Payment Gateway Changes

Print Friendly and PDF Follow

This page outlines the changes to Payment Gateways, in regards to increased security for all non-hosted payment gateways across all Encompass billing forms.

What changes are being implemented?

With the February 2020 release, all customers using non-hosted Payment Gateways will be required to enter a CVV code on all billing forms when working on the end user / constituent view.

Why are these changes being implemented?

Increased Security

The CVV code adds another layer of security when making an online transaction. This code is not stored on the magnetic strip or EMV chip, therefore, when the CVV code is required, the purchaser must have the card on their person in order to complete a transaction. This dramatically reduces the chance of fraudulent transactions, as in most cases fraudsters only have the credit card number and expiration dates. 

Q&A

Will this effect my transaction workflow?

In short, no, it won't effect your transaction workflow. The only change will be that one-time and initial transactions processed through Encompass will require the CVV code to be entered into the billing form in order for the transaction to be successfully sent to your payment gateway.

Please note, we are only making this field required for the constituent view. Admins completing a billing form on behalf of an alumni/donor can still by-pass this field and complete a payment without it unless the payment gateway requires CVV in the admin view.

What will happen to existing recurring payments?

Nothing. These payments will get processed  by your gateways as usual. CVV codes will only be required for initial and one-time transactions moving forward.

Do I need to make any changes to my payment gateway configuration?

No. The changes we are making are purely for the Encompass platform and do not require any changes to be made to your Payment Gateway. 

I use a Bluefin device, will this still work with the CVV changes?

As long as you are using 1 of the 3 modes that we support, there are no issues with using a Bluefin device.  
iModules supports SREDKey devices (below) operating in modes 4, 5, and 6.  
To set the device mode: 
From the screen reading “Swipe Card or Key-in Card Number” hit the Admin key.
“Select manual config 1-6” should now be showing. Choose the mode you wish to use from the follow by hitting the number key that corresponds to it and then select Enter.
        4 – Card Number, Expiration Date, Security Code, Zip Code
        5 – Card Number, Expiration Date, Security Code, Address, Zip Code
        6 – Card Number, Expiration Date, Security Code
 
 
Please note that using a  bluefin device will require entering the CVV code even on the admin side. 

My Payment Gateway offers the option to only allow transactions with a CVV code. As Encompass is collecting this information for all gateways now, can I activate this setting?

No, this setting should not be activated for Payment Gateways that offer it. PCI regulations state that no one is allowed to store CVV codes, therefore Encompass can only send that code for initial or one-time transactions. If this setting is activated on the Payment Gateway, all future recurring payments will fail as a result. When setting up a recurring transaction, the CVV code validation is sufficient for the entire series of transactions, which means that activating this setting is unnecessary.

For more information on PCI compliance please view this document here.

If you have any questions or concerns regarding this update to CVV codes, then please reach out to your CSM for more information.