WooCommerce payments plugin
The Cardflo WooCommerce payments plugin allows merchants to integrate Cardflo's payment orchestration capabilities directly into their WooCommerce store.
This plugin enables access to advanced routing, decline recovery, and a wide array of payment methods, enhancing conversion rates and managing payment complexities within your existing e-commerce platform.
- Category
- Plugins
- Capabilities
- 10
- Available on
- All plans
The overview
A WooCommerce payments plugin functions as the integration layer between the WordPress e-commerce environment and the wider financial infrastructure of a payment service provider or orchestrator.
By installing this module, a merchant bridges their online storefront with the gateway and acquirer network, enabling the authorisation and capture of funds from various card schemes and local account-to-account methods.
The plugin handles the technical translation of shopping cart data into secure payment requests, maintaining the integrity of transaction metadata such as tax, shipping, and line-item details.
For businesses managing high volumes or complex cross-border flows, the plugin facilitates advanced logic like smart routing and automated retries directly within the administrative dashboard.
This reduces the requirement for custom API development while ensuring that the checkout process adheres to regional regulatory burdens, such as Strong Customer Authentication under PSD2. The objective is to centralise payment management while diversifying the underlying financial connections to improve resilience against processor outages.
How it works
Technical Installation and Configuration
The merchant uploads the plugin folder to their WordPress directory or installs it via the plugin repository. After activation, the administrative interface allows for the input of API keys and webhooks.
This establishes a secure handshake between the WooCommerce site and the orchestration layer, ensuring encrypted communication for all transaction data.
Checkout Initialisation and Tokenisation
When a customer proceeds to checkout, the plugin generates a secure payment form or redirects to a hosted page. Sensitve card data is tokenised before it leaves the browser, meaning the merchant server never handles raw primary account numbers.
This reduces the scope of PCI DSS compliance requirements for the store owner.
Routing and Authorisation Logic
Once the customer submits payment, the plugin transmits the data to a payment orchestration platform. The transaction is then routed to the most appropriate acquirer based on the merchant category code, currency, or geographical location.
The issuer provides an authorisation code or a decline reason, which the plugin processes in real time.
Transaction Finalisation and Settlement
If authorised, the plugin updates the WooCommerce order status to 'Processing' or 'Completed'. The gateway initiates the capture process, moving funds from the issuer to the merchant's acquiring account.
Settlement typically occurs within a pre-defined window, depending on the specific terms agreed with the merchant's acquiring partner.
Why it matters
Resilience through Redundant Routing
Relying on a single payment processor introduces a single point of failure. If an acquirer experiences downtime or a technical degradation, a WooCommerce plugin connected to an orchestration layer can automatically redirect traffic to an alternative provider.
This failover mechanism helps maintain operational continuity and protects the revenue stream during periods of instability within the traditional banking network.
Optimising Authorisation Success Rates
Payment declines often result from rigid fraud filters or technical mismatches between the acquirer and the issuer. A sophisticated plugin allows for the use of network tokens and smart routing logic to present transactions in the format most likely to be approved.
By analysing decline codes like 'soft declines', the system can automatically retry the transaction via a different path, recovering potentially lost sales.
Simplified Regulatory Compliance Management
Navigating the complexities of SCA and PSD2 is difficult for independent retailers. The plugin manages the 3DS handshake process, ensuring that two-factor authentication is applied only when legally required or when the risk profile warrants it.
This balances the need for security with the requirement to minimise friction during the digital checkout experience for the end user.
Use cases
Multi-Currency Global Retailers
Merchants selling in multiple jurisdictions can use the plugin to present local currencies and alternative payment methods. This reduces FX markups and increases trust at the point of sale.
Subscription Based Service Providers
Businesses using WooCommerce Subscriptions can utilise the plugin to manage merchant-initiated transactions. It handles the secure storage of payment tokens for recurring billing cycles and automated dunning processes.
High Volume Flash Sales
During periods of intense traffic, the plugin distributes the transaction load across multiple backend processors. This prevents bottlenecking at the gateway level and ensures that authorisation requests are processed efficiently.
Hybrid Digital-Physical Businesses
Retailers that combine online sales with offline activities can centralise their reporting. The plugin ensures that all digital transactions are attributed to the correct MID for unified financial reconciliation.
