In version 6.4, all sensitive credit card payment data will now be handled solely through Datacap Netepay which uses end-to-end encryption and tokenization. These techniques encrypt the data from the Payment Terminal to the Processor keeping the customer’s cardholder data private. If your system were to be breached no unencrypted cardholder data would be transmitted through your computers or networks keeping your systems secure along with the sensitive cardholder data your customer may have provided you.
No changes will be required and you can proceed to update to 6.4 if:
- You are using payment processing but not collecting/storing cardholder information or on-screen payments
- System Five on Cloud
- Worldpay FIS IP [MPS]aka Mercury (tokenization) - EXCLUDING: Worldpay Core 610/Vantiv/Fifth-Third (The original Vantiv [FTH] Worldpay/RBSLink (the original Worldpay) [WHP, WPT,LNK]
- EVO with an upgrade to Datacap Netepay hosted (P400 or Lane 3000/7000)
- Netepay Hosted (P400 or Lane 3000/7000)
- If you are using pre-authorizations you will require Datacap NetEpay 5.07.30 (01/31/2018) or higher in order to support EMV-Pre-Auth.
For All others:
- If you are using stored encrypted card numbers for reoccurring payments -> an upgrade to NetEpay Hosted (Tokenization), EVO (which uses Netpay Hosted) or to Wordpay FIS IP (US only) is required
- If you are switching from Worldpay to Global, or an upgrade from Worldpay to NetEpay Hosted, then you will be required to re-collect the card on file information. as the existing tokens will not transfer to NetEpay hosted.
- If you are NOT tokenized and are storing cards on file and moving to a tokenized solution -> tokens can be created from the cards on file. First, you will be require to get on NetEpay Hosted and create tokens using the latest version of 6.2.4. Then the update to 6.4 can be performed.
- Elavon -> will have to switch to a different processor as there are no Elavon Options available for Netepay Hosted.
- Moneris (Canadian) and Canadian Paymentech did not have the card of file ability so there will be no change here. However, Moneris P400 does support limited tokenization (if you don’t use TAP)
If you choose not to upgrade, you can continue to use the PCI validated version of System Five 6.2 as long as you are able to obtain pinpads and are supported by your payment processor.
CAUTION: If you choose to upgrade, and discover an issue; a downgrade is not possible. The only way to go back to your previous version is to 'restore' from a previous backup. This may result in having to re-key multiple days/weeks of transactions depending on the age of your backup.
How to tell if you are collecting card holder information under System Five’s PCI validated application.
- If Allow collecting of credit card information for Later authorization IS enabled and Use Tokenization IS NOT enabled.
Also if you have enabled Allow Card not present transactions on screen, this option will also not be available with the PCI out of scope version of 6.4. There may be other options available depending on your processor.