EDD Recurring Payments ($99/year) adds subscription capabilities to Easy Digital Downloads. It supports Stripe, PayPal Standard, and PayPal Express as recurring payment gateways, with automatic renewal charging, free trials, and email notifications at renewal. For software licenses and digital download subscriptions, EDD Recurring pairs naturally with EDD Software Licensing for automatic license renewal.
Fraud Prevention
Payment fraud is an ongoing reality for any site accepting online payments. The costs are direct (chargebacks you lose) and indirect (Stripe or PayPal account health impact, time spent fighting disputes). Here is how to build effective defenses.
Stripe Radar
Stripe Radar uses machine learning trained on billions of Stripe transactions to score each payment attempt. Cards with high fraud probability are automatically blocked. Radar is included free with all Stripe accounts and requires zero configuration – it works out of the box.
Radar for Fraud Teams ($0.02/transaction) adds customizable rules. Useful rules for WooCommerce stores: require 3D Secure for orders over $500, block orders from countries you do not ship to, block prepaid card purchases for digital goods (high fraud risk), flag orders where the billing country does not match the card’s issuing country.
WooCommerce Anti-Fraud
WooCommerce Anti-Fraud (free plugin) scores orders based on configurable risk factors: order amount, customer account age, email domain, IP geolocation mismatch with billing address, and more. High-scoring orders are automatically placed on hold for manual review rather than processed immediately. This is a useful layer on top of Stripe Radar for catching fraud patterns specific to your store.
Manual Review Workflows
For high-value orders, manual review before fulfillment is worth the extra time. Flag any order that:
- Is significantly above your average order value (2x or more)
- Has a different billing and shipping address
- Is being shipped to a freight forwarder address
- Was placed by a brand-new account with no purchase history
- Used a different email for account registration and payment
A quick call or email to verify the order before shipping adds 5 minutes of work and can save you from a $500 chargeback. Set up a review queue in WooCommerce for orders meeting these criteria – they go to “On Hold” status and require manual approval before processing.
Tax Compliance Tools
Sales tax compliance is one of the most underestimated headaches in e-commerce. In the US alone, there are over 12,000 tax jurisdictions, each with its own rates and product taxability rules. The 2018 South Dakota v. Wayfair Supreme Court decision means online sellers now have economic nexus obligations in states where they do not have physical presence – once you cross a revenue or transaction threshold, you owe that state’s sales tax.
| Tool | Starting Price | Jurisdictions | WooCommerce Plugin | Best For |
|---|---|---|---|---|
| TaxJar | $19/month | US + international | Yes (official) | US sellers, AutoFile feature |
| Avalara | Custom (starts ~$50/mo) | Global | Yes | Enterprise, international |
| Quaderno | $49/month | Global (EU VAT focus) | Yes | Digital products, EU/global VAT |
TaxJar
TaxJar’s SmartCalcs API automatically calculates the correct sales tax rate for every transaction based on the product type, origin address, and destination address. The WooCommerce integration updates rates in real time during checkout. The AutoFile feature automatically files your sales tax returns in the states where you have nexus – this alone saves hours of monthly accounting work.
At $19/month for up to 200 transactions, TaxJar is accessible for smaller stores. Pricing scales with transaction volume. For US-focused sellers, TaxJar’s AutoFile feature is the most compelling reason to pay for automation rather than handling tax filing manually.
Quaderno
Quaderno shines for digital product sellers dealing with EU VAT, which is notoriously complex. EU VAT for digital products is charged at the buyer’s country rate, meaning you need to collect VAT at the correct rate for all 27 EU member states. Quaderno calculates the right rate, stores the required VAT evidence, generates compliant invoices, and produces the periodic reports needed for EU VAT filing (either directly or via the OSS scheme).
PCI DSS Compliance Simplified
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for any system that processes, stores, or transmits cardholder data. Violating PCI DSS can result in fines, increased processing fees, or losing your ability to accept cards. The good news: if you are using a hosted gateway like Stripe Checkout or embedded Elements, your PCI scope is dramatically reduced.
PCI Scope for Common WordPress Setups
| Integration Type | PCI Scope | What You Need to Do |
|---|---|---|
| Stripe Checkout (hosted redirect) | SAQ A (simplest) | Annual self-assessment questionnaire, basic server security |
| Stripe Elements (embedded iframes) | SAQ A | Annual self-assessment questionnaire, basic server security |
| Custom card form (no iframe) | SAQ D (most complex) | Full security audit, penetration testing, quarterly scans |
The critical insight: by using hosted payment fields (Stripe Elements, PayPal’s hosted fields), you never touch raw card numbers on your server. This keeps you in the SAQ A category, which requires only an annual self-assessment questionnaire and basic server security. Avoid ever building a custom card form that sends raw card data to your server – this triggers the full SAQ D audit requirements, which are expensive and complex.
Subscription and Recurring Billing
Subscriptions add significant complexity to payment processing: billing cycle management, dunning (retrying failed payments), proration for plan upgrades/downgrades, and customer self-service portals for updating payment methods.
WooCommerce Subscriptions
WooCommerce Subscriptions ($279/year) is the standard solution for WordPress-based subscription businesses. It integrates with most payment gateways that support tokenization and handles the full subscription lifecycle: recurring charges, free trials, sign-up fees, proration, and a customer portal for managing subscriptions.
Dunning management – automatically retrying failed payments and notifying customers before cancellation – is handled through WooCommerce Subscriptions’ retry logic combined with Stripe’s card updater (which automatically updates stored card details when a card is reissued). This combination significantly reduces involuntary churn from failed payments.
Stripe Billing
Stripe Billing is Stripe’s native subscription management product. You define products and prices in Stripe, manage customers and subscriptions via the Stripe API, and use the Stripe Customer Portal for self-service subscription management. For SaaS products and businesses where subscriptions are the core model, Stripe Billing’s native tools are more robust than WooCommerce Subscriptions + a gateway plugin.
Stripe Billing charges 0.5% of recurring subscription revenue in addition to standard transaction fees. At scale, this adds up – factor it into your unit economics.
EDD Recurring
EDD Recurring Payments ($99/year) adds subscription capabilities to Easy Digital Downloads. It supports Stripe, PayPal Standard, and PayPal Express as recurring payment gateways, with automatic renewal charging, free trials, and email notifications at renewal. For software licenses and digital download subscriptions, EDD Recurring pairs naturally with EDD Software Licensing for automatic license renewal.
Chargeback and Refund Handling
Chargebacks – when a customer disputes a charge with their bank rather than contacting you directly – are one of the most costly aspects of accepting online payments. Each chargeback costs the chargeback fee ($15-$20), the refunded transaction amount, and significant time to dispute. A high chargeback rate (above 1%) can trigger additional processor scrutiny or account termination.
Preventing Chargebacks
- Use a recognizable business name as the statement descriptor (the name that appears on the customer’s bank statement). “WBCOM DESIGNS” is better than “WBCOM12345” which customers do not recognize and dispute.
- Send detailed order confirmation emails with the exact amount charged and your contact information. Many chargebacks happen because customers do not recognize the charge and cannot figure out who to contact.
- Respond immediately to refund requests. Proactively refunding is always cheaper than losing a chargeback.
- Document everything: IP addresses, email confirmations, delivery confirmation, and any customer communications. This evidence wins chargeback disputes.
Disputing Chargebacks
When a chargeback occurs, Stripe gives you evidence to submit in the Stripe dashboard. For physical goods, submit: order confirmation with customer’s email and IP, shipping tracking number showing delivery to the billing address, and any customer communications acknowledging receipt. For digital goods, submit: download logs, account activity showing the customer accessed the product, and email delivery confirmation.
3D Secure and Strong Customer Authentication
3D Secure (3DS) is an authentication layer that requires cardholders to verify their identity during checkout – typically by approving a notification in their banking app. Strong Customer Authentication (SCA) is the EU regulatory requirement mandating 3DS for most card transactions from EU cardholders.
When 3DS authentication succeeds, liability for fraud chargebacks shifts from you to the card issuer. This is a significant protection – if a fraudulent transaction passes 3DS authentication, you are not liable for the chargeback.
Stripe handles 3DS automatically for EU transactions via Payment Intents. You do not need to configure anything special – the payment flow automatically adds the authentication step when required. Expect some conversion drop from 3DS (5-10% of customers do not complete authentication), but the fraud reduction typically makes it net positive.
Multi-Currency Support
If you sell internationally, showing prices in local currencies significantly improves conversion rates. Customers are more likely to complete purchases when they see familiar currency amounts rather than doing mental currency math.
WooCommerce Multi-Currency (free) or WPML’s multi-currency mode (if using WPML for translation) handle displaying different currencies based on visitor location. Stripe settles in your home currency by default, or you can enable multi-currency payouts to receive in the customer’s currency if you have bank accounts in those currencies.
