This page outlines the changes to Payment Gateways, in regards to increased security for all non-hosted payment gateways across all Encompass billing forms.
What changes are being implemented?
With the February 2020 release, all customers using non-hosted Payment Gateways will be required to enter a CVV code on all billing forms when working on the end user / constituent view.
Why are these changes being implemented?
Increased Security
The CVV code adds another layer of security when making an online transaction. This code is not stored on the magnetic strip or EMV chip, therefore, when the CVV code is required, the purchaser must have the card on their person in order to complete a transaction. This dramatically reduces the chance of fraudulent transactions, as in most cases fraudsters only have the credit card number and expiration dates.
Q&A
Will this effect my transaction workflow?
In short, no, it won't effect your transaction workflow. The only change will be that one-time and initial transactions processed through Encompass will require the CVV code to be entered into the billing form in order for the transaction to be successfully sent to your payment gateway.
Please note, we are only making this field required for the constituent view. Admins completing a billing form on behalf of an alumni/donor can still by-pass this field and complete a payment without it unless the payment gateway requires CVV in the admin view.
What will happen to existing recurring payments?
Nothing. These payments will get processed by your gateways as usual. CVV codes will only be required for initial and one-time transactions moving forward.
Do I need to make any changes to my payment gateway configuration?
No. The changes we are making are purely for the Encompass platform and do not require any changes to be made to your Payment Gateway.
I use a Bluefin device, will this still work with the CVV changes?
4 – Card Number, Expiration Date, Security Code, Zip Code
5 – Card Number, Expiration Date, Security Code, Address, Zip Code
6 – Card Number, Expiration Date, Security Code
My Payment Gateway offers the option to only allow transactions with a CVV code. As Encompass is collecting this information for all gateways now, can I activate this setting?
No, this setting should not be activated for Payment Gateways that offer it. PCI regulations state that no one is allowed to store CVV codes, therefore Encompass can only send that code for initial or one-time transactions. If this setting is activated on the Payment Gateway, all future recurring payments will fail as a result. When setting up a recurring transaction, the CVV code validation is sufficient for the entire series of transactions, which means that activating this setting is unnecessary.
For more information on PCI compliance please view this document here.
If you have any questions or concerns regarding this update to CVV codes, then please reach out to your CSM for more information.