Accepting card payments is where many Croatian web shops stall. A payment gateway connects your store to the banking system so customers can pay by card or wallet - but integrating one involves acquirers, security rules, and reconciliation. Here is how it actually works.
In short
- A payment gateway (PSP) authorises and settles online payments; you also need a merchant account with an acquiring bank.
- Common options in Croatia: Monri WSPay, CorvusPay, Stripe, PayPal, and the Aircash wallet.
- Integrate via a hosted/redirect page (simplest, lowest PCI scope) or an API/embedded flow (full control of the checkout).
- 3-D Secure 2 and Strong Customer Authentication (SCA) are mandatory under PSD2 for most card payments.
- Tokenisation enables saved cards, subscriptions, and reorders.
What a gateway actually does
The buyer enters a card, the gateway runs the 3-D Secure 2 check, and the request travels to the acquirer and card network for authorisation. On success, the gateway calls your shop back and the order is marked paid; refunds and settlement return down the same chain. You need a contract with an acquiring bank - often the gateway arranges it - and must reconcile every payment against its order.
Options for a Croatian shop
- Monri WSPay - a Croatian PSP with 3-D Secure 2 that connects your shop to card acquirers and supports the Aircash wallet.
- CorvusPay - an established Croatian fintech offering card payments and account-to-account bank payments across many banks.
- Stripe - available in Croatia, with a developer-friendly API for subscriptions and international cards.
- PayPal and the local Aircash wallet - familiar extra options many Croatian shoppers expect.
Most shops offer two or three methods so buyers pick their own.
Building a web shop?
We integrate payments, shipping, and accounting into custom web shops - reconciled end to end. See what a build involves in our web shop cost guide.
Hosted vs API, and the common pitfalls
A hosted/redirect integration sends the buyer to the provider’s secure page - fastest to launch, and it keeps card data and your PCI scope off your servers. An API/embedded integration keeps buyers on your site for a smoother checkout but adds compliance work. Watch for: SCA challenges failing on older devices, everything now in EUR, matching webhook callbacks to orders (never mark an order paid on redirect alone), refunds and partial captures, and testing declines, not only the happy path.
Frequently Asked Questions
Do I need both a merchant account and a gateway? Usually yes. The gateway authorises the payment; the merchant account with an acquiring bank receives the funds. Many providers arrange both.
Is 3-D Secure mandatory in Croatia? For most consumer card payments, yes. PSD2 requires Strong Customer Authentication, and 3-D Secure 2 is how cards meet it.
Can I charge subscriptions automatically? Yes, through tokenisation - the card is saved as a secure token, so you can bill recurring or one-click orders without storing card numbers.
Hosted page or API - which is safer? A hosted page is safer because card data never touches your servers. An API flow gives a smoother checkout but adds PCI work.
Can I offer more than one provider? Yes. Many shops combine a card gateway with a wallet like Aircash so buyers pick their method.
Related Articles
- How much does a web shop cost in Croatia?
- API integrations: how they work and what they cost
- Booking systems: build vs buy for service businesses
Ready to accept payments?
We connect the right gateway to your web shop - card, wallet, and recurring billing - with proper 3-D Secure and clean reconciliation into your orders.
Reach us at [email protected] or via the form on our homepage.