Mollie is particularly strong for European multi-currency scenarios because it natively handles EUR, GBP, DKK, NOK, SEK, and PLN, and routes each transaction through the appropriate local payment network for better approval rates.
Invoicing Automation
Sending professional invoices for every transaction is not just good practice – in many jurisdictions it is legally required for B2B transactions and all EU VAT-registered sales.
Stripe Invoicing (0.4% fee per paid invoice, or included with Stripe Billing) generates and emails invoices automatically. For WooCommerce, WooCommerce PDF Invoices and Packing Slips (free) generates invoices for every order and attaches them to order confirmation emails. For more advanced invoicing needs including payment terms, installment plans, and custom invoice templates, tools like Quaderno or Invoice Ninja integrate with WooCommerce to generate compliant invoices.
Payment Analytics and Reporting
Understanding your payment data tells you where revenue is coming from, where it is being lost, and where optimization opportunities exist.
Track these metrics in your payment analytics:
- Authorization rate: Percentage of payment attempts that succeed. Below 95% indicates card issues, fraud blocking too aggressive, or gateway problems.
- Chargeback rate: Should stay below 0.5% to avoid processor scrutiny.
- Average order value by payment method: Some payment methods (PayPal Credit, BNPL) have higher AOV than credit cards.
- Failed payment recovery rate: What percentage of failed subscription payments recover after retry? Should be 60%+ with good dunning logic.
- Refund rate by product: High refund rates on specific products signal quality or description issues.
Stripe’s dashboard provides most of this data natively. For WooCommerce-specific reporting, WooCommerce’s built-in reports and third-party analytics plugins like Metorik provide more granular revenue analytics tied to your products and customers.
Checkout Optimization for Conversions
A well-configured payment gateway with a poorly optimized checkout loses conversions. Checkout abandonment rates average 70% – most people who start checkout do not complete it. Here are the highest-impact improvements:
Reduce Form Fields
Every form field is friction. WooCommerce’s default checkout collects first name, last name, company, address line 1, address line 2, city, state, postcode, country, email, and phone. For digital goods, you need email only. For physical goods, you need shipping address fields. Remove everything that is not necessary.
Express Checkout Buttons
Apple Pay, Google Pay, and PayPal Express let customers complete checkout without typing any information – their payment details and shipping address are pre-filled from their device or PayPal account. Enabling these buttons on product pages (not just checkout) can reduce the path to purchase to 2 taps for mobile users. The Stripe plugin’s Payment Request Button enables this with minimal configuration.
Guest Checkout
Forcing account creation before purchase is a significant conversion blocker. Enable guest checkout in WooCommerce and offer account creation as an optional convenience after purchase. The data consistently shows that forced registration reduces checkout completion rates by 20-35%.
Trust Signals at Checkout
Display security badges (SSL certificate badge, payment network logos), money-back guarantee messaging, and contact information near the payment form. Anxiety about security is a real conversion killer at the final step. Removing that anxiety with visible trust signals increases completions.
Marketplace Payments with WCFM
If you are running a multi-vendor marketplace, payment handling is more complex: each vendor needs to receive their portion of sales, commissions need to be calculated and retained, and payouts need to happen on a schedule. WCFM Marketplace (with WC Vendors or Dokan as the vendor management layer) combined with Stripe Connect handles marketplace payment splitting natively.
Stripe Connect allows your platform to collect payments and automatically route the vendor’s portion to their connected Stripe account. This is legally cleaner than collecting everything and manually wiring vendor payments, and it handles tax reporting requirements (1099-K generation in the US) automatically for vendors who meet the threshold.
Reign Theme’s marketplace starter sites come pre-configured with WCFM and supported payment gateways, giving you a tested foundation rather than assembling the stack from scratch. The pre-built payment routing and vendor dashboard significantly reduce the setup time for a marketplace launch.
Payment Security Best Practices
- Never log payment data. Ensure your server logs, debug logs, and any logging plugins never capture card numbers, CVVs, or full payment details.
- Use HTTPS everywhere. SSL is required for payment pages. Extend to your entire site to prevent mixed-content warnings.
- Keep plugins updated. A vulnerable WooCommerce or payment plugin can expose customer data even if the actual payment processing is secure.
- Monitor for card testing. Fraudsters test stolen card numbers with small transactions. Watch for unusual patterns of small failed transactions and block suspicious IPs via Cloudflare or Stripe Radar rules.
- Set webhook security. Stripe webhooks should use signed payloads – verify the webhook signature in your code before processing any payment events.
Next Steps
Start with Stripe as your primary gateway and add PayPal as a secondary option – this combination covers the vast majority of online shoppers. Enable Apple Pay and Google Pay via Stripe’s Payment Request Button for mobile checkout. Configure Stripe Radar rules appropriate to your business risk profile. Then tackle tax compliance based on where your customers actually are.
Payment infrastructure is one area where investing properly upfront saves significant pain later. A frozen Stripe account, a chargeback spiral, or a tax compliance notice from a state you did not know you had nexus in – these are problems that are far more expensive to fix than to prevent.
Accepting payments online sounds simple until you encounter your first chargeback, tax compliance notice, or sudden account suspension from a payment processor. Choosing the wrong gateway can mean weeks of frozen funds, excessive fees that erode your margins, or a checkout experience that kills conversions. Getting payments right matters more than almost anything else on your site – every transaction that fails or gets abandoned is money you earned but did not collect.
This guide covers the major payment gateways with honest fee breakdowns, WooCommerce and EDD payment setup, fraud prevention, tax compliance, PCI DSS simplified, and everything you need to build a payment infrastructure that is secure, compliant, and optimized for conversions. We skip the vendor marketing and focus on what actually matters for WordPress site owners.
Payment Gateway Comparison: The Numbers That Matter
Payment gateways differ on four dimensions that matter: transaction fees, supported currencies, payout speed, and the ease of handling disputes. Here is a detailed comparison of the major options.
| Gateway | Standard Rate (US) | Monthly Fee | Currencies | Payout Speed | Chargeback Fee |
|---|---|---|---|---|---|
| Stripe | 2.9% + $0.30 | None | 135+ | 2 business days | $15 (waived if you win) |
| PayPal | 3.49% + $0.49 (standard) | None | 25 currencies | 1-3 business days | $20 |
| Square | 2.9% + $0.30 (online) | None | USD, CAD, AUD, GBP, JPY | 1-2 business days | $0 (no chargeback fee) |
| Razorpay | 2% (India, INR) | None | INR + limited international | T+1 (India) | $0 |
| Mollie | 0.25 EUR + payment method fee | None | 30+ | 2-3 business days | Varies |
Stripe: The Developer and Business Standard
Stripe is the default choice for most online businesses for good reason. The API is the most developer-friendly in the industry, the dashboard is excellent, and Stripe handles the infrastructure of payments (card network relationships, fraud monitoring, compliance) so you do not have to.
Stripe’s 2.9% + $0.30 rate applies to standard cards. International cards add a 1.5% fee. Currency conversion costs an additional 1%. If you are selling internationally at volume, these add-ons can push your effective rate significantly higher – factor them into your pricing models.
Stripe Radar (included at no extra cost) provides machine-learning-based fraud detection that blocks fraudulent cards before they complete. Radar for Fraud Teams ($0.02/transaction) adds customizable rules – block transactions above a certain amount, block specific countries, require 3D Secure for high-risk orders.
PayPal: Trust Signal for Customers, Headaches for Merchants
PayPal’s primary advantage is customer trust – many buyers feel safer paying via PayPal because they know the dispute process. This trust translates to conversion uplift, particularly with older demographics and in markets where credit card trust is lower.
The drawbacks are real. PayPal’s merchant dispute process heavily favors buyers, resulting in higher chargeback rates for many merchants. Account suspensions (often triggered by automated fraud detection) can freeze your funds for weeks with limited recourse. PayPal’s fees for goods and services are higher than Stripe’s after accounting for their 3.49% + $0.49 standard rate.
The most effective approach: offer both Stripe and PayPal as payment options. Let customers choose their preferred method. A significant segment will specifically choose PayPal even if another option is available, and offering it captures that segment without making it your primary processor.
Razorpay: If You Are Selling in India
For Indian businesses accepting INR payments, Razorpay is by far the best choice. The 2% fee is significantly lower than Stripe’s rate for Indian transactions, the local payment method support (UPI, Netbanking, EMI, wallets) is comprehensive, and T+1 payouts mean cash flow is fast. The dashboard is polished and the WooCommerce plugin is well-maintained.
