Prestashop Module: Moneris Payment Gateway Canada

hero image

A Canadian Merchant Gateway for PrestaShop

This is a Prestashop module that allows you to accept credit cards directly on your website using the Moneris Payment Gateway API Integration (formerly eSelectPlus). Supports 3D-Secure 2.0 (Verified By Visa and MasterCard SecureCode) and other fraud prevention features.

Moneris is a credit card processor for Canadian businesses and Prestashop stores in Canada. Sign up here.


Simply enter your Moneris “Store ID” and “API Token” in the module configuration page.


Customers can securely purchase goods or services without leaving your website.
  • All transactions are encrypted.
  • Customer payment information is never stored.


  • Payment information is validated as the customer types — check-marks appear next to the payment fields to signal a valid credit card number, expiry date, and CVV.
  • Credit card logo appears inside the credit card field as soon as the module detects the type of card being typed.
  • Credit card logo becomes highlighted when the module detects the type of card used.
  • Credit card number is automatically formatted with the correct spacing between digits depending on the card type.
  • Informative errors. Users will be able to instantly discover what went wrong if a problem occurred, with error messages like “Your credit card is expired.” or “Your credit card has been flagged as lost or stolen.“, etc.
  • Comes installed with French translations that users will see when they visit the French version of your website.


  • Supports 3D-Secure 2.0 to help prevent chargebacks (Verified By Visa, MasterCard SecureCode, American Express SafeKey). 3D-Secure 2.0 checks if a card is eligible for higher level protection by challenging the customer with SMS or email verification.
  • Supports Address Verification and CVV digit validation to help prevent chargebacks.
  • When an order fails validation (Address Verification, Card Digit Validation), the order gets flagged with a “Suspicious” order status that only you can see. The reason for the suspicious flag is given as a private order message and you decide if you wish to ship the order.
  • Optionally choose to reject orders that fail 3D-Secure 2.0 authentication.
  • Protect against malicious bot attacks and stolen credit card testers with support for Google reCAPTCHA and features to limit repeat failed payment attempts.


Configure your Google reCAPTCHA API keys to protect against malicious bots that spam the credit card field with stolen credit cards. Choose to use reCAPTCHA v2 Checkbox or reCAPTCHA v3
  • reCAPTCHA v2 Checkbox: The customer must click a checkbox below the credit card field, and potentially complete a puzzle/challenge, to identify themselves as a human before being allowed to complete their purchase.
  • reCAPTCHA v3: Invisible to the customer. reCAPTCHA tracks a customer’s behaviour on your website and gives them a score between 0.0 and 1.0 (1.0 is human, 0.0 is a bot). You can configure the module to reject orders from customers of a certain score, or accept their order and flag it with a “Suspicious” order status.


