While WooCommerce has various payment options built into the core plugin, such as PayPal Standard, most stores will need another payment option for payment or credit card processing. If you’re not locked-in to a particular payment processor, you may want to check out our overview on how to select one. In this article, we’ll compare some of the top options with WooCommerce.

However, if you know you want to use WooCommerce and have a plan for your site, such as the ability to accept recurring payments, you may want to have some more information about the WooCommerce-specific options available. We also have a comparison chart for your visual people at the end of this article.

WooCommerce Payment Gateways Comparison link-icon

There are a lot of points to consider when selecting a processor that we’ve covered already. However, the integration between a cart system and processor is also important, and different integrations provide different functionality for the merchant and users that may be important. We’ll take a look at some points of consideration when selecting a processor for a WooCommerce store and will compare some of the most popular WooCommerce gateway integrations.

Location link-icon

Before searching for an appropriate gateway integration, the merchant location will probably be the first limiting factor. If you’re in the US, you’re not going to be limited by much. However, for merchants outside of the US, this could very well influence the entire decision-making process. Most processors support merchant accounts in the US, Canada, and EU, but merchants outside of those regions will probably be limited to PayPal for payment processing.

If PayPal Standard doesn’t work for you, then you can upgrade to PayPal Pro, Advanced, or Express depending on your needs and what kind of checkout type you want. If you operate or sell high volumes of products in the Netherlands, you’ll probably want to look into using iDeal Mollie, as debit cards are used far more than credit cards by Dutch citizens.

Some processors, such as Stripe and Braintree, are growing rapidly and expanding outside of North America and the EU and could become alternative solutions for international merchants soon. Both are solid choices, and have completely PCI compliant integrations, though we do prefer Stripe at Sell with WP.

WooSubscriptions Support link-icon

Recurring billing is integral for some business models, so that may be the next consideration for some merchants. While many gateways support some or all of WooCommerce Subscription‘s features, we’ll take a look at some of the most popular ones (see our WooCommerce membership article for more info on Subscriptions).

Note that all gateways that support Subscriptions also support storing credit cards for customers, which helps reduce friction for purchases and encourages customers to buy, even if you’re not selling a product that uses recurring billing.

PayPal Standard is built into WooCommerce, and supports Subscriptions so that you can get started without another gateway integration. However, PayPal Standard does not support changes to recurring billing amounts, nor does it support date changes for businesses that prefer to bill all customers on the same day of the month. Stripe sticks out again here, as its WooCommerce integration fully supports all Subscriptions features, along with Authorize.net CIM, Braintree, and Intuit QBMS. First Data also supports almost all Subscriptions features (except payment method changes).

Chase Paymentech also fully supports Subscriptions, but Chase requires an intensive merchant validation process to use a 3rd party integration.

Checkout Type link-icon

There are a few different ways to implement payment integrations with a cart system. Many integrations use a direct on-site checkout method, which keeps the user on your site and routes payment information through your servers. Many businesses prefer this approach, as the checkout experience is seamless and allows the business to customize the checkout process. It also reduces the likelihood of abandonment, as customers don’t get nervous when they’re taken to a different site to complete the payment process. In addition to many of the gateway integrations already listed, Authorize.net AIM is also very popular for this sort of checkout integration, as Authorize.net is popular processor, but AIM does not incur additional monthly costs like CIM does.

Direct checkout integrations require an SSL certificate to protect payment information since data is routed through your servers to complete the transaction, which can affect PCI compliance.

If you don’t want to keep customers on your site for checkout due to security concerns, you can use a redirect / off-site checkout method instead. PayPal Express and Standard work this way, as customers are routed to PayPal to complete a transaction, then redirected back to your site so that processing is routed through PayPal’s servers instead of your own. Since sensitive payment information isn’t processed by your site’s servers, SSL certificates are not required for these integrations.

If you want an approach that takes a middle-of-the-road approach, you could look at PayPal Advanced or the Chase Paymentech integration. Both of these integrations iframe the checkout page, which gives the appearance that customers have not left your site, as the checkout form is embedded into the checkout page. However, payment information is routed through the processor’s servers. While this limits flexibility on how the checkout process is displayed, it does add a layer of security for customers.

