Payment.JS – an updated version of Payeezy.JS is now available as an integration option for merchants to use tokenization functionality and lower PCI requirement to SAQ-AEP.
In Payeezy.JS implementation, Java script file was residing on merchant server, whereas in Payment.JS solution, merchant server does not need to place JS file on their servers instead it calls the library which creates real time form during every call to capture sensitive payment card details, resulting in a better PCI complaint solution to use for tokenization.
In compliance with PCI SSC direction that all processors must upgrade to current versions of TLS (Version 1.2 recommended), Payeezy API will be disabling all non-compliant SSL and TLS protocols (TLS 1.0 and 1.1) in each environment as outlined in the below schedule.
Sandbox (https://api-cert.payeezy.com) - Jan 10,2018
Live - (https://api.payeezy.com) - Jan 24, 2018
First Data remains vigilant in protecting data and ensuring that our products and services are compliant with industry standards and PCI requirements. In order to further improve the protection of sensitive cardholder data, the GET request method for the Tokenization Credit Card API will be replaced with a Tokenization Credit Card API call that uses the POST request method. The new call has been published in the Payeezy Developer Portal (developer.payeezy.com).
We are renewing the SSL/TLS certificates on our API endpoint.
Sandbox (https://api-cert.payeezy.com) - 15 July 2016
Live - (https://api.payeezy.com) - 26 July 2016 at 2:00 AM EST
In a token-based transaction, the CVV number can be included as an optional field in the request payload.
Today, if the CVV number is included in the request payload, it is echoed back in the response by Payeezy API. This CVV number in the API response is redundant and will be removed from the API response. The highlighted below will be removed from the API Response:
Understanding the needs of our merchants and doing what best creates the value is the motto of Payeezy. Following the same spirit we are announcing the availability of 3D secure authentication for merchants who want to leverage Payeezy.js as their preferred method of integration.
UPDATE - Payeezy API Security Protocol Update Postponed.
We have heard from our customers in regards to discontinuing support for TLS1.0 and TLS1.1 protocols and have postponed the deprecation timeframes for the PROD and CERT environments for these protocols. The changes made to the CERT (Sandbox) environment have been reverted back and we will continue to support TLS1.0 and TLS1.1 protocols. We will also continue to work with our security teams to comply with the PCI mandates.
Just over 1 year ago, we made the statement in our inaugural blog “never before has the timing been so right to bring together everyone in the payments ecosystem and open a world of possibilities.” The introduction of network-level tokenization ushered in an era of innovation not just with the industry, but for us as well with our Payeezy developer portal and a vision to expose the depth and breadth of all we have to offer from an eCommerce perspective.