Payeezy API Sandbox environment is updated with the latest certificate as of July 17th 2018. Merchants can test SDK update in this environment as of now.
On Friday 7/20 between 3-6 am ET certificate will be temporarily updated in production. You have an opportunity to test in production during this window. The certificate will be restored back before 6 am ET.
The permanent update of the certificate in production is scheduled for Wed 7/25 at 3 AM ET.
Payment.JS – an updated version of Payeezy.JS is now available as an integration option for merchants to use tokenization functionality and lower PCI requirement to SAQ-AEP.
In Payeezy.JS implementation, Java script file was residing on merchant server, whereas in Payment.JS solution, merchant server does not need to place JS file on their servers instead it calls the library which creates real time form during every call to capture sensitive payment card details, resulting in a better PCI complaint solution to use for tokenization.
In compliance with PCI SSC direction that all processors must upgrade to current versions of TLS (Version 1.2 recommended), Payeezy API will be disabling all non-compliant SSL and TLS protocols (TLS 1.0 and 1.1) in each environment as outlined in the below schedule.
Sandbox (https://api-cert.payeezy.com) - Jan 10,2018
Live - (https://api.payeezy.com) - Jan 24, 2018
First Data remains vigilant in protecting data and ensuring that our products and services are compliant with industry standards and PCI requirements. In order to further improve the protection of sensitive cardholder data, the GET request method for the Tokenization Credit Card API will be replaced with a Tokenization Credit Card API call that uses the POST request method. The new call has been published in the Payeezy Developer Portal (developer.payeezy.com).
We are renewing the SSL/TLS certificates on our API endpoint.
Sandbox (https://api-cert.payeezy.com) - 15 July 2016
Live - (https://api.payeezy.com) - 26 July 2016 at 2:00 AM EST
In a token-based transaction, the CVV number can be included as an optional field in the request payload.
Today, if the CVV number is included in the request payload, it is echoed back in the response by Payeezy API. This CVV number in the API response is redundant and will be removed from the API response. The highlighted below will be removed from the API Response:
Understanding the needs of our merchants and doing what best creates the value is the motto of Payeezy. Following the same spirit we are announcing the availability of 3D secure authentication for merchants who want to leverage Payeezy.js as their preferred method of integration.
UPDATE - Payeezy API Security Protocol Update Postponed.
We have heard from our customers in regards to discontinuing support for TLS1.0 and TLS1.1 protocols and have postponed the deprecation timeframes for the PROD and CERT environments for these protocols. The changes made to the CERT (Sandbox) environment have been reverted back and we will continue to support TLS1.0 and TLS1.1 protocols. We will also continue to work with our security teams to comply with the PCI mandates.