WooCommerce CardPointe Payment Gateway


CardPointe payment processing tokenizes sensitive data, safeguarding your customers from a data breach and lessening the burden of PCI compliance.

Businesses that use CardPointe can offer their customers the ability to checkout with a saved card on file, with sensitive data being stored on CardPointe’s servers and not the business’s systems. The CardPointe plugin supports the WooCommerce Subscription extension.

Click here for more information.

Please note that WooCommerce (v4.0+) must be installed and active.
The latest version of WooCommerce (v5.5.2) is supported.
The WooCommerce Subscriptions extension (v3.0.x) is fully supported.
PHP should be (v7.1+)
Please note that ReCaptcha key are required to use this plugin

You must contact your sales agent to receive the account credentials specifically for this plugin to work. Those credentials are different than what is provided for the Virtual Terminal. Refer to Fiserv’s WooCommerce Support page for more details.

Security Best Practices
While not required, it is strongly recommended that you configure your site to meet the following security best practices:

  • Secure your checkout page with an SSL (secure socket layer) certificate.

  • As of version 3.3+, recaptcha is built in and required in live mode, and you must configure your WooCommerce > Payments settings to include ReCapthca keys.

Version 3.3.3 of the plugin includes the following new settings to help prevent fraud and carding events carried out by malicious scripts and bots:

  • Maximum Credit Card Attempts
    This setting limits the number of authorization attempts for a given payment card. Once the limit is exceeded, the card will be banned from use on the plugin. Must be a value from 3 (default) to 5 attempts.
    Banned cards are displayed in the Currently Banned Card Tokens list. To re-enable a banned card token, you can select it and click Delete Selected Tokenized Card(s) to remove it from the list. The default setting is 3 attempts.

  • Rate limiting
    This setting limits the number of payments a cardholder can attempt to make in a given amount of time. The default setting requires a minimum of 3 seconds between payments.

  • Maximum order attempts
    This setting limits the number of attempts to submit a payment for a given order. Must be a value from 3 (default) to 10 attempts.

See Configuring the WooCommerce Plugin for more information.

Additionally, we strongly recommend using the iFrame tokenization method for capturing customer payment card numbers. Select Enable IFRAME API on the WooCommerce> Settings >Payments tab to enable the Hosted iFrame Tokenizer on your checkout form for an additional layer of security. See Advanced Tokenization Settings for more information.

Note: If the security of your webpage becomes compromised, Fiserv reserves the right to disable your CardPointe merchant account.


  • Upload plugin files to your plugins folder, or install using WordPress built-in Add New Plugin installer;
  • Activate the plugin;
  • Configure the plugin settings in WooCommerce > Settings > Payments > CardPointe
  • Contact your sales representative for your merchant ID and credentials, and to activate your account for WooCommerce usage.
  • Obtain ReCaptcha V2 keys for your site, from https://www.google.com/recaptcha/admin/ and enter them into the WooCommerce settings for this plugin.


How do I use the new ReCaptcha V2 option?

First, make sure you have obtained ReCaptcha V2 keys for your site, from https://www.google.com/recaptcha/admin/
Please see https://www.google.com/recaptcha/about/ for more info.
Log in to your WordPress Dashboard and navigate to WooCommerce > Settings > Payments.
Select the «Manage» button, next to the CardPointe payment method.
Select the «Enable Google ReCaptcha on Checkout» option and fill in your ReCaptcha Keys

Does this plugin require that an SSL certificate be installed?

It is recommended that you install an SSL certificate on your site for the checkout page, however the plugin does not require it.

Is there an option for a sandbox account for testing?

Yes. When you sign-up for a merchant account with CardPointe you will receive credentials for a sandbox account as well as a live account.

Are there any special requirements needed from my hosting provider?

You may need to request that your hosting provider open certain ports. Specific instructions will be provided when you activate your CardPointe account.

Who do I contact if I need assistance?

For further info or support, contact your Fiserv sales agent.

Does this support the WooCommerce Subscriptions extension?

Yes, we support v2.5.x of the Subscriptions extension. We highly recommend that you use v2.5.x+ for best results.

Does this support the WooCommerce Pre-Orders extension?


