To process payments, the organization doing so needs to meet certain information security standards called "Payment Card Industry Data Security Standard" (or "PCI-DSS" for short) in order to protect cardholder information. This requires that the organization either goes through a very long and expensive security audit process every year, OR connect to an organization that's already compliant such as a payment processor. 17hats has opted for the latter option. This means that when your clients pay their 17hats Invoice, their payment details never touch our servers; instead, they get sent straight to the payment processor you have connected on your Invoice Options page in your 17hats account. The code for the payment details window is provided by your payment provider, and is downloaded to your client's computer when the "Pay Invoice" button is clicked. Then the customer enters their payment data directly within the payment portal provided by your payment merchant, not 17hats.
You can see this in action in the browser's Console window:
The screenshot below makes it a little easier to see that the URLs are all subdomains of a specific payment provider, in this case, stripe.com:
You may be wondering why the screenshot shows errors. Those are from an adblocker used on the computer taking the screenshot. The adblocker was used to prevent the payment window from loading (hence, "ERR_BLOCKED_BY_CLIENT") in order to show the URLs that get called when a client clicks "Pay Invoice." You can see this in a browser yourself if you use an ad blocker that prevents cross-site scripting.
Because the payment portal your customers use to pay online isn't coded by 17hats, if a payment is stuck at "processing", or you have other payment issues, you'll need to reach out to your payment processor (Square, Stripe, Paypal, or Authorize.net) directly.
Other questions? Reach out to our Business Support Team via Live Chat or Email Monday through Friday 7am-4pm PST.