Fiserv is updating cipher support for TLS 1.2 connections to all subdomains of api.payeezy.com domain to improve connection security for all clients. This is a corporate-wide, global change for any clients consuming our API services hosted on Apigee.
Before April 30th , 2019 First Data will be making a change to the infrastructure that supports our REST API
gateway. This is a corporate-wide, global change for any clients leveraging our APIs hosted on Apigee.
Payeezy API Sandbox environment is updated with the latest certificate as of July 17th 2018. Merchants can test SDK update in this environment as of now.
On Friday 7/20 between 3-6 am ET certificate will be temporarily updated in production. You have an opportunity to test in production during this window. The certificate will be restored back before 6 am ET.
The permanent update of the certificate in production is scheduled for Wed 7/25 at 3 AM ET.
In compliance with PCI SSC direction that all processors must upgrade to current versions of TLS (Version 1.2 recommended), Payeezy API will be disabling all non-compliant SSL and TLS protocols (TLS 1.0 and 1.1) in each environment as outlined in the below schedule.
Sandbox (https://api-cert.payeezy.com) - Jan 10,2018
Live - (https://api.payeezy.com) - Jan 24, 2018
First Data remains vigilant in protecting data and ensuring that our products and services are compliant with industry standards and PCI requirements. In order to further improve the protection of sensitive cardholder data, the GET request method for the Tokenization Credit Card API will be replaced with a Tokenization Credit Card API call that uses the POST request method. The new call has been published in the Payeezy Developer Portal (developer.payeezy.com).
We are renewing the SSL/TLS certificates on our API endpoint.
Sandbox (https://api-cert.payeezy.com) - 15 July 2016
Live - (https://api.payeezy.com) - 26 July 2016 at 2:00 AM EST
In a token-based transaction, the CVV number can be included as an optional field in the request payload.
Today, if the CVV number is included in the request payload, it is echoed back in the response by Payeezy API. This CVV number in the API response is redundant and will be removed from the API response. The highlighted below will be removed from the API Response:
Understanding the needs of our merchants and doing what best creates the value is the motto of Payeezy. Following the same spirit we are announcing the availability of 3D secure authentication for merchants who want to leverage Payeezy.js as their preferred method of integration.
UPDATE - Payeezy API Security Protocol Update Postponed.
We have heard from our customers in regards to discontinuing support for TLS1.0 and TLS1.1 protocols and have postponed the deprecation timeframes for the PROD and CERT environments for these protocols. The changes made to the CERT (Sandbox) environment have been reverted back and we will continue to support TLS1.0 and TLS1.1 protocols. We will also continue to work with our security teams to comply with the PCI mandates.