The Bank of America for WooCommerce extension is a payment integration that allows you to take customer payments on your e-commerce website through Merchant Services with Bank of America.
This extension (also referred to as a plugin) leverages Bank of America’s Microform Integration and the Card Not Present Integration Toolkit to help you meet Self-Assessment Questionnaire A (SAQ A) Payment Card Industry (PCI) compliance levels with a seamless checkout on your site.
Bank of America uses hosted fields to process payments, so sensitive payment information is sent directly to Bank of America, bypassing your servers. You can also utilize Bank of America’s Fraud Management tool to help prevent fraudulent transactions.
- An approved and active Merchant Services account through Bank of America
- WooCommerce 3.6+
- WordPress 5.2+
- PHP 7.0+
- An SSL certificate
Note: You can find the details for the WooCommerce, WordPress and PHP versions you are currently using by visiting the WordPress admin page’s left navigation pane and selecting WooCommerce > Status
In this section, we will review how to generate your security keys in your Merchant Services account provided by Bank of America and set up the Bank of America for WooCommerce extension. A Bank of America Business Advantage Banking account is required to apply for a Merchant Services account.
Bank of America uses security keys to communicate with your site. You can follow these steps to generate security keys for your account.
Important Note: After profile configuration and key generation have been setup and completed for your Bank of America for WooCommerce extension, please do not alter or remove the Merchant ID, API Key Detail or the API Shared Secret Key fields as it will affect the ability to process transactions through Bank of America.
Follow the steps below to generate a security key:
- To start profile configuration, login to your Merchant Services account provided by Bank of America from Business Advantage 360
- From the left navigation, select Payment Acceptance Configuration > Key Management.
- Select Generate Key in the top right corner.
- Select REST – Shared Secret as the key type and select Generate Key.
- Copy the Transacting ID (also known as Merchant ID), Key and Shared Secret Key to add to the extension settings in the Merchant ID, API Key Detail and API Shared Secret Key fields. You can also click Download key if you’d like to save these keys for future use or reference. Once you exit the REST API Shared Secret Key screen, you will no longer have access to this specific Shared Secret Key and may need to recreate another key in the future.
Payment extension settings in WooCommerce: Merchant ID, API Key Detail field and API Shared Secret Key field
To configure the extension to support credit cards, you will navigate to WooCommerce > Settings > Payments and select Bank of America Payments
- Enable / Disable: Allow customers to use this gateway to process credit cards at checkout.
- Title: The text shown for the payment during checkout and on the Order Received page.
- Description: The text shown under the gateway’s title during checkout. Limited HTML is allowed. If you enable test mode, this section will also display a notice along with test credit card numbers.
- Card Verification (CSC): Display the card security/verification code field at checkout.
- Saved Card Verification: Display the card security/verification code field when using a saved card at checkout.
- Transaction Type: Controls how transactions are submitted to Bank of America. Select “Charge” to automatically capture payments. If you select “Authorization”, you must manually capture and settle payments in your Bank of America account or on the WooCommerce orders screen after the transaction has been submitted. This defaults to “Charge”.
- If Transaction Type is set to “Authorization”:
- Charge Virtual-Only Orders: If Transaction Type is set to “Authorization”, enable this to automatically capture charges for orders with only virtual products. For downloadable products, this will grant downloads access right away.
- Capture Paid Orders: If Transaction Type is set to “Authorization”, enable this to automatically capture charges when orders move to a paid status.
- Accepted Card Logos: Determines which card logos are displayed during checkout. This has no impact on which cards are accepted by your Merchant Services account.
- Tokenization: Let customers save their payment methods for future use at checkout. This is required for Subscriptions or Pre-Orders.
- Detailed Decline Messages: Display detailed messages to customers to provide reasoning for declines instead of a generic error message when possible. Click here to read more about detailed decline messages.
- Debug Mode: Enable when you are having issues processing transactions. You can choose to log API requests directly on the checkout page, save them to the WooCommerce > Status > Logs page, or both. As a best practice, please do not enable this setting unless you’re having issues with the plugin.
- Environment: Switch between “Test” and “Production” credentials. Enable “Test” to send transactions to your Bank of America Test Account. If you require ability to use the Test environment and did not receive your “Test” credentials, please reach out to your Bank of America associate.
- Merchant ID: The ID assigned to you by Bank of America, which you can locate in your Merchant Services account through Bank of America.
- API Key Detail: Follow the steps in Generate Security Keys to retrieve your API Key Detail.
- API Shared Secret Key: Follow the steps in Generate Security Keys to retrieve your API Shared Secret Key.
- Fraud management: Use Bank of America’s Fraud Management tool to help reduce your fraudulent transaction rate. This service must be enabled on your Merchant Services account through Bank of America.
As a site administrator, you can use the Bank of America for WooCommerce extension to manually capture charges and automatically refund/void transactions as needed. You may also take advantage of Bank of America tools such as Fraud Management to help prevent and manage fraudulent orders.
