Secure Card Capture for Shopify Subscription Payments

Give your Shopify subscribers a secure, in-portal way to add and manage the card on file for their recurring orders — and get early warning when a card is going to fail, before it costs you an order.

Secure Card Capture replaces the old "send the subscriber off to an external page to update their card" flow with a card field built right into the QPilot Subscriber Portal. Card details are captured inside a secure, PCI-compliant field and are tokenized straight into your Shopify payment setup. The card number itself never touches your store's servers or QPilot's — so the compliance burden of handling raw card data stays off your plate.

On top of capture, every card added this way is enrolled for automatic monitoring: when a subscriber's bank reissues, closes, or flags their card, QPilot surfaces that as a status on the payment method so you can prompt an update before the next Scheduled Order tries to charge a dead card.

📘

Available for Shopify stores. Secure Card Capture is offered for subscriptions running on Shopify. WooCommerce stores continue to use their existing gateway card flows. See What Secure Card Capture covers below for the full picture.

What you get

• In-portal card capture — subscribers add and update their card without leaving the Subscriber Portal. No redirect to an external page.
• PCI offloaded — raw card data is captured in a secure field and never stored by your store or by QPilot. Card data is held in a dedicated PCI-compliant vault, keeping your compliance footprint minimal.
• Card health monitoring — cards are automatically monitored, so a reissued, closed, or invalidated card is flagged before it silently fails at the next charge.
• At-a-glance card status — payment methods show a clear status (for example, Invalid) across the portal so the problem is visible where it matters.
• Add, edit, and remove in one place — subscribers manage the full lifecycle of their card from the portal.

Table of Contents

1. Availability and prerequisites
2. What your subscribers experience
3. Adding a card
4. Editing a card
5. Removing a card
6. Card health monitoring and statuses
7. What Secure Card Capture covers
8. FAQ
9. What's next

Availability and prerequisites

Secure Card Capture is enabled for your store by the QPilot team. It is not a self-serve toggle today — reach out to your QPilot contact to have it turned on for your Shopify store.

To use it, your store needs:

• An active subscription to the Autoship for Shopify app — Autoship installed and successfully launched on your store, with subscriptions running.
• The Subscriber Portal displayed in your Shopify store — so subscribers have a place to manage the card on file.

In other words, you should already be live on Autoship for Shopify with the Subscriber Portal in place before Secure Card Capture is turned on. Once it's enabled, the secure card field appears automatically in the portal's payment method flow for your subscribers — there's nothing for the subscriber to install or set up.

📘

What about stores that aren't enabled? If Secure Card Capture isn't turned on for a site, the portal falls back to the existing behavior — subscribers are sent to your standard payment-update page. Nothing breaks; the inline experience simply isn't shown.

[IMAGE PLACEHOLDER #1 — Screenshot]
Capture brief: Subscriber Portal → Payment Methods view, on a site with Secure Card Capture enabled. Show the payment methods list with at least one card on file and the "Add New" affordance visible. Highlight the "Add New" control. Use a realistic-looking card on file in the background. Caption: The payment methods area of the Subscriber Portal, where subscribers manage the card on file for their Scheduled Orders.

What your subscribers experience

From the subscriber's point of view, managing a card is a single, contained flow inside the portal:

1. They open Change Payment Method (or Add New) from their payment methods.
2. A secure card field loads directly in the portal.
3. They enter their card details and billing information and submit.
4. A short "securing your card" splash confirms the card is being saved, then a success state.
5. The new card appears in their payment methods, ready for their Scheduled Orders.

The card field is a secure, embedded component — the subscriber never leaves the portal, and the card number is encrypted in place as they type it.

👍

Why this matters for retention. Every redirect to an external page is a place a subscriber can drop off. Keeping card capture inside the portal removes that friction — especially valuable when a subscriber is updating a card to keep a subscription active.

Adding a card

When a subscriber adds a new card:

• The secure card field validates the card number, expiry, and security code as they type.
• Billing details are validated alongside the card.
• On submit, the subscriber sees a brief securing state while the card is saved, followed by a success confirmation.
• The new card is now available to assign to their Scheduled Orders.

If the card can't be saved — for example, the card is declined — the subscriber sees a clear declined state with the option to Try Again or Use a Different Card, without losing their place in the flow.

