The CardCorp WooCommerce plugin has been updated with CardCorp branding.

Note that this plugin is compatible with WooCommerce 9.9.5 and previous versions. Do not update your WooCommerce webshop without first checking plugin compatibility.

You can now download the plugin from the new link to the CardCorp GitHub repository.

The name of the plugin archive is now cardcorp-woocommerce-master.zip.

And the name of the plugin is now WooCommerce CardCorp Gateway.

And you can find the settings under CardCorp Payments.

CardCorp integrates with the PAYSTRAX reporting platform to provide dispute and reconciliation data in the merchant hub.

PAYSTRAX breaks down settlement and payment data by billing profiles. See settlement and payment per acquirer.

Users can filter the Transactions list and the Funding, Payment Advice, and Rolling Reserve reports by Billing Profile. And you can reconcile your merchant account in PAYSTRAX for each billing profile. See Reconcile with daily settlement and Reconcile with weekly settlement.

PAYSTRAX charges authorisation fees for approved transactions (authorisations and refunds) immediately, but PAYSTRAX charges fees for declined transactions and chargebacks at the end of the month. See Authorisation and chargeback fee timing.

Your website payment pages must comply with PCI DSS v4.x, which is designed to stop attackers from obtaining cardholder data when processing it in your e-commerce system.

You can meet these requirements in several ways.

1. Use traditional means, including implementing a Content Security Policy (CSP), using a hash for Sub-resource Integrity (SRI) (now available for the COPYandPAY checkout), and using change detection scans.
2. Configure monitoring within your content delivery networks (CDNs).
3. Contract third-party solutions to manage JavaScript security.

Changes to COPYandPAY checkout for PCI DSS 4.x

Add a Content Security Policy (CSP) for the payment page and use change detection scans.

Add the Sub-resource Integrity (SRI) hash every time you create a checkout with the COPYandPAY integration.

• Add the new parameter of integrity=true when you create a checkout
• There is a change to the create checkout response, which now includes the integrity hash

{
  "result":{
    "code":"000.200.100",
    "description":"successfully created checkout"
  },
  "buildNumber":"d7f3057c29b9a26d5151336767387bb393720d7e@2024-10-14 09:16:49 +0000",
  "timestamp":"2024-10-15 15:16:31+0000",
  "ndc":"FB76D9A1B7D1CAC70A03923F903F74FB.uat01-vm-tx03",
  "id":"FB76D9A1B7D1CAC70A03923F903F74FB.uat01-vm-tx03",
  "integrity":"sha384-/j1gGQsS/nAgGp9u7LjRlD7nwA3h+yXS5aEP/vbzrbpgPWuRDhCuFok3J8lWVC3X"
}

• Change to the checkout script
  • Replace {integrity} with the value of integrity
  • For the crossorigin, replace anonymous with the URL of the website that loads the COPYandPAY checkout

<script 
	src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId={checkoutId}"
	integrity="{integrity}"
	crossorigin="anonymous">
</script>

For full details, see our documentation: integrate using the iframe checkout

SERVER-TO-SERVER integration

With a server-to-server integration, it is your responsibility to establish and maintain compliance with PCI DSS v4.x.

More information

For more details of PCI DSS 4.x, see the gateway documentation and the PCI 4.0.x documentation.

Welcome to the developer hub and documentation for CardCorp!