1. Home
  2. Enhanced Checkout – Secured by VGS

Enhanced Checkout – Secured by VGS


Engaging Networks is committed to protecting donor information and maintaining the highest standards of data security. As we continue to grow, processing more and more donations each year, it’s vital for Engaging Networks to take the steps needed to remain compliant with the Payment Card Industry Data Security Standard (PCI DSS). As part of this effort, starting in January 2024, we will begin using a third party to tokenize credit card data immediately after it is submitted by donors to your EN-hosted forms on which you accept credit card payments. 

We have chosen a respected data security company – Very Good Security (VGS) – as our partner, to significantly enhance the security of credit card transactions made on our clients’ EN-hosted pages. With VGS’ involvement, the way in which we transmit and process credit card data will be more secure, reducing the risk that this data can be stolen.

What is tokenization?

Tokenization is the process of protecting sensitive data by creating a unique token that represents the data while storing the original data securely in a vault.

At Engaging Networks, we have always tokenized credit card data to ensure the highest levels of security. However, with our new tokenization solution, VGS will collect and tokenize the donor’s credit card data immediately after it is submitted by donors, and then securely save it in a vault. By doing this, there is no need for Engaging Networks systems to interact with the card data.

Client Impact

The introduction of VGS tokenization in the Engaging Networks platform affects our clients in three areas:

1) Form Creation — Credit card number and CVV fields

Clients will need to edit their payment form block and select a new Field Type – namely Token – for the credit card number and CVV fields.

Two exciting enhancements with this update:

  • Engaging Networks will auto-select the card type (Visa, Mastercard, etc.) and  show the credit card logo out-of-the-box, so that no further customization will be needed.
  • The CVV field will automatically be limited to either 3-digits or 4-digits, depending on the card type.

Please note: any custom implementation showing credit card logos will no longer be needed and should be removed from your pages. The VGS tokenization solution uses an iframe that might interfere with any custom code used to display credit card logos.

2) Engaging Networks Services (ENS) Application Programming Interface (API)

Clients and Partners who use the ENS API to process transactions that include card details (credit card number / CVV) will need to use the “us-vault” or “ca-vault” endpoints instead of the current endpoints. All other API traffic, like authentication and supporter services, should continue to use the standard endpoints.

The current endpoints are:

    • https://ca.engagingnetworks.app
    • https://us.engagingnetworks.app

The new endpoints (for credit card data only) are:

  • https://ca-vault.engagingnetworks.app
  • https://us-vault.engagingnetworks.app
3) Any clients using Worldpay or RSM will also need to whitelist additional IP addresses in their dashboard. The following are the IPs for each environment:
  • Sandbox (US region) requests will originate from:
  • Live (US region) requests will originate from:
  • Live (EU region) requests will originate from:


  • January 12th, 2024 – Clients can start updating pages that process credit card transactions on production. 
  • March 1st, 2024 – All clients must be using the new fields on all pages that are actively processing credit card transactions.
    • If a client doesn’t update the credit card and CVV fields to the new type “Token” by the deadline, Engaging Networks will make the switch automatically for them.


Please contact Engaging Networks for further details.

We have done extensive testing on a variety of templates to ensure that making this switch does not cause major issues. However, we encourage you to update the fields on your most active forms as soon as possible so that there is plenty of time to troubleshoot if needed.

Updated on November 17, 2023

Was this article helpful?

Need More Help?
Can't find the answer you're looking for?
Contact Support