PCI Compliance link-icon

PCI compliance is near impossible for most people to understand (myself included!), and most sites that accept payments are actually not 100% compliant. Not only does PCI compliance set requirements on your site and processing integration, but also relates to your website’s servers and their security, which may or may not be under your control. Unfortunately, the best comparison I can think of is like sex education – abstinence of processing payments through your servers is almost the only guaranteed method of PCI compliance. Other methods can cover most security concerns, but never reach 100% compliance. And now that’s more than enough of that metaphor.

The exceptions to this are integrations that redirect users through processor’s servers obviously, as transactional data isn’t handled by your site’s server (such as PayPal Advanced or PayPal Express), and integrations like Stripe and Braintree that use client libraries to tokenize payment data before sending it through your servers. Using an SSL certificate covers much of the security needs for a site, and is usually good enough for most stores and payment integrations. However, some business owners are required to be 100% PCI compliant and will have to determine an appropriate integration to use.

UPDATE: To clarify this further: many sites don’t need total PCI compliance (which may or may not be required by your merchant account / payment processor). Using an SSL gets you much of the security that you need, as most sites won’t be subject to attacks when there are always far bigger fish to catch (think Target-level security breaches; netting data for tens of thousands of users makes the work in doing so far more worthwhile than trying to hack your site, which is probably much smaller). You should be in contact with your payment processor to determine what requirements exist for your account to be sure you’re meeting their standards – in some cases, you simply have to pay a monthly fee for non-PCI compliance.

Other Points link-icon

In addition to the particular details of each WooCommerce integration, you’ll also probably want to weigh the fees charged by each processor into your decision. We wrote an article on selecting payment processors and have a comparison spreadsheet of some of the largest processors that could help with this.

There are also a lot of other payment gateway integrations for WooCommerce (111 currently!), as the ones we’ve discussed are the most popular, but certainly not the only options. This comparison is also only valid for official WooCommerce integrations, as we haven’t compared those from third parties or integrations with other platforms, so please don’t extrapolate this information to other cart systems.

Comparison Chart link-icon

As a former teacher, I try to remember to help all of you visual learners 😉 . Here’s a comparison chart that summarizes the points above, or you can check it out here:

Disclaimer: The author works for SkyVerge, who developed some of these WooCommerce integrations. Despite this, every effort is made to be impartial and to evaluate each plugin referenced with equal measure.

Note: This post may contain affiliate links. Providing the most comprehensive and objective WordPress eCommerce resources is our mission. Have more questions? See our affiliate policy. You can use the plain links below if you prefer that we not receive a referral commission:

Articles you may also like:

Posted by Beka Rice

Beka Rice manages the direction of Sell with WP content and writes or edits most of our articles to share her interests in eCommerce. Or she just writes as an excuse to spend more time jamming out to anything from The Clash to Lady Gaga. Who knows.

15 Comments

  1. Hi

    When you write “mostly” under PCI Compliance regarding PayPal Pro what do you mean? I have read that it is not PCI compliant. Can I do anything to make it PCI compliant without having to make my complete server PCI compliant?

    Thanks

    1. With PayPal Pro + an SSL, payment data is protected, but the setup isn’t PCI compliant (even with a PCI compliant server, WordPress / WooCommerce aren’t PCI compliant). Therefore there’s no way you could actually make this entirely PCI compliant. However, PayPal doesn’t require total PCI compliance of their merchants and instead only requires an SSL to use PayPal Pro.

      The only way to achieve total PCI compliance would be to use a redirect payment method, such as PayPal Standard / Express, to use a hosted payment form (i.e. an iframe such as Chase Paymentech), or to use a gateway that tokenizes information before sending it through your server (such as Braintree or Stripe).

  2. Thank you for quick reply. PayPal is claiming that the PayPal Pro plugin from Woocommerce is not accepted even when on a SSL. PayPal claims the server needs to be PCI Compliant. Though another PayPal employee said the plugin on SSL was okay. Any advice on how to proceed?

