This page outlines the changes to CVV codes for all non hosted payment gateways across all encompass billing forms.
What changes are being implemented?
As of our 61.7 release, all customers using non-hosted Payment Gateways will be required to enter a CVV code on all billing forms.
Why are these changes being implemented?
The CVV code adds another layer of security when making an online transaction. This code is not stored on the magnetic strip or EMV chip, therefore, when the CVV code is required, the purchaser must have the card on their person in order to complete a transaction. This dramatically reduces the chance of fraudulent transactions, as in most cases fraudsters only have the credit card number and expiration dates.
Will this effect my transaction workflow?
In short, no, it wont effect your transaction workflow. The only change will be that one-time and initial transactions processed through Encompass will require the CVV code to be entered into the billing form in order for the transaction to be successfully sent to your payment gateway.
What will happen to existing recurring payments?
Nothing. These payments will get processed as usual. CVV codes will only be required for initial and one-time transactions moving forward.
Do i need to make any changes to my payment gateway configuration?
No. The changes we are making are purely for the Encompass platform and do not require any changes to be made to your Payment Gateway.
My Payment Gateway offers the option to only allow transactions with a CVV code. As Encompass is collecting this information for all gateways now, can i activate this setting?
No, this setting should not be activated for Payment Gateways that offer it. PCI regulations state that no one is allowed to store CVV codes, therefore Encompass can only send that code for initial or one-time transactions. If this setting is activated on the Payment Gateway, all future recurring payments will fail as a result. When setting up a recurring transaction, the CVV code validation is sufficient for the entire series of transactions, which means that activating this setting is unnecessary.
For more information on PCI compliance please view this document here.
If you have any questions or concerns regarding this update to CVV codes, then please reach out to your CSM for more information.