Opayo Payment Suite setup and trouble shooting

Our Opayo Payment Suite plugin is three payment gateways in one, allowing you to use one or more to take payments with WooCommerce via Opayo. You need to sign up for a Opayo UK account to use this plugin: www.opayo.co.uk Option 1: Opayo Form

  • Customer is redirected to Opayo to complete payment – simplifies PCI Compliance
  • SSL Certificate recommended but not required
  • Supports refunds and voids in WooCommerce admin (requires Opayo Reporting to be setup)
Option 2: Opayo Direct
  • Customer stays onsite for entire transaction
  • SSL Certificate required
  • Supports WooCommerce Pre-Orders
  • Supports recurring payments for WooCommerce Subscriptions
  • Supports refunds in WooCommerce admin
  • Supports Tokens with WooCommerce 2.6 and higher
  • Capture Authorised transactions from within WooCommerce
Option 3: Opayo Pi
  • Customer stays onsite for entire transaction
  • SSL Certificate required
  • Supports refunds in WooCommerce admin
Opayo Fraud Scoring information available in WooCommerce (see here for more information on Opayo Reporting)

Installation and Updating

↑ Back to top
For a new installation please review our extension installation guide If you need to update the extension you can do this from your WordPress admin if you have connected the site to WooCommerce.com, you can read more about that here You can also update manually by downloading the latest version from your WooCommerce account Once you have the zip file downloaded you should deactivate and delete the existing version from your WordPress plugins page and then install the new version using the upload option. You will not lose any settings or data by updating this way.

Setup and Configuration

↑ Back to top
Go to the Opayo Form or Opayo Direct Settings page(s). sagepay-settings

Configure the Settings – SagePay Form

↑ Back to top
Configure the settings page to suit your business. At a minimum, you must:
  1. Tick the Enable SagePay Form box
  2. Enter your Vendor Name (supplied by Opayo)
  3. Enter your Encryption Password (supplied by Opayo)
  4. Save.
  5. Complete the Opayo Reporting setup to enable refunds.

Configure the Settings – Opayo Direct

↑ Back to top
Configure the settings page to suit your business. At a minimum, you must:
  1. Tick the Enable Opayo Direct box
  2. Enter your Vendor Name (supplied by Opayo)
  3. Save.

Configure the Settings – Opayo Pi

↑ Back to top
Please review the Opayo Pi setup guide HERE

How to setup PayPal for Opayo Direct

↑ Back to top
Creating a PayPal test account Enabling Opayo on your PayPal test account Linking PayPal to your Live account Once Opayo have enabled PayPal on your account you will need to add PayPal as a card type in your WooCommerce Opayo settings. Now your customers will see the PayPal option in the card type dropdown IMPORTANT : PayPal will not show if there is a subscription product in the cart.

Configure the Settings – Opayo Reporting

↑ Back to top
There is separate documentation for Opayo Reporting HERE Read about the benefits of Opayo Reporting here


↑ Back to top
Place several test transactions to confirm that everything is working correctly. Once you have completed testing, contact Opayo about making your account live. Opayo will notify you when ready, and then you can set the status to Live. Opayo has a list of test cards you can use to carry out test transactions at: Test Card Details for Test Transactions.

Frequently Asked Questions

↑ Back to top

I’m getting a message of: MALFORMED 3045 : The Currency field is missing.

↑ Back to top
This is because you are using the wrong password in the Encryption Password field. Opayo sends you at least two passwords, one for your account and one encryption password. You need to use the second one.

I’m seeing a 5080 error when I get to Sage.

↑ Back to top
Normally this is a password issue, make sure you have the encryption passwords set correctly – the live and testing passwords should be different. If it’s not a password issue then check the PHP error logs.

My customers are returned to a blank screen after paying with Opayo Form

↑ Back to top
Are you using iThemes Security? Make sure to uncheck the “Long URL Strings” option. iThemes Security Long Strings Option

Why do transactions that fail 3D Secure still show as approved?

↑ Back to top
Log into MySagePay (https://live.sagepay.com/mysagepay/login.msp) and check your 3D Secure rules. For example: sagepay-3dsecure

4020 : Information received from an Invalid IP address

↑ Back to top
You must add the IP address of your hosting to MySagePay. If you don’t know the IP address, you can obtain it from WooCommerce -> Status -> Tools -> “Get IP Address for MySagePay settings”
Get IP Address for MySagePay
Get IP Address for MySagePay

Surcharges and Opayo Form

↑ Back to top
The surcharge settings have been removed from the Opayo Form settings. To bring them back you will need add the following function in your custom functions :
add_filter( 'woocommerce_sagepayform_display_surcharges', 'enable_woocommerce_sagepayform_display_surcharges' );
function enable_woocommerce_sagepayform_display_surcharges() {
return true;
view raw gistfile1.txt hosted with ❤ by GitHub
There are two filters available to allow for conditional application of the surcharges and conditional modification of the surcharges. To set when the surcharges should be applied use :
apply_filters( 'woocommerce_sagepayform_apply_surcharges', true, $order, $sage_pay_args_array );
To modify the surcharge XML use :
apply_filters( 'woocommerce_sagepayform_modify_surcharges', $surchargexml, $order, $sage_pay_args_array, $cardtypes );

Card Type Drop Down

↑ Back to top
With Version 3.2.1 the Opayo Direct checkout form was changed to include a drop down for card type. Opayo requires that the card type is included in the transaction information. Previously this was done by checking the first 6 digits of the card number using a 3rd party service BIN List (https://en.wikipedia.org/wiki/Bank_card_number) Unfortunately this service has proved to be occasionally unreliable and so has been replaced by the drop down.