    1. Hey Wendy, that would honestly be the first time I’ve ever heard PayPal say that the server needed to be PCI compliant to use the PayPal Pro integration – I know most people using PayPal Pro do so with just an SSL certificate, so I think you’d be fine proceeding in that direction.

  3. I have once again contacted PayPal and they again claim Woocommerce PayPal Pro is not PCI compliant unless they integrate the “Hosted PayPal Pro” solution. So basically Woocommerce PayPal Pro plugin is rather useless. Perhaps it was useful before because PayPal did mention that it is rather recently that MasterCard and Visa has pushed for more strict rules.

    1. Hey Wendy, this may be something you’d want to contact WooThemes about if PayPal is saying requirements have to change. I’m sure they’ll be able to get in touch with PayPal directly to ensure that the plugin is going to meet PayPal Pro standards.

  4. Hi Beka

    I did write to Woocommerce and they are WELL aware that people are using this plugin without being PCI Compliant. Guess they just want to sell as many plugins as possible and have no interest in informing people about the danger of not being PCI compliant.

    They said they are planning to sort it with the “hosted PayPal Pro” solution but they do not have any idea when they will have time to sort it.

  5. I have a question regarding the comparison chart for Autorize.net plugin…

    According to this article, https://wordpress.org/plugins/authorizenet-payment-gateway-for-woocommerce/, the authorize.net plugin for WooCommerce is no SSL required.

    Is your chart correct or the article?

    1. Hi there, this article only addresses the official WooCommerce integrations available at WooThemes.com, so I’m not sure how that plugin works.

  6. Hi Beka,

    Would you say it’s necessary to have SSL enabled regardless of which payment gateway is being used?

    1. Hey Ryan, great question! While some of these, such as PayPal Advanced, don’t require an SSL, it never hurts to have. Users are used to seeing this while logging into accounts, so if they create a customer account on your site, they may not be as comfortable storing personal information if they know that it’s sent in plain text to your server. We use SSLs on almost all of our sites for this reason alone to protect our own login information. SSL certs also build trust with users, as even though they’re redirected for checkout, they want to know that the entire process is secure, including the address / personal information they enter on your WooCommerce page. Many have been trained to look for the “lock icon” when visiting any site that accepts payments, and they’ll see your site this way even if it doesn’t directly gather payment information.

      So short answer: yes, for me, I treat them as necessary 🙂 .

      We have some more detail about SSL certs here if you’re interested!

  7. You should check out Knox Payments – let’s you take payments with WooCommerce for just $0.18 per payment whereas Paypal is 3% $0.30

  8. My people don’t understand PCI. Woocommerce is not PCI-DSS compliant. In fact, there are now less than 20 shopping carts in the world compliant for PCI-DSS. You should look at SalesCart, as it is the first shopping cart in the world that is out-of-scope for PCI-DSS and it will work with WordPress. It is free for less 10 products at which point you probably aren’t ready for credit card acceptance anyway and at $35/month includes the cart, credit card acceptance, gateway, and no other PCI fees. At that price, the shopping cart is still essentially free because getting credit card acceptance to below $35 with Gateway and PCI is nearly impossible.

    If your cart/online store is not compliant and is also in scope for PCI-DSS, then your website, webserver, blogging software, webhosting, network and your entire business is OUT of COMPLIANCE for PCI. Period. The End!

    1. Hey Michael, PCI compliance is definitely a murky subject, especially since there are several levels of ‘compliance’. Neither WooCommerce or WordPress itself is PCI compliant, which is why the only gateways listed as compliant are those that host the payment off-site either via a redirect or iframed, hosted checkout form, or those like Stripe and Braintree that can tokenize payment information before it even hits your server. This way, your servers don’t have to come into play, as most webhosting servers are not PCI compliant, and your website doesn’t necessarily need to be compliant because you’re accepting payments via a compliant site and not your own (or using a tokenization method in the case of Stripe or Braintree).

      As such, I wouldn’t say that the WordPress eCommerce plugins, including WooCommerce, are not compliant. Rather, they’re only PCI compliant if you use certain payment gateway methods to avoid these regulations.

  9. You are awesome Beka answering these questions and providing a lot of useful information! Thanks

It's been over 2 years since this post was published, so comments have been closed. Thanks for reading!