⚠️

The success confirmation requires a tap. The new card is only reflected back in the subscriber's payment list after they acknowledge the success screen (for example, by tapping Continue). If a subscriber closes the dialog before confirming, they may need to reopen it to see the newly added card. We call this out so your support team isn't surprised by a "I added my card but don't see it" question.

[IMAGE PLACEHOLDER #2 — GIF]
Capture brief: Subscriber Portal → Add New card flow, end to end on an enabled site. Show: open the dialog → secure card field loads → enter test card + billing → submit → securing splash → success splash → card appears in list after Continue. Keep a realistic Scheduled Order in the background. Caption: Adding a new card from start to finish, entirely inside the Subscriber Portal.

Editing a card

Subscribers can update the details on an existing card from the same payment methods area. The edit flow uses the same secure card field as adding a new card, so card data is handled with the same PCI protection.

[IMAGE PLACEHOLDER #3 — Screenshot]
Capture brief: Subscriber Portal → Edit existing card. Show the edit form with the secure field and the existing card's display details (brand, last four). Highlight the edit affordance on the card row. Caption: Editing the card on file uses the same secure capture field.

Removing a card

Subscribers can remove a card they no longer want on file. Removal:

• Asks the subscriber to confirm before anything is deleted.
• Shows a short progress animation while the card is removed.
• Confirms once the card has been removed.

If a removal can't be completed, the subscriber is shown a clear error with the option to retry.

⚠️

A card tied to an active Scheduled Order can't be silently removed. If a card is the payment method for an active Scheduled Order, removing it requires reassigning that order to another card first. This protects subscribers from accidentally leaving a Scheduled Order with no way to pay.

Card health monitoring and statuses

This is where Secure Card Capture earns its keep against involuntary churn. Every card captured this way is automatically monitored. When the subscriber's bank changes the card's state, QPilot updates the card's status so the problem is visible before it causes a failed order.

What gets surfaced today:

• Card closed or invalidated — if the bank closes the account or flags the card (reported lost, fraud, and so on), the card is marked Invalid. That status shows up on the payment method across the portal — on the order detail, the Scheduled Order summary, and the Scheduled Order details — so it's visible wherever the card is referenced.
• Card reissued / replaced — when a bank issues a replacement card (same account, new number), QPilot records the replacement against the card's history.

⚠️

What monitoring does and doesn't do. Card monitoring surfaces card problems — it flags an invalid or closed card so you and the subscriber can act. When a card is reissued, the subscriber confirms the updated card. The value is early visibility: you find out a card is dead from a status badge, not from a declined charge.

[IMAGE PLACEHOLDER #4 — Screenshot]
Capture brief: Subscriber Portal → a payment method showing the Invalid status badge, and the same status reflected on a Scheduled Order summary. Highlight the status badge in both places. Caption: An invalid card is flagged across the portal so it can be fixed before the next order.

What Secure Card Capture covers

• Secure, PCI-offloaded card capture in the Subscriber Portal for Shopify subscriptions.
• Add, edit, and remove cards inside the portal.
• Automatic monitoring that flags closed or invalid cards and records reissued cards.
• Card status surfaced across the portal (payment methods, order detail, Scheduled Order summary and details).

FAQ

Is my subscribers' card data stored on my store or by QPilot?
No. The card number is captured in a secure field and held in a dedicated PCI-compliant vault. Your store and QPilot work with a token, not the raw card. This keeps your PCI compliance footprint minimal.

Do my subscribers need to do anything to set this up?
No. Once Secure Card Capture is enabled for your store, the secure card field appears in the portal automatically. There's nothing for the subscriber to install.

Does this work for WooCommerce?
Not today. Secure Card Capture is currently offered for Shopify subscriptions. WooCommerce stores continue using their existing gateway card flows.

What happens to cards my subscribers already have on file?
Existing cards continue to work as they do now. Secure Card Capture applies to cards added or updated through the new secure flow.

A subscriber says they added a card but don't see it — what happened?
The newly added card appears once the subscriber acknowledges the success screen. If they closed the dialog early, ask them to reopen their payment methods; the card will be there.

What happens when a subscriber's card is reissued or replaced?
QPilot flags the card so it can be updated, and the subscriber confirms the new card. You're notified through the card's status rather than finding out at a declined charge.