Does this support all currencies supported by the WooCommerce store?

We support all WooCommerce currencies except the Ukrainian Hryvnia.

Can I switch back to the 2.x method of tokenization, and not use the 3.x+ iframe methods

Yes. Define WC_CC_ADVANCED as true in your wp-config.php file. Then, open the plugin\’s WooCommerce setting page, and configure the new options. Use at your own risk. This will be removed in a future update.

Who do I contact for support?

Support is provided by Fiserv. Before posting to this plugin forum, contact your Fiserv sales agent.

I have trouble with a saved card

Cards saved while in test/sandbox mode will NOT carry over when switching to live mode. If you’ve saved a card in this manner, and receive an error, you need to re-save the card in live mode, under a different label/name. Always use a test WP user account for testing saved cards in sandbox mode, and do not try to use the account or it’s saved cards in live mode at a later time.

Where are the Developer CSS options?

Define WC_CC_ADVANCED as true in your wp-config.php file, and visit the plugins settings in WooCommerce.

How do I send non-standard checkout page form fields along with my transactions?

First, please note that this is in beta. Report any issues you encounter immediately, in the plugin’s support area above.
If we’ve introduce a breaking change, please revert back to the previous 3.3.2x version and turn off auto plugin updating, until we can get a fix.

You must enter your MID, username and password, and then save, to see the new field selector on the CardPointe settings page.

Refer to the «Include these checkout fields in CardPointe transactions» section now present on the settings page, and select the desired checkout form fields, then re-save.

Any data submitted during checkout matching the fields selected in your settings, will show up in a virtual terminal transaction under «Custom Fields» (e.g. selecting «billing_company» will send the standard WooCommerce checkout field called «billing_company,» if a customer fills it out.)

Support for the official WooCommerce Checkout Field Editor plugin is included.

Support for custom user fields in the Subscriptions and Pre-Orders plugins is currently experimental.


1 de abril de 2020
Plugin works great for clients wanting to use CardConnect as their payment gateway on WooCommerce sites. No issues to report after using on a few sites. Seems to be updated regularly.
8 de enero de 2020
As a business owner, I demand a payment plug-in that is sharp, dependable, efficient and well designed. The WooCommerce CardConnect Payment Gateway checks all the boxes. I am not just a business owner, I am a start-up; I spend so much time in the trenches, the last thing i need is worrying about getting paid. I am very happy with this plug-in and the support behind it. I recently had a problem with my payments coming up "invalid"- simply not working and Rex immediately and expeditiously resolved the issue. Rex is a Rock Star! I plan on working with him for all my technical needs for many years to come.
10 de diciembre de 2018
Since the 3+ version update for Woo, it seems to have gotten better and I have had no issues with it since. I'll update this if things change.
30 de agosto de 2018
Rev 3.0.0 Crashes the server with Error 500. Do NOT USE until they get this fixed. Sterilized dump follows: ------------------------- #0 /home/xxx/mysite.com/wp-includes/class-wp-hook.php(286): CardConnectPaymentGateway_init('') #1 /home/xxx/mysite.com/wp-includes/class-wp-hook.php(310): WP_Hook->apply_filters(NULL, Array) #2 /home/xxx/mysite.com/wp-includes/plugin.php(453): WP_Hook->do_action(Array) #3 /home/xxx/mysite.com/wp-settings.php(327): do_action('plugins_loaded') #4 /home/xxx/mysite.com/wp-config.php(91): require_once('/home/xxx/...') #5 /home/xxx/mysite.com/wp-load.php(37): require_once('/home/xxx/...') #6 /home/xxx/mysite.com/wp-blog-header.php(13): require_once('/home/xxx/...') #7 /home/xxx/mysite.com/index.php(17): require('/home/xxx/...') #8 {main} thrown in /home/xxx/mysite.com/wp-content/plugins/cardconnect-payment-module/cardconnect-payment-gateway.php on line 55
7 de julio de 2018
You will always get this error on shared hosting and the issue is 99% of wordpress installs are on shared hosting. That makes this a horribly designed plugin. Also the Site field has no indication of what should be there and support is awful. Port 6443 is closed. You will not be able to process transactions using the sandbox CardConnect environment. First ensure that the 'Site' field is set and saved correctly above. Then please request that your server admin or hosting provider opens port 6443. Port 8443 is closed. You will not be able to process transactions using the production CardConnect environment. First ensure that the 'Site' field is set and saved correctly above. Then please request that your server admin or hosting provider opens port 8443. I have since moved to another provider where these port errors are not present but the plugin still does not work. Debug mode on wordpress does not even show anything related to this plugin. Support on it is garbage and while I am a CardConnect user, this is hampering my ability to use it for my online shop.
Leer todas las 9 reseñas

