use security assist for the registration and login process.
you can edit the login behavior on the login page to store the true false column in a session to determine the logged in user type.
you can create an access rule for the user types based on the session.
run the checkout wizard twice, once with no gateway, the second time to accept credit cards. make sure the pages use unique names.
use the access rules to restrict access to the checkout pages so that the checkout pages are accessible to the intended user types.