Mollie: Best for European Businesses
Mollie is the payment gateway of choice for many European businesses because of its comprehensive coverage of European payment methods: iDEAL (Netherlands), Bancontact (Belgium), SOFORT, Giropay, and SEPA Direct Debit alongside standard cards. Mollie’s “pay per transaction” model with no monthly fee is transparent and predictable. For businesses primarily serving European customers, Mollie’s local payment method support can meaningfully increase conversion rates versus Stripe-only.
WooCommerce Payment Setup
WooCommerce’s payment architecture is plugin-based: the core plugin provides the checkout framework, and payment gateways are added via extensions. This means the quality and maintenance of the payment experience depends on which extension you choose.
WooCommerce Stripe Plugin
The official WooCommerce Stripe plugin (free) handles the core integration. It supports Stripe Checkout, Payment Intents, Link (Stripe’s autofill payment method), and Apple Pay / Google Pay out of the box. After installing, enter your Stripe API keys in WooCommerce > Settings > Payments > Stripe. Enable “Payment Request Buttons” to add Apple Pay and Google Pay to your product pages and checkout – this alone can increase mobile checkout completion by 10-15%.
Configure Stripe to use Payment Intents rather than the legacy Charges API – Payment Intents support 3D Secure and Strong Customer Authentication, which is required for EU customers. The official plugin handles this automatically in its modern configuration.
WooPayments (Stripe-Powered)
WooPayments is Automattic’s integrated payment solution for WooCommerce, built on Stripe infrastructure. The advantage is a more integrated experience: disputes, payouts, and analytics live inside your WooCommerce dashboard rather than requiring a separate Stripe dashboard tab. The rates are identical to Stripe’s standard rates.
The main consideration with WooPayments is lock-in: your merchant account is managed through Automattic rather than directly with Stripe. For most merchants this is fine, but if you ever need to switch platforms or access advanced Stripe features, the direct Stripe integration gives you more flexibility.
PayPal for WooCommerce
The official PayPal Payments plugin supports PayPal Checkout, PayLater (buy now pay later), and PayPal Credit. Install it alongside Stripe to offer both options at checkout. In testing, offering PayPal as an additional option (not replacement) typically increases total checkout completions by 5-10% by capturing PayPal-preferred customers.
Easy Digital Downloads (EDD) Payment Setup
Easy Digital Downloads handles digital product sales – software, ebooks, templates, plugins – with a payment architecture similar to WooCommerce but optimized for the digital goods context (no shipping, instant delivery, license key generation).
EDD’s official Stripe extension ($99/year) supports Payment Intents, Apple Pay, Google Pay, and Stripe’s hosted payment flow. The PayPal Commerce extension ($99/year) adds PayPal Checkout with PayLater. For digital products where instant delivery and license key generation are important, EDD’s payment processing integrates directly with the download fulfillment process – payment confirmation triggers the download link email immediately.
EDD’s pass-based pricing model (All Access Pass at $599/year) includes all payment gateways and extensions, which is cost-effective for stores that need multiple gateways and the full EDD feature set.
Stripe Integration Deep Dive
Stripe has three main ways to integrate payments, each with different trade-offs between customization and implementation effort.
Stripe Checkout (Hosted)
Stripe Checkout is a hosted payment page on Stripe’s domain. When a customer clicks Pay, they are redirected to checkout.stripe.com, complete payment, and return to your site. This is the simplest implementation with the least PCI scope (you never touch card data) and automatically includes Stripe’s optimized UX including smart local payment method detection, address autocomplete, and Link support.
The limitation is less customization – the Checkout page uses Stripe’s design with limited branding options. For most sites this is acceptable; the conversion optimization Stripe has baked into Checkout outweighs the branding constraints.
Stripe Elements
Stripe Elements embeds the payment form directly in your page using JavaScript components. The card number, expiry, and CVC fields are iframes served from Stripe’s domain (keeping you out of PCI scope) but visually integrate into your checkout design. You have full control over the surrounding checkout UI while Stripe handles the sensitive fields.
The WooCommerce Stripe plugin uses Elements for its embedded payment form. This gives you the best balance of customization (your checkout design) and security (Stripe handles card data).
Payment Intents
Payment Intents is the Stripe API that handles the full payment lifecycle including authentication (3D Secure), confirmation, and capture. Every new Stripe integration should use Payment Intents – it is required for SCA compliance in Europe and handles all the edge cases (authentication required, card declined, insufficient funds) in a structured way that the older Charges API does not.
Fraud Prevention
Payment fraud is an ongoing reality for any site accepting online payments. The costs are direct (chargebacks you lose) and indirect (Stripe or PayPal account health impact, time spent fighting disputes). Here is how to build effective defenses.
Stripe Radar
Stripe Radar uses machine learning trained on billions of Stripe transactions to score each payment attempt. Cards with high fraud probability are automatically blocked. Radar is included free with all Stripe accounts and requires zero configuration – it works out of the box.
Radar for Fraud Teams ($0.02/transaction) adds customizable rules. Useful rules for WooCommerce stores: require 3D Secure for orders over $500, block orders from countries you do not ship to, block prepaid card purchases for digital goods (high fraud risk), flag orders where the billing country does not match the card’s issuing country.
WooCommerce Anti-Fraud
WooCommerce Anti-Fraud (free plugin) scores orders based on configurable risk factors: order amount, customer account age, email domain, IP geolocation mismatch with billing address, and more. High-scoring orders are automatically placed on hold for manual review rather than processed immediately. This is a useful layer on top of Stripe Radar for catching fraud patterns specific to your store.
Manual Review Workflows
For high-value orders, manual review before fulfillment is worth the extra time. Flag any order that:
- Is significantly above your average order value (2x or more)
- Has a different billing and shipping address
- Is being shipped to a freight forwarder address
- Was placed by a brand-new account with no purchase history
- Used a different email for account registration and payment
A quick call or email to verify the order before shipping adds 5 minutes of work and can save you from a $500 chargeback. Set up a review queue in WooCommerce for orders meeting these criteria – they go to “On Hold” status and require manual approval before processing.
Tax Compliance Tools
Sales tax compliance is one of the most underestimated headaches in e-commerce. In the US alone, there are over 12,000 tax jurisdictions, each with its own rates and product taxability rules. The 2018 South Dakota v. Wayfair Supreme Court decision means online sellers now have economic nexus obligations in states where they do not have physical presence – once you cross a revenue or transaction threshold, you owe that state’s sales tax.
| Tool | Starting Price | Jurisdictions | WooCommerce Plugin | Best For |
|---|---|---|---|---|
| TaxJar | $19/month | US + international | Yes (official) | US sellers, AutoFile feature |
| Avalara | Custom (starts ~$50/mo) | Global | Yes | Enterprise, international |
| Quaderno | $49/month | Global (EU VAT focus) | Yes | Digital products, EU/global VAT |
TaxJar
TaxJar’s SmartCalcs API automatically calculates the correct sales tax rate for every transaction based on the product type, origin address, and destination address. The WooCommerce integration updates rates in real time during checkout. The AutoFile feature automatically files your sales tax returns in the states where you have nexus – this alone saves hours of monthly accounting work.
At $19/month for up to 200 transactions, TaxJar is accessible for smaller stores. Pricing scales with transaction volume. For US-focused sellers, TaxJar’s AutoFile feature is the most compelling reason to pay for automation rather than handling tax filing manually.
Quaderno
Quaderno shines for digital product sellers dealing with EU VAT, which is notoriously complex. EU VAT for digital products is charged at the buyer’s country rate, meaning you need to collect VAT at the correct rate for all 27 EU member states. Quaderno calculates the right rate, stores the required VAT evidence, generates compliant invoices, and produces the periodic reports needed for EU VAT filing (either directly or via the OSS scheme).
PCI DSS Compliance Simplified
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for any system that processes, stores, or transmits cardholder data. Violating PCI DSS can result in fines, increased processing fees, or losing your ability to accept cards. The good news: if you are using a hosted gateway like Stripe Checkout or embedded Elements, your PCI scope is dramatically reduced.
PCI Scope for Common WordPress Setups
| Integration Type | PCI Scope | What You Need to Do |
|---|---|---|
| Stripe Checkout (hosted redirect) | SAQ A (simplest) | Annual self-assessment questionnaire, basic server security |
| Stripe Elements (embedded iframes) | SAQ A | Annual self-assessment questionnaire, basic server security |
| Custom card form (no iframe) | SAQ D (most complex) | Full security audit, penetration testing, quarterly scans |
The critical insight: by using hosted payment fields (Stripe Elements, PayPal’s hosted fields), you never touch raw card numbers on your server. This keeps you in the SAQ A category, which requires only an annual self-assessment questionnaire and basic server security. Avoid ever building a custom card form that sends raw card data to your server – this triggers the full SAQ D audit requirements, which are expensive and complex.
Subscription and Recurring Billing
Subscriptions add significant complexity to payment processing: billing cycle management, dunning (retrying failed payments), proration for plan upgrades/downgrades, and customer self-service portals for updating payment methods.