In the Bank of America for WooCommerce extension, you can use Bank of America’s Fraud Management tool to help you identify fraudulent and manage suspicious Card Not Present (CNP) orders. You must have Fraud Management enabled on your Merchant Services account through Bank of America before you can use it in WooCommerce.
Once Fraud Management is checked and enabled in the extension settings, the Bank of America for WooCommerce extension will approve, hold, or reject orders based on your fraud settings:
- Approved orders will go directly to Processing status.
- Held orders will go to On Hold status until they are reviewed and approved or rejected in your Bank of America Fraud Management Dashboard. An order may be held if it is assigned a ‘Review’ outcome based on your Rules Configuration or hits a ‘Review List’ match in Fraud Management (subject to client’s Fraud Setting preferences). When viewing an On Hold order, look for the detail and reason of the transaction status in the Order Notes within WooCommerce Order Details. Transactions that are held for review are automatically rejected by the system after 30 days if not approved or rejected by a reviewer prior.
- Rejected orders will go to Failed status, with more details available in the order notes. An order is rejected if it is assigned a ‘Reject’ outcome based on your Rules Configuration or hits a ‘Reject List’ match in Fraud Management (subject to client’s Fraud Setting preferences).
Note: If your Transaction Type setting is set to “Authorize”, your approved orders (whether approved directly or approved after review in Bank of America’s Fraud Management) will go to On Hold status until you manually capture them in WooCommerce.
The Bank of America for WooCommerce extension will check for updates to orders in the Bank of America Fraud Management tool every 15 minutes, so you may notice a slight delay between when an order is approved or rejected in the Bank of America dashboard and when the order is updated in WooCommerce. If you need to trigger the check right away, you can do so by follow these steps:
- Go to Tools > Scheduled Actions > Pending.
- Find the wc_cybersource_update_orders action.
- Click the Run action.
For information on rule configuration and managing orders please refer to the Fraud Management User Guide in the Guides page under Fraud Management in your Merchant Services account.
If the Transaction Type setting is set to “Authorization”, you can manually capture these payments from the WooCommerce Orders page. Click here to read more about capturing charges.
Note: If your Transaction Type setting is set to “Charge”, you cannot use the Capture button.
You can process refunds directly in WooCommerce without needing to log into your Merchant Services account. Click here to read more about issuing automatic refunds from WooCommerce.
You can void transactions directly in WooCommerce in the following circumstances:
- If your Transaction Type setting is set to “Authorization”, you can void when the transaction has been authorized but not yet captured.
- If your Transaction Type setting is set to “Charge”, you can void when the transaction has not yet been settled (e.g., funds haven’t been transferred from the customer’s account to your Bank of America account).
Bank of America does not accept partial voids. If a transaction is no longer eligible to be voided, you must refund the order. Click here to read more about voiding transactions in WooCommerce.
Your customers can take advantage of the Enhanced Checkout Form when your site uses the Bank of America for WooCommerce extension.
Bank of America supports an enhanced checkout form that improves the checkout experience on mobile and desktop devices. Click here to read about the enhanced payment form.
Q: How can I perform test transactions to ensure that the extension is setup properly?
A: If you wish to use a test environment to run a test transaction prior to going live or in production, please contact Bank of America at 833.344.2324 for assistance.
Q: Which API methods does the Bank of America for WooCommerce extension use?
A: This extension leverages Bank of America’s Microform Integration and the Card Not Present Integration Toolkit (or REST API) to help you meet Self-Assessment Questionnaire A (SAQ A) Payment Card Industry (PCI) compliance levels with a seamless checkout on your site.
The Microform Integration provides the most secure method for tokenizing card data by rendering a secure iFrame to collect the customer’s card data, hosting the iFrame and transmitting the card data via the secure Single Use Token API. This integration type reduces the risk of a third-party gaining access of the sensitive customer information during the transaction. Regarding PCI scope, a solution using Microform Integrationhas the least amount of effort by a client to validate PCI Compliance. The Microform Integration call retrieves a single use temporary token only. Transactions are authorized via the Card Not Present Integration Toolkit integration method detailed below.
The Card Not Present Integration Toolkit (or REST API) integration is ideal for clients who wants to control the customer checkout experience. This integration type requires the client or integrator to connect to the Bank of America Gateway via the Card Not Present Integration Toolkit (or REST API). This integration method has the most complex set of requirements for PCI validation.
Having trouble? Follow these steps to make sure everything is setup correctly before posting a support request:
- Please ensure that your site meets the extension requirements.
- Confirm that your credentials are correct.
- Enable the Debug Mode setting and review the errors codes/messages provided by Bank of America. Sometimes more detailed error information/messages can be found by logging into your Merchant Services account and viewing transaction reports. In some cases, such as a transaction being held for review or declined, the extension cannot change the issue and it must be resolved in your Bank of America account.
- If you have any questions or issues, please contact Bank of America at 833.344.2324 for assistance.