Users with the Admin User role can now manage users.

They can create users with the following roles and give them access to their merchants.

• Normal User with access to Payments.
• Accountant User with access to Payments, Dashboard, and Reports
• Admin User with full access to Payments, Dashboard, Reports, and User Administration.

The Admin User can also edit or deactivate their users.

When a new user is created, they receive an email to set their password. Users can also reset their own passwords.

A user account is locked after 3 unsuccessful password attempts. An Admin User or CardCorp Admin can unlock the user.

Users with the Admin User or Accountant User roles can now download CSV reports.

The new CSV file download feature applies to the following reports.

• Payment Advice
• Rolling Reserves
• Disputes Report
• Fraud Report

When you access any of these reports from the Reports menu, at the end of the report page, there is a Download button to obtain the CSV file.

CardCorp has introduced a new Agent Commissions System. The Agent’s Commission View has the following sections:

• Activity - The dashboard shows the performance of your portfolio for both This Month and All-Time.
• Revenue - A monthly summary of the your revenue as an agent. Here you can also access individual monthly revenue reports and payment advice.
• Merchants - A list of companies that you referred and their current month’s revenue. Clicking the trading name allows the agent to view that merchant’s monthly revenue report.
• Merchant Applicants - A list of new applicants submitted by the agent.

CardCorp has released a new version of the WooCommerce version that is compatible with the following versions:

• PHP: 8.2.0
• WordPress: 6.8.3
• WooCommerce: 10.2.2

It is also compatible with previous known working versions.

Do not update your WooCommerce webshop without first checking plugin compatibility

This version requires the Classic Checkout. If you have a new installation, follow the instructions to switch back from Checkout Blocks to Classic Checkout.

The CardCorp WooCommerce plugin has been updated with CardCorp branding.

Note that this plugin is compatible with WooCommerce 9.9.5 and previous versions. Do not update your WooCommerce webshop without first checking plugin compatibility.

You can now download the plugin from the new link to the CardCorp GitHub repository.

The name of the plugin archive is now cardcorp-woocommerce-master.zip.

And the name of the plugin is now WooCommerce CardCorp Gateway.

And you can find the settings under CardCorp Payments.

CardCorp integrates with the PAYSTRAX reporting platform to provide dispute and reconciliation data in the merchant hub.

PAYSTRAX breaks down settlement and payment data by billing profiles. See settlement and payment per acquirer.

Users can filter the Transactions list and the Funding, Payment Advice, and Rolling Reserve reports by Billing Profile. And you can reconcile your merchant account in PAYSTRAX for each billing profile. See Reconcile with daily settlement and Reconcile with weekly settlement.

PAYSTRAX charges authorisation fees for approved transactions (authorisations and refunds) immediately, but PAYSTRAX charges fees for declined transactions and chargebacks at the end of the month. See Authorisation and chargeback fee timing.

Your website payment pages must comply with PCI DSS v4.x, which is designed to stop attackers from obtaining cardholder data when processing it in your e-commerce system.

You can meet these requirements in several ways.

1. Use traditional means, including implementing a Content Security Policy (CSP), using a hash for Sub-resource Integrity (SRI) (now available for the COPYandPAY checkout), and using change detection scans.
2. Configure monitoring within your content delivery networks (CDNs).
3. Contract third-party solutions to manage JavaScript security.

Changes to COPYandPAY checkout for PCI DSS 4.x

Add a Content Security Policy (CSP) for the payment page and use change detection scans.

Add the Sub-resource Integrity (SRI) hash every time you create a checkout with the COPYandPAY integration.

• Add the new parameter of integrity=true when you create a checkout
• There is a change to the create checkout response, which now includes the integrity hash

{
  "result":{
    "code":"000.200.100",
    "description":"successfully created checkout"
  },
  "buildNumber":"d7f3057c29b9a26d5151336767387bb393720d7e@2024-10-14 09:16:49 +0000",
  "timestamp":"2024-10-15 15:16:31+0000",
  "ndc":"FB76D9A1B7D1CAC70A03923F903F74FB.uat01-vm-tx03",
  "id":"FB76D9A1B7D1CAC70A03923F903F74FB.uat01-vm-tx03",
  "integrity":"sha384-/j1gGQsS/nAgGp9u7LjRlD7nwA3h+yXS5aEP/vbzrbpgPWuRDhCuFok3J8lWVC3X"
}

• Change to the checkout script
  • Replace {integrity} with the value of integrity
  • For the crossorigin, replace anonymous with the URL of the website that loads the COPYandPAY checkout

<script 
	src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId={checkoutId}"
	integrity="{integrity}"
	crossorigin="anonymous">
</script>

For full details, see our documentation: integrate using the iframe checkout

SERVER-TO-SERVER integration

With a server-to-server integration, it is your responsibility to establish and maintain compliance with PCI DSS v4.x.

More information

For more details of PCI DSS 4.x, see the gateway documentation and the PCI 4.0.x documentation.

Welcome to the developer hub and documentation for CardCorp!