | Extensive (Apex, Flows, Lightning) | Moderate | Moderate (can require developer support) |
Salesforce’s advantage over HubSpot and Zoho becomes clear in complex B2B payment scenarios — multi-year contracts, usage-based billing, mid-term amendments, and multi-currency invoicing. HubSpot Payments works well for straightforward B2B or B2C transactions but lacks the depth of Revenue Cloud. Zoho offers an integrated suite at a lower price but operates within a more closed ecosystem that may not integrate smoothly with specialized external tools.
For small businesses with simple payment needs, HubSpot or Zoho may be more cost-effective. For mid-market and enterprise companies with complex billing requirements, Salesforce provides unmatched flexibility — at a higher total cost.
FAQs
Can Salesforce process credit card payments directly?
No. Salesforce routes credit card transactions through a connected gateway like Stripe or Adyen. The gateway processes the actual payment while Salesforce manages the transaction record.
Does Salesforce store credit card numbers?
No. Salesforce uses tokenization through its gateway partners. A secure token replaces the card number, and the actual card data resides on the gateway’s PCI-validated servers.
Is Salesforce PCI DSS compliant?
Yes, for its infrastructure. However, your organization must still document your own PCI scope and meet requirements applicable to your specific configuration and payment page setup.
Can I use Salesforce Payments without Commerce Cloud?
Yes. Salesforce Payments is included with Starter Suite, Pro Suite, and Salesforce Foundations. You can send payment links and accept payments through Sales Cloud and Service Cloud.
Does Salesforce support recurring payments?
Yes. Revenue Cloud handles subscription billing natively, and AppExchange apps like Chargent and Blackthorn support recurring and installment payments across multiple gateways.
Can Salesforce process ACH payments?
Yes. Salesforce Payments supports ACH for U.S. transactions. Third-party apps extend ACH support globally, including SEPA for Europe and BACS for the UK.
Do I need a separate payment gateway with Salesforce?
Yes. Salesforce requires a gateway like Stripe, Adyen, or one of the 30+ gateways supported by Chargent to process transactions.
Can field service technicians collect payments through Salesforce?
Yes. Blackthorn Payments integrates with Salesforce Field Service and supports Bluetooth card readers for in-person payment collection on the Salesforce mobile app.
Is Salesforce Billing the same as Salesforce Payments?
No. Salesforce Billing (Revenue Cloud) handles invoicing, billing schedules, and revenue recognition. Salesforce Payments handles the actual transaction processing through a connected gateway.
Does the Electronic Fund Transfer Act apply to Salesforce ACH payments?
Yes. Any ACH payment processed through Salesforce must comply with EFTA and Regulation E, including authorization requirements, error resolution timelines, and receipt obligations.