WooCommerce Subscriptions
WooCommerce Subscriptions ($279/year) is the standard solution for WordPress-based subscription businesses. It integrates with most payment gateways that support tokenization and handles the full subscription lifecycle: recurring charges, free trials, sign-up fees, proration, and a customer portal for managing subscriptions.
Dunning management – automatically retrying failed payments and notifying customers before cancellation – is handled through WooCommerce Subscriptions’ retry logic combined with Stripe’s card updater (which automatically updates stored card details when a card is reissued). This combination significantly reduces involuntary churn from failed payments.
Stripe Billing
Stripe Billing is Stripe’s native subscription management product. You define products and prices in Stripe, manage customers and subscriptions via the Stripe API, and use the Stripe Customer Portal for self-service subscription management. For SaaS products and businesses where subscriptions are the core model, Stripe Billing’s native tools are more robust than WooCommerce Subscriptions + a gateway plugin.
Stripe Billing charges 0.5% of recurring subscription revenue in addition to standard transaction fees. At scale, this adds up – factor it into your unit economics.
EDD Recurring
EDD Recurring Payments ($99/year) adds subscription capabilities to Easy Digital Downloads. It supports Stripe, PayPal Standard, and PayPal Express as recurring payment gateways, with automatic renewal charging, free trials, and email notifications at renewal. For software licenses and digital download subscriptions, EDD Recurring pairs naturally with EDD Software Licensing for automatic license renewal.
Chargeback and Refund Handling
Chargebacks – when a customer disputes a charge with their bank rather than contacting you directly – are one of the most costly aspects of accepting online payments. Each chargeback costs the chargeback fee ($15-$20), the refunded transaction amount, and significant time to dispute. A high chargeback rate (above 1%) can trigger additional processor scrutiny or account termination.
Preventing Chargebacks
- Use a recognizable business name as the statement descriptor (the name that appears on the customer’s bank statement). “WBCOM DESIGNS” is better than “WBCOM12345” which customers do not recognize and dispute.
- Send detailed order confirmation emails with the exact amount charged and your contact information. Many chargebacks happen because customers do not recognize the charge and cannot figure out who to contact.
- Respond immediately to refund requests. Proactively refunding is always cheaper than losing a chargeback.
- Document everything: IP addresses, email confirmations, delivery confirmation, and any customer communications. This evidence wins chargeback disputes.
Disputing Chargebacks
When a chargeback occurs, Stripe gives you evidence to submit in the Stripe dashboard. For physical goods, submit: order confirmation with customer’s email and IP, shipping tracking number showing delivery to the billing address, and any customer communications acknowledging receipt. For digital goods, submit: download logs, account activity showing the customer accessed the product, and email delivery confirmation.
3D Secure and Strong Customer Authentication
3D Secure (3DS) is an authentication layer that requires cardholders to verify their identity during checkout – typically by approving a notification in their banking app. Strong Customer Authentication (SCA) is the EU regulatory requirement mandating 3DS for most card transactions from EU cardholders.
When 3DS authentication succeeds, liability for fraud chargebacks shifts from you to the card issuer. This is a significant protection – if a fraudulent transaction passes 3DS authentication, you are not liable for the chargeback.
Stripe handles 3DS automatically for EU transactions via Payment Intents. You do not need to configure anything special – the payment flow automatically adds the authentication step when required. Expect some conversion drop from 3DS (5-10% of customers do not complete authentication), but the fraud reduction typically makes it net positive.
Multi-Currency Support
If you sell internationally, showing prices in local currencies significantly improves conversion rates. Customers are more likely to complete purchases when they see familiar currency amounts rather than doing mental currency math.
WooCommerce Multi-Currency (free) or WPML’s multi-currency mode (if using WPML for translation) handle displaying different currencies based on visitor location. Stripe settles in your home currency by default, or you can enable multi-currency payouts to receive in the customer’s currency if you have bank accounts in those currencies.
Mollie is particularly strong for European multi-currency scenarios because it natively handles EUR, GBP, DKK, NOK, SEK, and PLN, and routes each transaction through the appropriate local payment network for better approval rates.
Invoicing Automation
Sending professional invoices for every transaction is not just good practice – in many jurisdictions it is legally required for B2B transactions and all EU VAT-registered sales.
Stripe Invoicing (0.4% fee per paid invoice, or included with Stripe Billing) generates and emails invoices automatically. For WooCommerce, WooCommerce PDF Invoices and Packing Slips (free) generates invoices for every order and attaches them to order confirmation emails. For more advanced invoicing needs including payment terms, installment plans, and custom invoice templates, tools like Quaderno or Invoice Ninja integrate with WooCommerce to generate compliant invoices.
Payment Analytics and Reporting
Understanding your payment data tells you where revenue is coming from, where it is being lost, and where optimization opportunities exist.
Track these metrics in your payment analytics:
- Authorization rate: Percentage of payment attempts that succeed. Below 95% indicates card issues, fraud blocking too aggressive, or gateway problems.
- Chargeback rate: Should stay below 0.5% to avoid processor scrutiny.
- Average order value by payment method: Some payment methods (PayPal Credit, BNPL) have higher AOV than credit cards.
- Failed payment recovery rate: What percentage of failed subscription payments recover after retry? Should be 60%+ with good dunning logic.
- Refund rate by product: High refund rates on specific products signal quality or description issues.
Stripe’s dashboard provides most of this data natively. For WooCommerce-specific reporting, WooCommerce’s built-in reports and third-party analytics plugins like Metorik provide more granular revenue analytics tied to your products and customers.
Checkout Optimization for Conversions
A well-configured payment gateway with a poorly optimized checkout loses conversions. Checkout abandonment rates average 70% – most people who start checkout do not complete it. Here are the highest-impact improvements:
Reduce Form Fields
Every form field is friction. WooCommerce’s default checkout collects first name, last name, company, address line 1, address line 2, city, state, postcode, country, email, and phone. For digital goods, you need email only. For physical goods, you need shipping address fields. Remove everything that is not necessary.
Express Checkout Buttons
Apple Pay, Google Pay, and PayPal Express let customers complete checkout without typing any information – their payment details and shipping address are pre-filled from their device or PayPal account. Enabling these buttons on product pages (not just checkout) can reduce the path to purchase to 2 taps for mobile users. The Stripe plugin’s Payment Request Button enables this with minimal configuration.
Guest Checkout
Forcing account creation before purchase is a significant conversion blocker. Enable guest checkout in WooCommerce and offer account creation as an optional convenience after purchase. The data consistently shows that forced registration reduces checkout completion rates by 20-35%.
Trust Signals at Checkout
Display security badges (SSL certificate badge, payment network logos), money-back guarantee messaging, and contact information near the payment form. Anxiety about security is a real conversion killer at the final step. Removing that anxiety with visible trust signals increases completions.
Marketplace Payments with WCFM
If you are running a multi-vendor marketplace, payment handling is more complex: each vendor needs to receive their portion of sales, commissions need to be calculated and retained, and payouts need to happen on a schedule. WCFM Marketplace (with WC Vendors or Dokan as the vendor management layer) combined with Stripe Connect handles marketplace payment splitting natively.
Stripe Connect allows your platform to collect payments and automatically route the vendor’s portion to their connected Stripe account. This is legally cleaner than collecting everything and manually wiring vendor payments, and it handles tax reporting requirements (1099-K generation in the US) automatically for vendors who meet the threshold.
Reign Theme’s marketplace starter sites come pre-configured with WCFM and supported payment gateways, giving you a tested foundation rather than assembling the stack from scratch. The pre-built payment routing and vendor dashboard significantly reduce the setup time for a marketplace launch.
Payment Security Best Practices
- Never log payment data. Ensure your server logs, debug logs, and any logging plugins never capture card numbers, CVVs, or full payment details.
- Use HTTPS everywhere. SSL is required for payment pages. Extend to your entire site to prevent mixed-content warnings.
- Keep plugins updated. A vulnerable WooCommerce or payment plugin can expose customer data even if the actual payment processing is secure.
- Monitor for card testing. Fraudsters test stolen card numbers with small transactions. Watch for unusual patterns of small failed transactions and block suspicious IPs via Cloudflare or Stripe Radar rules.
- Set webhook security. Stripe webhooks should use signed payloads – verify the webhook signature in your code before processing any payment events.
Next Steps
Start with Stripe as your primary gateway and add PayPal as a secondary option – this combination covers the vast majority of online shoppers. Enable Apple Pay and Google Pay via Stripe’s Payment Request Button for mobile checkout. Configure Stripe Radar rules appropriate to your business risk profile. Then tackle tax compliance based on where your customers actually are.