Colaboradores y desarrolladores

«WooCommerce CardPointe Payment Gateway» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


Registro de cambios


  • updated: README.txt


  • new: security features. check compatibility against woo plugin and add-ons


  • update: readme.txt


  • fix: issue where some checkout might ignore validation on recaptcha


  • NEW – As of June 14, 2021, ReCaptcha is required in plugin settings to place transactions.
  • updated – testing against latest versions of WooCommerce
  • updated – testing against latest versions of WooCommerce (official) Subscriptions plugin
  • updated – testing against latest versions of WooCommerce (official) Pre-Order plugin
  • updated – testing against latest versions of WordPress


  • incremental prep for ReCaptcha requirement


  • small grammar change


  • refined ReCaptcha messaging
  • bumped and tested compatibility


  • update notification added for upcoming ReCaptcha requirement


  • updated branding – minor changes


  • updated branding to reflect CardPointe and Fiserv


  • add new COF and COFSCHEDULED params per new API requirements


  • fix – validation when using a different payment method


  • added ReCaptcha for checkout form
  • compatibility tested.
  • updated readme


  • compatibility tested.
  • updated readme


  • compatibility: Tested against WC 4.0.1, WordPress 5.4, Subscriptions 3.0.3, and Pre-Orders 1.5.24.


  • compatibility: Tested against WC 3.9.1, WordPress 5.3.2, Subscriptions 3.0.1, and Pre-Orders 1.5.22.
  • Minimum PHP version bump to 7.0
  • WP minimum bumped to 5.0


  • compatibility: Tested against WC 3.8, WordPress 5.3, Subscriptions 2.6.4, and Pre-Orders 1.5.20.


  • removed port 8443 usage – ports 6443 and 8443 no longer required


  • compatibility: Tested against WC 3.7.0, WordPress 5.2.3, Subscriptions 2.6.1, and Pre-Orders 1.5.17.
  • change: removed previously required ports for UAT


  • compatibility: Tested against WC 3.7.0, WordPress 5.2.2, Subscriptions 2.5.7, and Pre-Orders 1.5.17.
  • new: hide form card, exp., and CVV fields when using saved cards


  • small fix for order comments


  • array_merge fix to prevent PHP notice/warning


  • beta: WooCommerce Checkout Form Fields can be included in transactions, as part of the Virtual Terminal Custom user fields
  • compatibility: Tested against WooCommerce 3.6.4


  • removed: removed SVN versions prior to 2.0.18
  • compatibility: Tested against WooCommerce 3.6.1 – Subscriptions 2.5.3 – Pre-Orders 1.5.13


  • fix: issue with PHP method return value error


  • change: basic CSS defaults, when using non-autostyle settings
  • new: added update notification methods
  • new: WC_CC_ADVANCED removed in favor of option in CardPointe settings.


  • fix: subscription function fatal error


  • New: Developer CSS options that allow customization of the IFRAME CC number field
  • fix: small translation syntax error for
  • Tested for latest WooCommerce compatibility (3.5.3)


  • Change: Remove development functions


  • Force update – for those on < 3.0.3


  • repackage, restore raven


  • removes Fatal error reported when upgrading


  • Change: Now tokenizes card numbers via CardPoint\’s iframe methods
  • Change: added method to attempt to pull WooCommerce checkout styles, and apply them to the check out card detail fields
  • Fix: normalizes the refund total to prevent some isolated cases where refund amounts were multiplied by 100
  • Fix: Various tokenization checks for both the new iframe version and older JS tokenization calls
  • Fix: Tokenization carries over from previous versions, into this version. Subscriptions and Saved cards are persistent.