Hold card details for processing later

  • Resolved coconutboy

    (@megazord)


    3 months ago

    Hi everyone, hope you are having an amazing day.

    I have a issue here that I need some clarification on. Basically, I wish to create a booking system for a Web Shop that allows clients to pay the deposit upfront (via Woocommerce + Cybersource). Deposit is fine. Now, if upon entering the card details Woo should be able to save the card to process cancellation. So If I book, pay the deposit and don’t show up, I should be charged the rest of the payment.

    Now I am not sure if I am violating anything here but to me this is risky. (This is actually, a client requirement to be precise).

    So my question is, is it possible to charge a card later for cancellation (by capturing card details) ? (Via Woocommerce and Cybersource).

    The client’s shop policy is, full charge if a no-show. Now we just have to do this digitally on the web.

    Any input is very much appreciated!
    Have a great day ahead.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support LovingBro (woo-hc)

    (@lovingbro)

    3 months ago

    Hi @coconutboy,

    I see what you are trying to achieve here, taking a deposit upfront and enforcing a no show policy by charging the remaining balance later, and it makes sense to pause and question the risk and compliance side of this.

    WooCommerce itself does not store raw card details, and capturing or holding card data directly would indeed violate PCI compliance requirements. What is possible, and commonly used for this type of booking or no show flow, is relying on the payment gateway’s tokenization and authorization features instead of saving card details.

    With gateways like Cybersource, the usual approach is one of the following, depending on what the gateway supports in WooCommerce:

    • Use tokenization, where the card is saved as a token on the gateway side, not in WooCommerce, and then reused later to charge the remaining balance if the customer does not show up.
    • Use an authorization and capture flow, where the card is authorized for the full amount or remaining balance, and only captured later if the no show condition is met.

    This keeps you within compliance, as WooCommerce never has access to the actual card details, and all sensitive data is handled by the gateway.

    Whether this is possible in your setup depends entirely on Cybersource’s WooCommerce integration and whether it supports saved payment methods, delayed capture, or separate authorization and capture actions. That would be the key thing to confirm with Cybersource or their plugin documentation.

    From the WooCommerce side, deposits and booking logic are typically handled using extensions or custom logic, while the payment enforcement relies on the gateway features mentioned above. You may find these guides helpful for understanding how WooCommerce handles payments and tokens at a high level: https://developer.woocommerce.com/docs/features/payments/payment-gateway-api/, https://developer.woocommerce.com/docs/features/payments/payment-token-api/ and https://woocommerce.com/document/subscriptions/payment-gateways/

    If Cybersource does not support this workflow in WooCommerce, the only safe alternative would be to use a gateway that explicitly supports tokenization or delayed capture for future charges.

    Hope this helps clarify what is and is not possible here, and points you in the right direction for the next step. If you have more details on the Cybersource plugin you are using, feel free to share.

    Thread Starter coconutboy

    (@megazord)

    3 months ago

    Hi @lovingbro ,

    Thank you for the quick feedback. Very much appreciate it. I fully understand it now. For the plugin, In the past for all web shops, I used THIS, but I’m also thinking of looking into THIS.

    I think I may need to reach out with both plugin devs first to see if this is something that’s available in their plugin. However, on the bank side, for Cybersource, I do recall seeing tokenisation in the portal, so that’s a safe start.

    Thanks.

    Plugin Support LovingBro (woo-hc)

    (@lovingbro)

    3 months ago

    Hi @coconutboy,

    Thanks for getting back and sharing more details, it is great to hear that things are clearer now and that you are already exploring the available Cybersource options.

    It is also a good move looking into the official WooCommerce Cybersource extension. Going through its documentation, it mentions that the gateway fully supports WooCommerce Pre-Orders, which allows you to collect the customer’s payment information upfront and then automatically charge the payment method later when the pre order is released. That aligns quite closely with the workflow you are aiming for.

    With that in mind, one possible way to achieve this setup would be to structure the booking as a pre order, or combine WooCommerce Bookings with a deposits solution, while relying on the gateway’s tokenization to handle the later charge. In this flow, the card details are never stored in WooCommerce, and the follow up charge is handled securely by Cybersource using the saved token.

    Reaching out to the plugin developers, as you plan to do, is the right next step to confirm which of these flows are supported out of the box and whether any customization is needed. This approach keeps things compliant while still meeting the business requirement for enforcing a no show policy.

    Glad to see you are on the right track here, and feel free to update the thread if you uncover anything useful from the plugin teams.

    Thread Starter coconutboy

    (@megazord)

    3 months ago

    Thank you again for the support @lovingbro, all points noted. I will close the ticket for now but if any issues, I will report back using a new thread referencing this one.

    Many thanks and have a great day ahead.

    Plugin Support LovingBro (woo-hc)

    (@lovingbro)

    3 months ago

    Hi @coconutboy,

    Really glad to hear everything is clear now and that the discussion helped you map out the right and compliant approach for your use case. It sounds like you have a solid next step lined up by checking directly with the Cybersource plugin developers and confirming tokenization support on the gateway side.

    Thank you for taking the time to circle back and close the loop here, that is always appreciated and helpful for others who may come across this thread later. If anything else comes up as you move forward, feel free to start a new topic and reference this one so we can jump back in.

    If you found the guidance useful, a quick 5 star review for WooCommerce on WordPress.org would mean a lot to the team and helps others discover the plugin. You can leave one here, https://wordpress.org/support/plugin/woocommerce/reviews/#new-post

    Wishing you all the best with the project and have a great day ahead.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.