Payment infrastructure is one area where investing properly upfront saves significant pain later. A frozen Stripe account, a chargeback spiral, or a tax compliance notice from a state you did not know you had nexus in – these are problems that are far more expensive to fix than to prevent.
Fraud Prevention
Payment fraud is an ongoing reality for any site accepting online payments. The costs are direct (chargebacks you lose) and indirect (Stripe or PayPal account health impact, time spent fighting disputes). Here is how to build effective defenses.
Stripe Radar
Stripe Radar uses machine learning trained on billions of Stripe transactions to score each payment attempt. Cards with high fraud probability are automatically blocked. Radar is included free with all Stripe accounts and requires zero configuration – it works out of the box.
Radar for Fraud Teams ($0.02/transaction) adds customizable rules. Useful rules for WooCommerce stores: require 3D Secure for orders over $500, block orders from countries you do not ship to, block prepaid card purchases for digital goods (high fraud risk), flag orders where the billing country does not match the card’s issuing country.
WooCommerce Anti-Fraud
WooCommerce Anti-Fraud (free plugin) scores orders based on configurable risk factors: order amount, customer account age, email domain, IP geolocation mismatch with billing address, and more. High-scoring orders are automatically placed on hold for manual review rather than processed immediately. This is a useful layer on top of Stripe Radar for catching fraud patterns specific to your store.
Manual Review Workflows
For high-value orders, manual review before fulfillment is worth the extra time. Flag any order that:
- Is significantly above your average order value (2x or more)
- Has a different billing and shipping address
- Is being shipped to a freight forwarder address
- Was placed by a brand-new account with no purchase history
- Used a different email for account registration and payment
A quick call or email to verify the order before shipping adds 5 minutes of work and can save you from a $500 chargeback. Set up a review queue in WooCommerce for orders meeting these criteria – they go to “On Hold” status and require manual approval before processing.
Tax Compliance Tools
Sales tax compliance is one of the most underestimated headaches in e-commerce. In the US alone, there are over 12,000 tax jurisdictions, each with its own rates and product taxability rules. The 2018 South Dakota v. Wayfair Supreme Court decision means online sellers now have economic nexus obligations in states where they do not have physical presence – once you cross a revenue or transaction threshold, you owe that state’s sales tax.
| Tool | Starting Price | Jurisdictions | WooCommerce Plugin | Best For |
|---|---|---|---|---|
| TaxJar | $19/month | US + international | Yes (official) | US sellers, AutoFile feature |
| Avalara | Custom (starts ~$50/mo) | Global | Yes | Enterprise, international |
| Quaderno | $49/month | Global (EU VAT focus) | Yes | Digital products, EU/global VAT |
TaxJar
TaxJar’s SmartCalcs API automatically calculates the correct sales tax rate for every transaction based on the product type, origin address, and destination address. The WooCommerce integration updates rates in real time during checkout. The AutoFile feature automatically files your sales tax returns in the states where you have nexus – this alone saves hours of monthly accounting work.
At $19/month for up to 200 transactions, TaxJar is accessible for smaller stores. Pricing scales with transaction volume. For US-focused sellers, TaxJar’s AutoFile feature is the most compelling reason to pay for automation rather than handling tax filing manually.
Quaderno
Quaderno shines for digital product sellers dealing with EU VAT, which is notoriously complex. EU VAT for digital products is charged at the buyer’s country rate, meaning you need to collect VAT at the correct rate for all 27 EU member states. Quaderno calculates the right rate, stores the required VAT evidence, generates compliant invoices, and produces the periodic reports needed for EU VAT filing (either directly or via the OSS scheme).
PCI DSS Compliance Simplified
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for any system that processes, stores, or transmits cardholder data. Violating PCI DSS can result in fines, increased processing fees, or losing your ability to accept cards. The good news: if you are using a hosted gateway like Stripe Checkout or embedded Elements, your PCI scope is dramatically reduced.
PCI Scope for Common WordPress Setups
| Integration Type | PCI Scope | What You Need to Do |
|---|---|---|
| Stripe Checkout (hosted redirect) | SAQ A (simplest) | Annual self-assessment questionnaire, basic server security |
| Stripe Elements (embedded iframes) | SAQ A | Annual self-assessment questionnaire, basic server security |
| Custom card form (no iframe) | SAQ D (most complex) | Full security audit, penetration testing, quarterly scans |
The critical insight: by using hosted payment fields (Stripe Elements, PayPal’s hosted fields), you never touch raw card numbers on your server. This keeps you in the SAQ A category, which requires only an annual self-assessment questionnaire and basic server security. Avoid ever building a custom card form that sends raw card data to your server – this triggers the full SAQ D audit requirements, which are expensive and complex.
Subscription and Recurring Billing
Subscriptions add significant complexity to payment processing: billing cycle management, dunning (retrying failed payments), proration for plan upgrades/downgrades, and customer self-service portals for updating payment methods.
WooCommerce Subscriptions
WooCommerce Subscriptions ($279/year) is the standard solution for WordPress-based subscription businesses. It integrates with most payment gateways that support tokenization and handles the full subscription lifecycle: recurring charges, free trials, sign-up fees, proration, and a customer portal for managing subscriptions.
Dunning management – automatically retrying failed payments and notifying customers before cancellation – is handled through WooCommerce Subscriptions’ retry logic combined with Stripe’s card updater (which automatically updates stored card details when a card is reissued). This combination significantly reduces involuntary churn from failed payments.
Stripe Billing
Stripe Billing is Stripe’s native subscription management product. You define products and prices in Stripe, manage customers and subscriptions via the Stripe API, and use the Stripe Customer Portal for self-service subscription management. For SaaS products and businesses where subscriptions are the core model, Stripe Billing’s native tools are more robust than WooCommerce Subscriptions + a gateway plugin.
Stripe Billing charges 0.5% of recurring subscription revenue in addition to standard transaction fees. At scale, this adds up – factor it into your unit economics.
EDD Recurring
EDD Recurring Payments ($99/year) adds subscription capabilities to Easy Digital Downloads. It supports Stripe, PayPal Standard, and PayPal Express as recurring payment gateways, with automatic renewal charging, free trials, and email notifications at renewal. For software licenses and digital download subscriptions, EDD Recurring pairs naturally with EDD Software Licensing for automatic license renewal.
Chargeback and Refund Handling
Chargebacks – when a customer disputes a charge with their bank rather than contacting you directly – are one of the most costly aspects of accepting online payments. Each chargeback costs the chargeback fee ($15-$20), the refunded transaction amount, and significant time to dispute. A high chargeback rate (above 1%) can trigger additional processor scrutiny or account termination.
Preventing Chargebacks
- Use a recognizable business name as the statement descriptor (the name that appears on the customer’s bank statement). “WBCOM DESIGNS” is better than “WBCOM12345” which customers do not recognize and dispute.
- Send detailed order confirmation emails with the exact amount charged and your contact information. Many chargebacks happen because customers do not recognize the charge and cannot figure out who to contact.
- Respond immediately to refund requests. Proactively refunding is always cheaper than losing a chargeback.
- Document everything: IP addresses, email confirmations, delivery confirmation, and any customer communications. This evidence wins chargeback disputes.
Disputing Chargebacks
When a chargeback occurs, Stripe gives you evidence to submit in the Stripe dashboard. For physical goods, submit: order confirmation with customer’s email and IP, shipping tracking number showing delivery to the billing address, and any customer communications acknowledging receipt. For digital goods, submit: download logs, account activity showing the customer accessed the product, and email delivery confirmation.
3D Secure and Strong Customer Authentication
3D Secure (3DS) is an authentication layer that requires cardholders to verify their identity during checkout – typically by approving a notification in their banking app. Strong Customer Authentication (SCA) is the EU regulatory requirement mandating 3DS for most card transactions from EU cardholders.
When 3DS authentication succeeds, liability for fraud chargebacks shifts from you to the card issuer. This is a significant protection – if a fraudulent transaction passes 3DS authentication, you are not liable for the chargeback.
Stripe handles 3DS automatically for EU transactions via Payment Intents. You do not need to configure anything special – the payment flow automatically adds the authentication step when required. Expect some conversion drop from 3DS (5-10% of customers do not complete authentication), but the fraud reduction typically makes it net positive.
Multi-Currency Support
If you sell internationally, showing prices in local currencies significantly improves conversion rates. Customers are more likely to complete purchases when they see familiar currency amounts rather than doing mental currency math.
WooCommerce Multi-Currency (free) or WPML’s multi-currency mode (if using WPML for translation) handle displaying different currencies based on visitor location. Stripe settles in your home currency by default, or you can enable multi-currency payouts to receive in the customer’s currency if you have bank accounts in those currencies.
Mollie is particularly strong for European multi-currency scenarios because it natively handles EUR, GBP, DKK, NOK, SEK, and PLN, and routes each transaction through the appropriate local payment network for better approval rates.