You can choose to limit the amount of failed payment attempts a customer is allowed to make to protect against malicious bots that spam the credit card field with stolen credit cards.
  • Choose how many failed attempts a customer is allowed to make.
  • Choose how long they are timed-out from trying again after they have attempted too many times.
  • If the customer has 5 attempts remaining, the customer is shown a message indicating how many more attempts they have before they are timed-out.
  • Once a customer is timed-out, they are shown a message indicating how many minutes remaining in their time-out.
  • A Canadian Moneris Payment Gateway account (
  • An SSL certificate as per Moneris’ mandatory requirements.
  • Your webserver must support at least PHP 5.4
  1. Login to your Moneris account:
  2. Click Admin > Store Settings and copy the API Token (if there is none, generate a new one).
  3. Paste API Token in the module’s configuration, and enter your Store ID.
  • 2.2.2 (2023/10/02)
    • NEW: Add ability to reject unauthenticated 3D-Secure 2.0 transactions.
    • Rework 3DS authentication handling.
    • Add “ds_trans_id” and “threeds_server_trans_id” to transaction request for compliance with new MasterCard 3DS 2.0 requirements.
    • Add private order message indicating the 3DS 2.0 authentication result for the transaction.
    • Add CAVV result for “authentication attempted” 3DS transactions.
    • Add default “Credit Card” payment type on order validation when module doesn’t detect the card type.
    • Add check in PS 1.7.8+ to verify that Cookie SameSite is set to None when 3DS is enabled.
    • Fix error when user configures multiple Moneris accounts for one currency when multi-store is disabled.
    • Refactor backend code for easier readability
  • 2.2.1 (2023/08/16)
    • Change deprecated Tools::jsonDecode call to json_decode
  • 2.2.0 (2023/01/01)
    • Compatibility with PS 8.0.0
    • Rename deprecated hook names
    • Fix deprecation notice on cart page when user is not logged in
  • 2.1.5 (2022/07/09)
    • Change submit button onClick event from vanilla JS to jQuery to fix Google reCAPTCHA token bug in PrestaShop 1.6
    • Add error message if CVD is empty or invalid when CVD is enabled
  • 2.1.4 (2022/06/24)
    • Fix DB error in 2.1.2 upgrade file for users who never installed 2.1.0
  • 2.1.3 (2022/06/21)
    • Fix dump() bug in older PS versions
  • 2.1.2 (2022/06/10)
    • Add multistore option to Moneris
    • Fix to prevent double payments in PS 1.
    • Add fallback for 3DS browser dimensions
    • Fix 3DS 2.0 on transactions that are not challenged
  •  2.1.1
    • Fix MonerisApiAccount namespace bug in older PS versions
  • 2.1.0 (2021/11/09)
    • Add option to configure a different Store ID per currency
  • 2.0.9 (2021/08/03)
    • Module updated from 3D-Secure 1.0 to 3D-Secure 2.0 (Verified by Visa/MasterCard SecureCode). IMPORTANT NOTICE: “Effective October 2021, the majority of issuers will no longer support 3DS 1.0. As a result, you will lose liability shift protection for most of your transactions. Effective October 2022, key card brands and Moneris will no longer be supporting 3DS 1.0. As a result, any authentications submitted will receive an error response.”
    • To use 3D-Secure, your server’s “SameSite” cookie parameter must be set to “None” and “Secure” cookie parameter must be set to “true”, otherwise customers will be unable to checkout when 3D-Secure is enabled (the user will be logged out and cart will be cleared).
  • 2.0.8 (2021/04/27)
    • NEW: Redesigned credit card form with a more modern and responsive design.
    • NEW: Support for Google reCAPTCHA on the credit card form to help against bot attacks (requires Google reCAPTCHA account with API keys).
    • NEW: Option to limit the amount of declined credit cards a customer can attempt in order to prevent bots from spamming stolen credit cards.
    • NEW: Option to timeout a customer who is spamming declined credit cards for a configurable amount of minutes. The customer can resume placing their order after the timeout has elapsed.
    • NEW: Credit card logo appears inside the credit card field as the user is typing their card number.
    • NEW: Credit card field automatically formats card number with the proper spacing for the card they are typing.
    • Added option to hide credit card logos above the payment form.
    • Added missing French translations.
    • Added workaround for missing order messages created by the module
    • Removed AJAX card processing in PrestaShop 1.6 for security purposes.
    • Fixed checkmark not showing up when expiry date was current year.
  • 2.0.7
    • Add button label configuration option for PS 1.6
    • Add missing acceptable AVS value for certain cards that were being flagged as fraudulent
  •  2.0.6
    • FIX AVS “Street Name” issue
    • FIX CVD and AVS issues when VBV is enabled
  •  2.0.5
    • FIX Order ID for store names with special characters
  •  2.0.4
    • Fix deprecated constructors in PHP 7
    • Add convert to CAD/USD option
  •  2.0.3
    • Add Convert to CAD configuration option
    • Add more FR translations
  • 2.0.0
    • Updated for full Prestashop 1.7 compatibility.
    • Credit card form and transactions are more consistent across different themes/sites.
    • Transaction error messages are now integrated into theme notifications.
    • Added check to make sure the CAD currency exists.
    • Added debug mode for developers & support.
    • Restyled CSS for new checkout page.
    • Removed AJAX transactions for more consistency with new checkout page.
  • 1.8.7
    • FIX Verified by Visa now functions correctly after a Moneris update.
    • NEW Option to reject previously declined credit cards.
    • Payment button now disables while a transaction is in progress, button text changes to “Sending…”
  • 1.8.6
    • FIX detection of Discover cards
  • 1.8.5
    • FIX label & title configuration bug
  • 1.8.4
    • FIX number format bug
  • 1.8.3
    • FIX conversion bug in some cases when converting to CAD
  • 1.8.2
    • Fix syntax bug on older PHP versions
  • 1.8
    • Added AVS and CVD checks
    • Added new Order Status “Supsicious” for suspicious AVS orders
  • 1.7.4
    • Added card payment details
  • 1.7.4
    • Added config field for Form Title
    • Added config field for AJAX processing
  • 1.7.3
    • Updated module from procedural PHP to MVC
    • Fixed most/all warnings and notices for undefined variables/indices in dev mode
    • Added ability to select and deselect credit card logos
  • 1.7.2
    • Fixed credit card validation errors when user has JS disabled
  • 1.7
    • Changed BO interface to Prestashop 1.6
    • Fixed all French translations
    • Added ability to hide CVV code field
    • Made database value names consistent
    • Added ability to submit a checkout button label in all languages
  • 1.6
    • Improved expiry date checkmark
    • Added many new error response messages when payment fails
    • Fixed addCSS and addJS errors


Disclaimer: Disclaimer: Your are responsible for the overall security of your website. The developer of this software is not liable for any damages as a result of using this software.