By the numbers
Typical uplift observed by merchants switching from a single acquirer to a routed orchestration model with retry logic.
Estimated reduction in technical controls required when moving from on-server data handling to tokenised hosted fields.
Typical processing time for a 3DS2 authenticated transaction when utilising modern gateway APIs and optimised plugins.
Related terms
Talk to our team about a live rollout on your acquiring stack.
What you get with WooCommerce payments plugin
- Supports multiple acquiring banks to provide redundancy and minimise the impact of processor downtime.
- Automates the 3-D Secure version 2 flow to comply with SCA requirements across Europe.
- Integrated support for alternative payment methods including digital wallets and local bank transfer schemes.
- Reduces PCI DSS burden by using secure tokenisation and hosted payment fields for data entry.
- Configurable smart routing logic based on transaction value, currency, or customer geographical location.
- Automatic recovery for soft declines using intelligent retry logic across different acquirer connections.
- Centralised dashboard within WooCommerce for managing refunds, captures, and partial settlement actions.
- Support for merchant-initiated transactions to facilitate seamless subscription renewals and recurring billing models.
- Detailed reporting on decline reasons to help merchants analyse and improve their authorisation rates.
- Real-time webhook notifications to ensure order statuses stay synchronised with latest payment events.
A short scoping call, then a written plan for your MIDs.
Questions about WooCommerce payments plugin
How does the plugin handle Strong Customer Authentication under PSD2?
The plugin is designed to support 3DS2, the industry-standard protocol for meeting SCA requirements. When a transaction is initiated, the plugin communicates with the orchestration layer to determine if the payment falls under the scope of PSD2.
If mandated by the issuer or the transaction's risk profile, the plugin triggers a challenge, such as a biometric check or SMS code.
By managing this handshake, the plugin ensures that the merchant remains compliant while attempting to apply for exemptions where possible to reduce friction.
Can I use multiple merchant identification numbers simultaneously?
Yes, through an orchestration-based plugin, you can configure multiple MIDs from different acquirers. The plugin uses routing rules to determine which MID should be used for a specific transaction.
For example, you might route UK-issued cards through a domestic acquirer to minimise interchange costs, while routing US-issued cards through a different provider to improve authorisation rates.
This multi-MID approach is a standard method for larger merchants to optimise their payment stack and lower overall fees.
Does this plugin store sensitive credit card data on my WordPress server?
The plugin does not store primary account numbers or sensitive authentication data on your local WordPress database. Instead, it uses tokenisation.
When a customer enters their card details, the information is sent directly to the secure vault of the payment processor. The plugin receives a non-sensitive token in return, which represents the payment method for future use.
This architecture is essential for maintaining PCI DSS compliance and significantly reduces the risk associated with data breaches.
How does the WooCommerce payments plugin handle different types of transaction declines?
The plugin distinguishes between permanent hard declines and temporary soft declines by analysing the response codes sent from the processor. For soft declines like insufficient funds or processor timeouts, the system may automatically attempt to recover the transaction through scheduled retries or smart rebilling sequences.
According to standard setups, a hard decline usually triggers an immediate notification to the customer to update their billing details or select a different payment method.
This behaviour is designed to reduce cart abandonment while ensuring that the merchant does not repeatedly attempt to process invalid card information.
How are refunds and voids managed through the WooCommerce interface?
Refunds and voids can be processed directly within the WooCommerce 'Edit Order' screen. When a merchant initiates a refund, the plugin sends a request via the API to the payment orchestration platform.
The platform then instructs the relevant acquirer to return the funds to the customer's original payment method. The status of the refund is tracked in real time, and the internal WooCommerce order notes are updated with the ARN or transaction reference for auditing purposes.
Does the plugin support alternative payment methods like iDEAL or SEPA?
Standard credit and debit cards are supported alongside a variety of alternative payment methods. The plugin's integration with an orchestration layer allows it to dynamically display payment options based on the customer's location or the currency of the transaction.
For example, a customer in the Netherlands may be presented with iDEAL, while a customer in Germany sees SEPA Direct Debit or Sofort. This regional customisation is key to improving conversion rates in international markets.
Ready for velocity?
Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.