Invoicing Automation
Sending professional invoices for every transaction is not just good practice – in many jurisdictions it is legally required for B2B transactions and all EU VAT-registered sales.
Stripe Invoicing (0.4% fee per paid invoice, or included with Stripe Billing) generates and emails invoices automatically. For WooCommerce, WooCommerce PDF Invoices and Packing Slips (free) generates invoices for every order and attaches them to order confirmation emails. For more advanced invoicing needs including payment terms, installment plans, and custom invoice templates, tools like Quaderno or Invoice Ninja integrate with WooCommerce to generate compliant invoices.
Payment Analytics and Reporting
Understanding your payment data tells you where revenue is coming from, where it is being lost, and where optimization opportunities exist.
Track these metrics in your payment analytics:
- Authorization rate: Percentage of payment attempts that succeed. Below 95% indicates card issues, fraud blocking too aggressive, or gateway problems.
- Chargeback rate: Should stay below 0.5% to avoid processor scrutiny.
- Average order value by payment method: Some payment methods (PayPal Credit, BNPL) have higher AOV than credit cards.
- Failed payment recovery rate: What percentage of failed subscription payments recover after retry? Should be 60%+ with good dunning logic.
- Refund rate by product: High refund rates on specific products signal quality or description issues.
Stripe’s dashboard provides most of this data natively. For WooCommerce-specific reporting, WooCommerce’s built-in reports and third-party analytics plugins like Metorik provide more granular revenue analytics tied to your products and customers.
Checkout Optimization for Conversions
A well-configured payment gateway with a poorly optimized checkout loses conversions. Checkout abandonment rates average 70% – most people who start checkout do not complete it. Here are the highest-impact improvements:
Reduce Form Fields
Every form field is friction. WooCommerce’s default checkout collects first name, last name, company, address line 1, address line 2, city, state, postcode, country, email, and phone. For digital goods, you need email only. For physical goods, you need shipping address fields. Remove everything that is not necessary.
Express Checkout Buttons
Apple Pay, Google Pay, and PayPal Express let customers complete checkout without typing any information – their payment details and shipping address are pre-filled from their device or PayPal account. Enabling these buttons on product pages (not just checkout) can reduce the path to purchase to 2 taps for mobile users. The Stripe plugin’s Payment Request Button enables this with minimal configuration.
Guest Checkout
Forcing account creation before purchase is a significant conversion blocker. Enable guest checkout in WooCommerce and offer account creation as an optional convenience after purchase. The data consistently shows that forced registration reduces checkout completion rates by 20-35%.
Trust Signals at Checkout
Display security badges (SSL certificate badge, payment network logos), money-back guarantee messaging, and contact information near the payment form. Anxiety about security is a real conversion killer at the final step. Removing that anxiety with visible trust signals increases completions.
Marketplace Payments with WCFM
If you are running a multi-vendor marketplace, payment handling is more complex: each vendor needs to receive their portion of sales, commissions need to be calculated and retained, and payouts need to happen on a schedule. WCFM Marketplace (with WC Vendors or Dokan as the vendor management layer) combined with Stripe Connect handles marketplace payment splitting natively.
Stripe Connect allows your platform to collect payments and automatically route the vendor’s portion to their connected Stripe account. This is legally cleaner than collecting everything and manually wiring vendor payments, and it handles tax reporting requirements (1099-K generation in the US) automatically for vendors who meet the threshold.
Reign Theme’s marketplace starter sites come pre-configured with WCFM and supported payment gateways, giving you a tested foundation rather than assembling the stack from scratch. The pre-built payment routing and vendor dashboard significantly reduce the setup time for a marketplace launch.
Payment Security Best Practices
- Never log payment data. Ensure your server logs, debug logs, and any logging plugins never capture card numbers, CVVs, or full payment details.
- Use HTTPS everywhere. SSL is required for payment pages. Extend to your entire site to prevent mixed-content warnings.
- Keep plugins updated. A vulnerable WooCommerce or payment plugin can expose customer data even if the actual payment processing is secure.
- Monitor for card testing. Fraudsters test stolen card numbers with small transactions. Watch for unusual patterns of small failed transactions and block suspicious IPs via Cloudflare or Stripe Radar rules.
- Set webhook security. Stripe webhooks should use signed payloads – verify the webhook signature in your code before processing any payment events.
Next Steps
Start with Stripe as your primary gateway and add PayPal as a secondary option – this combination covers the vast majority of online shoppers. Enable Apple Pay and Google Pay via Stripe’s Payment Request Button for mobile checkout. Configure Stripe Radar rules appropriate to your business risk profile. Then tackle tax compliance based on where your customers actually are.
Payment infrastructure is one area where investing properly upfront saves significant pain later. A frozen Stripe account, a chargeback spiral, or a tax compliance notice from a state you did not know you had nexus in – these are problems that are far more expensive to fix than to prevent.
Accepting payments online sounds simple until you encounter your first chargeback, tax compliance notice, or sudden account suspension from a payment processor. Choosing the wrong gateway can mean weeks of frozen funds, excessive fees that erode your margins, or a checkout experience that kills conversions. Getting payments right matters more than almost anything else on your site – every transaction that fails or gets abandoned is money you earned but did not collect.
This guide covers the major payment gateways with honest fee breakdowns, WooCommerce and EDD payment setup, fraud prevention, tax compliance, PCI DSS simplified, and everything you need to build a payment infrastructure that is secure, compliant, and optimized for conversions. We skip the vendor marketing and focus on what actually matters for WordPress site owners.
Payment Gateway Comparison: The Numbers That Matter
Payment gateways differ on four dimensions that matter: transaction fees, supported currencies, payout speed, and the ease of handling disputes. Here is a detailed comparison of the major options.
| Gateway | Standard Rate (US) | Monthly Fee | Currencies | Payout Speed | Chargeback Fee |
|---|---|---|---|---|---|
| Stripe | 2.9% + $0.30 | None | 135+ | 2 business days | $15 (waived if you win) |
| PayPal | 3.49% + $0.49 (standard) | None | 25 currencies | 1-3 business days | $20 |
| Square | 2.9% + $0.30 (online) | None | USD, CAD, AUD, GBP, JPY | 1-2 business days | $0 (no chargeback fee) |
| Razorpay | 2% (India, INR) | None | INR + limited international | T+1 (India) | $0 |
| Mollie | 0.25 EUR + payment method fee | None | 30+ | 2-3 business days | Varies |
Stripe: The Developer and Business Standard
Stripe is the default choice for most online businesses for good reason. The API is the most developer-friendly in the industry, the dashboard is excellent, and Stripe handles the infrastructure of payments (card network relationships, fraud monitoring, compliance) so you do not have to.
Stripe’s 2.9% + $0.30 rate applies to standard cards. International cards add a 1.5% fee. Currency conversion costs an additional 1%. If you are selling internationally at volume, these add-ons can push your effective rate significantly higher – factor them into your pricing models.
Stripe Radar (included at no extra cost) provides machine-learning-based fraud detection that blocks fraudulent cards before they complete. Radar for Fraud Teams ($0.02/transaction) adds customizable rules – block transactions above a certain amount, block specific countries, require 3D Secure for high-risk orders.
PayPal: Trust Signal for Customers, Headaches for Merchants
PayPal’s primary advantage is customer trust – many buyers feel safer paying via PayPal because they know the dispute process. This trust translates to conversion uplift, particularly with older demographics and in markets where credit card trust is lower.
The drawbacks are real. PayPal’s merchant dispute process heavily favors buyers, resulting in higher chargeback rates for many merchants. Account suspensions (often triggered by automated fraud detection) can freeze your funds for weeks with limited recourse. PayPal’s fees for goods and services are higher than Stripe’s after accounting for their 3.49% + $0.49 standard rate.
The most effective approach: offer both Stripe and PayPal as payment options. Let customers choose their preferred method. A significant segment will specifically choose PayPal even if another option is available, and offering it captures that segment without making it your primary processor.
Razorpay: If You Are Selling in India
For Indian businesses accepting INR payments, Razorpay is by far the best choice. The 2% fee is significantly lower than Stripe’s rate for Indian transactions, the local payment method support (UPI, Netbanking, EMI, wallets) is comprehensive, and T+1 payouts mean cash flow is fast. The dashboard is polished and the WooCommerce plugin is well-maintained.
Mollie: Best for European Businesses
Mollie is the payment gateway of choice for many European businesses because of its comprehensive coverage of European payment methods: iDEAL (Netherlands), Bancontact (Belgium), SOFORT, Giropay, and SEPA Direct Debit alongside standard cards. Mollie’s “pay per transaction” model with no monthly fee is transparent and predictable. For businesses primarily serving European customers, Mollie’s local payment method support can meaningfully increase conversion rates versus Stripe-only.