↑ Back to top
As of version 3.3.0 tokens are supported with Opayo Direct. Your site will need to be running WooCommerce 2.6.0 or higher. Tokens must be enabled on your Opayo account before your site will be able to use them. The card details are not stored on your site, only the token from Opayo, the last four digits of the card number and the expiry date. You will not be able to store the CV2 number so this is not used during transactions that use a token, it will be checked when the token is created. 3D Secure will only be checked when the token is created, not for subsequent transactions using the token. Tokens can also be used for Subscription payments making it easier for your customers to change their card details on your site.

Fraud Screening

↑ Back to top
Opayo provide some fraud screening during the payment process. If they flag a transaction then the order status will be changed during the checkout process to alert you. You will need to login to MySagePay to confirm that you are prepared to ship the order or that you need to cancel it. Once you have reviewed the reasons for the fraud notification you can go back to WooCommerce and update the order as necessary. You can read about the way transactions are scored by Opayo here

“Checks” column

↑ Back to top
This section displays the status of checks done by Sage, previously this information was only included in the order notes. You will see which will allow you to quickly check that the address, postcode, CV2 and 3D Secure information where all provided correctly. Green indicates correct, yellow indicates not checked and red indicates the information provided by the customer was incorrect. It is up to you to decide how to proceed if the icons are not green. Please note, renewal orders for subscription payments may not be all green as the checks are not re-done. Note: This information may not be available or may be incomplete for orders placed before version 3.4.0 was installed. It has always been included in the transaction information in the order notes.

3D Secure 2 setup and testing

↑ Back to top


↑ Back to top
Opayo has enabled 3D Secure 2 on their live servers.
  1. In the WooCommerce Opayo Direct settings, make sure you have the VPS Protocol option set to “4.00”
  2. Make sure you have set up 3D Secure rules in the LIVE and TEST MySagePay. You can read more about setting up the rules on the SagePay website


↑ Back to top
To place test orders using 3D Secure 2.0 you will need to be in “testing” Then you can choose the “Magic Value” in the drop down Each value in the drop down will give a different result for a test transaction.
Magic Value 3DSecureStatus Description
SUCCESSFUL OK This is returned for a frictionless flow where authentication is successful
NOTAUTH NOTAUTHED This is returned for a frictionless flow where authentication is NOT successful
CHALLENGE Status=3DAUTH 3DSecureStatus=OK This is returned for a challenge flow, where the cardholder will be re-directed to the ACS to enter two-factor authentication. A CReq, VPSTxId, ACSURL and StatusDetail will also be returned. Once you re-direct to the ACSURL, entering the correct password displayed on the site will simulate a successful authentication, entering any other password will simulate an un-successful authentication.
PROOFATTEMPT ATTEMPTONLY The cardholder attempted to authenticate themselves, but the process did not complete. A CAVV is returned and this is treated as being successfully authenticated.
NOTENROLLED NOAUTH This means the card is not enrolled in the 3D-Secure scheme.
TECHNICALDIFFICULTIES INCOMPLETE 3D-Secure authentication was unable to complete. No authentication occurred.
STATUS201DS Fallback to 3DSv1 Simulates fallback to 3DSv1. You will receive a PAReq, MD, ACSURL and StatusDetail
ERROR ERROR Simulates an error condition where 3D-Authentication cannot be performed due to data errors or service unavailability in one of the parties involved in the check

Test Cards

↑ Back to top
You will always receive an OK response and an Authorisation Code from the test server if you are using one of the test cards listed below. All other valid card numbers will be declined, allowing you to test your failure pages. If you do not use the Address, Postcode and Security Code listed below, the transaction will still authorise, but you will receive NOTMATCHED messages in the AVS/CV2 checks, allowing you to test your rulebases and fraud specific code. There are different cards for Visa and MasterCard to simulate the possible 3D-Secure responses. Billing Address 1: 88 The Street Billing Post Code: ST41 2PQ Security Code: 123 Valid From: Any date in the past Expiry Date: Any date in the future
Payment Method Card Number CardType Response 3D-Secure Response (VERes)
Visa 4929 0000 0000 6 VISA Y
Visa 4929 0000 0555 9 VISA N
Visa 4929 0000 0001 4 VISA U
Visa 4929 0000 0002 2 VISA E
Visa Corporate 4484 0000 0000 2 VISA N
Visa Debit 4462 0000 0000 0003 DELTA Y
Visa Electron 4917 3000 0000 0008 UKE Y
MasterCard 5404 0000 0000 0001 MC Y
MasterCard 5404 0000 0000 0043 MC N
MasterCard 5404 0000 0000 0084 MC U
MasterCard 5404 0000 0000 0068 MC E
Debit MasterCard 5573 4700 0000 0001 MCDEBIT Y
Maestro (UK Issued) 6759 0000 0000 5 MAESTRO Y
Maestro (German Issued) 6705 0000 0000 8 MAESTRO Y
Maestro (Irish Issued) 6777 0000 0000 7 MAESTRO Y
Maestro (Spanish Issued) 6766 0000 0000 0 MAESTRO Y
American Express 3742 0000 0000 004 AMEX N/A
Diners Club / Discover 3600 0000 0000 08 DC N/A
JCB 3569 9900 0000 0009 JCB N/A
PayPal Use your own PayPal Sandbox PAYPAL N/A

Feedback and feature requests

↑ Back to top
For feedback on the SagePay Form/Direct gateway, this documentation or for feature requests please email support@chromeorange.co.uk

Questions & Support

↑ Back to top
Have a question before you buy? Please fill out this pre-sales form. Already purchased and need some assistance? Get in touch the developer via the Help Desk.