In version 6.4, all sensitive payment data will now be handled solely through Datacap Netepay which uses End to End Encryption and Tokenization. These techniques encrypt the data from the Payment Terminal to Processor keeping customer’s card holder data private, even if your system were to be breached as no unencrypted card holder data will be transmitted through your computers or networks, though keeping your systems secure is critical for protection of your other sensitive data and preventing disruption of your day to day operation.
No changes will be required and you can proceed to update to 6.4 if:
For All others:
- If you are using stored encrypted card numbers for reoccurring payments -> an upgrade to NetEpay Hosted (Tokenization), EVO (which uses Netpay Hosted) or to Wordpay FIS IP (US only) is required
- If you are switching from Worldpay to Global, or an upgrade from Worldpay to NetEpay Hosted, then you will be required to re-collect the card on file information. as the existing tokens will not transfer to NetEpay hosted.
- If you are NOT tokenized and are storing cards on file and moving to a tokenized solution -> tokens can be created from the cards on file. First you will require to get on NetEpay Hosted and create tokens using the latest version of 6.2.4. Then the update to 6.4 can be performed.
- Elavon -> will have to switch to a different processor as there are no Elavon Options available for Netepay Hosted.
- Moneris (Canadian) and Canadian Paymentech did not have the card of file ability so there will be no change here. However, Moneris P400 does support limited tokenization (if you don’t use TAP)
If you choose not to upgrade, you can continue to use the PCI validated version of System Five 6.2 as long as you are able to obtain pinpads and are supported by your payment processor.
CAUTION: If you choose to upgrade, and discover an issue; a downgrade is not possible. The only way to go back to your previous version is to 'restore' from a previous backup. This may result in having to re-key multiple days/weeks of transactions depending on the age of your backup.
How to tell if you are collecting card holder information under System Five’s PCI validated application.
- If Allow collecting of credit card information for Later authorization IS enabled and Use Tokenization IS NOT enabled.
Also if you have enabled Allow Card not present transactions on screen, this option will also not be available with the PCI out of scope version of 6.4. There may be other options available depending on your processor.