WooCommerce Payment Setup
WooCommerce’s payment architecture is plugin-based: the core plugin provides the checkout framework, and payment gateways are added via extensions. This means the quality and maintenance of the payment experience depends on which extension you choose.
WooCommerce Stripe Plugin
The official WooCommerce Stripe plugin (free) handles the core integration. It supports Stripe Checkout, Payment Intents, Link (Stripe’s autofill payment method), and Apple Pay / Google Pay out of the box. After installing, enter your Stripe API keys in WooCommerce > Settings > Payments > Stripe. Enable “Payment Request Buttons” to add Apple Pay and Google Pay to your product pages and checkout – this alone can increase mobile checkout completion by 10-15%.
Configure Stripe to use Payment Intents rather than the legacy Charges API – Payment Intents support 3D Secure and Strong Customer Authentication, which is required for EU customers. The official plugin handles this automatically in its modern configuration.
WooPayments (Stripe-Powered)
WooPayments is Automattic’s integrated payment solution for WooCommerce, built on Stripe infrastructure. The advantage is a more integrated experience: disputes, payouts, and analytics live inside your WooCommerce dashboard rather than requiring a separate Stripe dashboard tab. The rates are identical to Stripe’s standard rates.
The main consideration with WooPayments is lock-in: your merchant account is managed through Automattic rather than directly with Stripe. For most merchants this is fine, but if you ever need to switch platforms or access advanced Stripe features, the direct Stripe integration gives you more flexibility.
PayPal for WooCommerce
The official PayPal Payments plugin supports PayPal Checkout, PayLater (buy now pay later), and PayPal Credit. Install it alongside Stripe to offer both options at checkout. In testing, offering PayPal as an additional option (not replacement) typically increases total checkout completions by 5-10% by capturing PayPal-preferred customers.
Easy Digital Downloads (EDD) Payment Setup
Easy Digital Downloads handles digital product sales – software, ebooks, templates, plugins – with a payment architecture similar to WooCommerce but optimized for the digital goods context (no shipping, instant delivery, license key generation).
EDD’s official Stripe extension ($99/year) supports Payment Intents, Apple Pay, Google Pay, and Stripe’s hosted payment flow. The PayPal Commerce extension ($99/year) adds PayPal Checkout with PayLater. For digital products where instant delivery and license key generation are important, EDD’s payment processing integrates directly with the download fulfillment process – payment confirmation triggers the download link email immediately.
EDD’s pass-based pricing model (All Access Pass at $599/year) includes all payment gateways and extensions, which is cost-effective for stores that need multiple gateways and the full EDD feature set.
Stripe Integration Deep Dive
Stripe has three main ways to integrate payments, each with different trade-offs between customization and implementation effort.
Stripe Checkout (Hosted)
Stripe Checkout is a hosted payment page on Stripe’s domain. When a customer clicks Pay, they are redirected to checkout.stripe.com, complete payment, and return to your site. This is the simplest implementation with the least PCI scope (you never touch card data) and automatically includes Stripe’s optimized UX including smart local payment method detection, address autocomplete, and Link support.
The limitation is less customization – the Checkout page uses Stripe’s design with limited branding options. For most sites this is acceptable; the conversion optimization Stripe has baked into Checkout outweighs the branding constraints.
Stripe Elements
Stripe Elements embeds the payment form directly in your page using JavaScript components. The card number, expiry, and CVC fields are iframes served from Stripe’s domain (keeping you out of PCI scope) but visually integrate into your checkout design. You have full control over the surrounding checkout UI while Stripe handles the sensitive fields.
The WooCommerce Stripe plugin uses Elements for its embedded payment form. This gives you the best balance of customization (your checkout design) and security (Stripe handles card data).
Payment Intents
Payment Intents is the Stripe API that handles the full payment lifecycle including authentication (3D Secure), confirmation, and capture. Every new Stripe integration should use Payment Intents – it is required for SCA compliance in Europe and handles all the edge cases (authentication required, card declined, insufficient funds) in a structured way that the older Charges API does not.
Fraud Prevention
Payment fraud is an ongoing reality for any site accepting online payments. The costs are direct (chargebacks you lose) and indirect (Stripe or PayPal account health impact, time spent fighting disputes). Here is how to build effective defenses.
Stripe Radar
Stripe Radar uses machine learning trained on billions of Stripe transactions to score each payment attempt. Cards with high fraud probability are automatically blocked. Radar is included free with all Stripe accounts and requires zero configuration – it works out of the box.
Radar for Fraud Teams ($0.02/transaction) adds customizable rules. Useful rules for WooCommerce stores: require 3D Secure for orders over $500, block orders from countries you do not ship to, block prepaid card purchases for digital goods (high fraud risk), flag orders where the billing country does not match the card’s issuing country.
WooCommerce Anti-Fraud
WooCommerce Anti-Fraud (free plugin) scores orders based on configurable risk factors: order amount, customer account age, email domain, IP geolocation mismatch with billing address, and more. High-scoring orders are automatically placed on hold for manual review rather than processed immediately. This is a useful layer on top of Stripe Radar for catching fraud patterns specific to your store.
Manual Review Workflows
For high-value orders, manual review before fulfillment is worth the extra time. Flag any order that:
- Is significantly above your average order value (2x or more)
- Has a different billing and shipping address
- Is being shipped to a freight forwarder address
- Was placed by a brand-new account with no purchase history
- Used a different email for account registration and payment
A quick call or email to verify the order before shipping adds 5 minutes of work and can save you from a $500 chargeback. Set up a review queue in WooCommerce for orders meeting these criteria – they go to “On Hold” status and require manual approval before processing.
Tax Compliance Tools
Sales tax compliance is one of the most underestimated headaches in e-commerce. In the US alone, there are over 12,000 tax jurisdictions, each with its own rates and product taxability rules. The 2018 South Dakota v. Wayfair Supreme Court decision means online sellers now have economic nexus obligations in states where they do not have physical presence – once you cross a revenue or transaction threshold, you owe that state’s sales tax.
| Tool | Starting Price | Jurisdictions | WooCommerce Plugin | Best For |
|---|---|---|---|---|
| TaxJar | $19/month | US + international | Yes (official) | US sellers, AutoFile feature |
| Avalara | Custom (starts ~$50/mo) | Global | Yes | Enterprise, international |
| Quaderno | $49/month | Global (EU VAT focus) | Yes | Digital products, EU/global VAT |
TaxJar
TaxJar’s SmartCalcs API automatically calculates the correct sales tax rate for every transaction based on the product type, origin address, and destination address. The WooCommerce integration updates rates in real time during checkout. The AutoFile feature automatically files your sales tax returns in the states where you have nexus – this alone saves hours of monthly accounting work.
At $19/month for up to 200 transactions, TaxJar is accessible for smaller stores. Pricing scales with transaction volume. For US-focused sellers, TaxJar’s AutoFile feature is the most compelling reason to pay for automation rather than handling tax filing manually.
Quaderno
Quaderno shines for digital product sellers dealing with EU VAT, which is notoriously complex. EU VAT for digital products is charged at the buyer’s country rate, meaning you need to collect VAT at the correct rate for all 27 EU member states. Quaderno calculates the right rate, stores the required VAT evidence, generates compliant invoices, and produces the periodic reports needed for EU VAT filing (either directly or via the OSS scheme).
PCI DSS Compliance Simplified
PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for any system that processes, stores, or transmits cardholder data. Violating PCI DSS can result in fines, increased processing fees, or losing your ability to accept cards. The good news: if you are using a hosted gateway like Stripe Checkout or embedded Elements, your PCI scope is dramatically reduced.
PCI Scope for Common WordPress Setups
| Integration Type | PCI Scope | What You Need to Do |
|---|---|---|
| Stripe Checkout (hosted redirect) | SAQ A (simplest) | Annual self-assessment questionnaire, basic server security |
| Stripe Elements (embedded iframes) | SAQ A | Annual self-assessment questionnaire, basic server security |
| Custom card form (no iframe) | SAQ D (most complex) | Full security audit, penetration testing, quarterly scans |
The critical insight: by using hosted payment fields (Stripe Elements, PayPal’s hosted fields), you never touch raw card numbers on your server. This keeps you in the SAQ A category, which requires only an annual self-assessment questionnaire and basic server security. Avoid ever building a custom card form that sends raw card data to your server – this triggers the full SAQ D audit requirements, which are expensive and complex.
Subscription and Recurring Billing
Subscriptions add significant complexity to payment processing: billing cycle management, dunning (retrying failed payments), proration for plan upgrades/downgrades, and customer self-service portals for updating payment methods.
