Payment Controls
4 min read
Payment Method Risk Controls are Pro’s surface for hiding specific WooCommerce payment gateways from high-risk customers, linked accounts, or velocity-flagged checkouts. Where blocking is all-or-nothing (block all checkout), payment controls let you reduce checkout risk without rejecting the customer entirely — they can still complete an order, just not with riskier payment options.
Location: TrustLens → Settings → Payment Controls.
The Core Idea #
Some payment methods are riskier than others:
- Credit cards: chargeback exposure
- Buy-now-pay-later (Affirm, Klarna): fraud-recourse limited; subject to BNPL-specific disputes
- Cash on delivery: high failure rate, return-shipping costs
- Cryptocurrency: irreversible (good for you, but high attractiveness to fraudsters)
- Bank transfer / wire: lower fraud risk; harder to dispute
Payment Controls let you hide riskier methods from customers who match risk conditions, while keeping safer methods available. The customer experiences fewer payment options, not a full block.
Rule Structure #
Each rule has:
- Condition — when does the rule apply? (e.g. trust_score < 30, segment is critical, linked_accounts_count >= 3)
- Action — which payment methods to hide for matching customers
Rules evaluate at checkout — the customer’s available gateways are filtered based on their TrustLens state.
Example Rules #
| Condition | Hide | Effect |
|---|---|---|
segment in [risk, critical] |
BNPL methods (Affirm, Klarna) | Risky customers can only pay with credit card or wire — no installment plans |
total_disputes >= 1 |
All credit card gateways | Customers with dispute history can only pay with bank transfer or store credit |
linked_accounts_count >= 3 |
Cash on delivery | Fraud-ring members can’t use COD (which has high failure rate) |
recent_card_testing_signal = true |
All gateways | Effectively a soft block — customer can’t pay at all without admin intervention |
Configuration #
In Settings → Payment Controls:
- Click “Add Rule”
- Set conditions (uses the same condition system as the automation engine)
- Select which payment methods to hide
- Save
Rules can be reordered. The first matching rule wins — if a customer matches multiple rules with conflicting actions, the topmost applies.
Available Payment Method Detection #
TrustLens automatically detects every payment gateway active in your WooCommerce setup and lists them in the rule editor. Common gateways:
- WooCommerce Payments / WooPayments
- Stripe (with sub-methods: Cards, Apple Pay, Google Pay, etc.)
- PayPal Standard / PayPal Pro / PayPal Checkout
- Affirm
- Klarna
- Afterpay / Clearpay
- Square
- Authorize.net
- Cash on Delivery
- Bank Transfer / BACS
- Check
- Custom gateways
Each detected gateway can be independently controlled.
Sub-Method Granularity #
For gateways that expose sub-methods (Stripe Cards vs Stripe Wallets vs Stripe BNPL), you can hide individual sub-methods rather than the whole gateway. Useful for keeping wallet checkouts (Apple Pay, Google Pay — generally lower fraud) while hiding card-direct entry from risky customers.
Interaction with Checkout Blocking #
Payment Controls and Blocking are independent:
| Blocked | Payment Control Matches | Result |
|---|---|---|
| No | No | All methods available |
| No | Yes | Some methods hidden; customer chooses from remaining |
| Yes | — | Blocked entirely; no methods shown |
Blocking takes precedence — a blocked customer doesn’t reach the Payment Controls evaluation step.
What the Customer Sees #
Customers see only the payment methods that pass the rules. They don’t see “this method is hidden because we flagged you” — the method simply isn’t on the list. From the customer’s perspective, it looks like the store doesn’t offer that payment method.
This is gentler than blocking — the customer can still complete the order, just with a different payment method.
What If All Methods Are Hidden? #
If a rule hides all payment methods (or a customer’s matching rules collectively hide all gateways), the customer sees an error similar to blocking: “No payment methods available.” Effectively, this is a block via Payment Controls.
This is intentional — sometimes the right action is “no payment method should work for this customer.” The Payment Controls UI warns you when a rule could potentially hide all methods.
Audit Log #
Every Payment Controls rule evaluation is logged:
- Customer hash
- Order ID (if available)
- Rule(s) matched
- Methods hidden
- Methods available
Visible at Settings → Payment Controls → Activity Log. Useful for debugging “why doesn’t customer X see method Y?”
Testing Rules #
Each rule has a “Test” button that simulates a checkout for a specific customer hash and shows which methods would be available. Useful for verifying rules before enabling them.
Performance #
Rules evaluate at checkout in-line. Each rule is sub-millisecond; even with 20+ rules, the overhead is negligible. The rule data is cached per page load.
Permissions #
Configuring Payment Controls requires manage_woocommerce. Rule changes are logged in the WordPress audit log.