WooCommerce Subscriptions
WooCommerce Subscriptions ($279/year) is the standard solution for WordPress-based subscription businesses. It integrates with most payment gateways that support tokenization and handles the full subscription lifecycle: recurring charges, free trials, sign-up fees, proration, and a customer portal for managing subscriptions.
Dunning management – automatically retrying failed payments and notifying customers before cancellation – is handled through WooCommerce Subscriptions’ retry logic combined with Stripe’s card updater (which automatically updates stored card details when a card is reissued). This combination significantly reduces involuntary churn from failed payments.
Stripe Billing
Stripe Billing is Stripe’s native subscription management product. You define products and prices in Stripe, manage customers and subscriptions via the Stripe API, and use the Stripe Customer Portal for self-service subscription management. For SaaS products and businesses where subscriptions are the core model, Stripe Billing’s native tools are more robust than WooCommerce Subscriptions + a gateway plugin.
Stripe Billing charges 0.5% of recurring subscription revenue in addition to standard transaction fees. At scale, this adds up – factor it into your unit economics.
EDD Recurring
EDD Recurring Payments ($99/year) adds subscription capabilities to Easy Digital Downloads. It supports Stripe, PayPal Standard, and PayPal Express as recurring payment gateways, with automatic renewal charging, free trials, and email notifications at renewal. For software licenses and digital download subscriptions, EDD Recurring pairs naturally with EDD Software Licensing for automatic license renewal.
Chargeback and Refund Handling
Chargebacks – when a customer disputes a charge with their bank rather than contacting you directly – are one of the most costly aspects of accepting online payments. Each chargeback costs the chargeback fee ($15-$20), the refunded transaction amount, and significant time to dispute. A high chargeback rate (above 1%) can trigger additional processor scrutiny or account termination.
Preventing Chargebacks
- Use a recognizable business name as the statement descriptor (the name that appears on the customer’s bank statement). “WBCOM DESIGNS” is better than “WBCOM12345” which customers do not recognize and dispute.
- Send detailed order confirmation emails with the exact amount charged and your contact information. Many chargebacks happen because customers do not recognize the charge and cannot figure out who to contact.
- Respond immediately to refund requests. Proactively refunding is always cheaper than losing a chargeback.
- Document everything: IP addresses, email confirmations, delivery confirmation, and any customer communications. This evidence wins chargeback disputes.
Disputing Chargebacks
When a chargeback occurs, Stripe gives you evidence to submit in the Stripe dashboard. For physical goods, submit: order confirmation with customer’s email and IP, shipping tracking number showing delivery to the billing address, and any customer communications acknowledging receipt. For digital goods, submit: download logs, account activity showing the customer accessed the product, and email delivery confirmation.
3D Secure and Strong Customer Authentication
3D Secure (3DS) is an authentication layer that requires cardholders to verify their identity during checkout – typically by approving a notification in their banking app. Strong Customer Authentication (SCA) is the EU regulatory requirement mandating 3DS for most card transactions from EU cardholders.
When 3DS authentication succeeds, liability for fraud chargebacks shifts from you to the card issuer. This is a significant protection – if a fraudulent transaction passes 3DS authentication, you are not liable for the chargeback.
Stripe handles 3DS automatically for EU transactions via Payment Intents. You do not need to configure anything special – the payment flow automatically adds the authentication step when required. Expect some conversion drop from 3DS (5-10% of customers do not complete authentication), but the fraud reduction typically makes it net positive.
Multi-Currency Support
If you sell internationally, showing prices in local currencies significantly improves conversion rates. Customers are more likely to complete purchases when they see familiar currency amounts rather than doing mental currency math.
WooCommerce Multi-Currency (free) or WPML’s multi-currency mode (if using WPML for translation) handle displaying different currencies based on visitor location. Stripe settles in your home currency by default, or you can enable multi-currency payouts to receive in the customer’s currency if you have bank accounts in those currencies.
Mollie is particularly strong for European multi-currency scenarios because it natively handles EUR, GBP, DKK, NOK, SEK, and PLN, and routes each transaction through the appropriate local payment network for better approval rates.
Invoicing Automation
Sending professional invoices for every transaction is not just good practice – in many jurisdictions it is legally required for B2B transactions and all EU VAT-registered sales.
Stripe Invoicing (0.4% fee per paid invoice, or included with Stripe Billing) generates and emails invoices automatically. For WooCommerce, WooCommerce PDF Invoices and Packing Slips (free) generates invoices for every order and attaches them to order confirmation emails. For more advanced invoicing needs including payment terms, installment plans, and custom invoice templates, tools like Quaderno or Invoice Ninja integrate with WooCommerce to generate compliant invoices.
Payment Analytics and Reporting
Understanding your payment data tells you where revenue is coming from, where it is being lost, and where optimization opportunities exist.
Track these metrics in your payment analytics:
- Authorization rate: Percentage of payment attempts that succeed. Below 95% indicates card issues, fraud blocking too aggressive, or gateway problems.
- Chargeback rate: Should stay below 0.5% to avoid processor scrutiny.
- Average order value by payment method: Some payment methods (PayPal Credit, BNPL) have higher AOV than credit cards.
- Failed payment recovery rate: What percentage of failed subscription payments recover after retry? Should be 60%+ with good dunning logic.
- Refund rate by product: High refund rates on specific products signal quality or description issues.
Stripe’s dashboard provides most of this data natively. For WooCommerce-specific reporting, WooCommerce’s built-in reports and third-party analytics plugins like Metorik provide more granular revenue analytics tied to your products and customers.
Checkout Optimization for Conversions
A well-configured payment gateway with a poorly optimized checkout loses conversions. Checkout abandonment rates average 70% – most people who start checkout do not complete it. Here are the highest-impact improvements:
Reduce Form Fields
Every form field is friction. WooCommerce’s default checkout collects first name, last name, company, address line 1, address line 2, city, state, postcode, country, email, and phone. For digital goods, you need email only. For physical goods, you need shipping address fields. Remove everything that is not necessary.
Express Checkout Buttons
Apple Pay, Google Pay, and PayPal Express let customers complete checkout without typing any information – their payment details and shipping address are pre-filled from their device or PayPal account. Enabling these buttons on product pages (not just checkout) can reduce the path to purchase to 2 taps for mobile users. The Stripe plugin’s Payment Request Button enables this with minimal configuration.
Guest Checkout
Forcing account creation before purchase is a significant conversion blocker. Enable guest checkout in WooCommerce and offer account creation as an optional convenience after purchase. The data consistently shows that forced registration reduces checkout completion rates by 20-35%.
Trust Signals at Checkout
Display security badges (SSL certificate badge, payment network logos), money-back guarantee messaging, and contact information near the payment form. Anxiety about security is a real conversion killer at the final step. Removing that anxiety with visible trust signals increases completions.
Marketplace Payments with WCFM
If you are running a multi-vendor marketplace, payment handling is more complex: each vendor needs to receive their portion of sales, commissions need to be calculated and retained, and payouts need to happen on a schedule. WCFM Marketplace (with WC Vendors or Dokan as the vendor management layer) combined with Stripe Connect handles marketplace payment splitting natively.
Stripe Connect allows your platform to collect payments and automatically route the vendor’s portion to their connected Stripe account. This is legally cleaner than collecting everything and manually wiring vendor payments, and it handles tax reporting requirements (1099-K generation in the US) automatically for vendors who meet the threshold.
Reign Theme’s marketplace starter sites come pre-configured with WCFM and supported payment gateways, giving you a tested foundation rather than assembling the stack from scratch. The pre-built payment routing and vendor dashboard significantly reduce the setup time for a marketplace launch.
Payment Security Best Practices
- Never log payment data. Ensure your server logs, debug logs, and any logging plugins never capture card numbers, CVVs, or full payment details.
- Use HTTPS everywhere. SSL is required for payment pages. Extend to your entire site to prevent mixed-content warnings.
- Keep plugins updated. A vulnerable WooCommerce or payment plugin can expose customer data even if the actual payment processing is secure.
- Monitor for card testing. Fraudsters test stolen card numbers with small transactions. Watch for unusual patterns of small failed transactions and block suspicious IPs via Cloudflare or Stripe Radar rules.
- Set webhook security. Stripe webhooks should use signed payloads – verify the webhook signature in your code before processing any payment events.
Next Steps
Start with Stripe as your primary gateway and add PayPal as a secondary option – this combination covers the vast majority of online shoppers. Enable Apple Pay and Google Pay via Stripe’s Payment Request Button for mobile checkout. Configure Stripe Radar rules appropriate to your business risk profile. Then tackle tax compliance based on where your customers actually are.
Payment infrastructure is one area where investing properly upfront saves significant pain later. A frozen Stripe account, a chargeback spiral, or a tax compliance notice from a state you did not know you had nexus in – these are problems that are far more expensive to fix than to prevent.
