Background
Engaging Networks is committed to protecting donor information and maintaining the highest standards of data security. As we continue to grow, processing more and more donations each year, it’s vital for Engaging Networks to take the steps needed to remain compliant with the Payment Card Industry Data Security Standard (PCI DSS). As part of this effort, starting in January 2024, we will begin using a third party to tokenize credit card data immediately after it is submitted by donors to your EN-hosted forms on which you accept credit card payments.
We have chosen a respected data security company – Very Good Security (VGS) – as our partner, to significantly enhance the security of credit card transactions made on our clients’ EN-hosted pages. With VGS’ involvement, the way in which we transmit and process credit card data will be more secure, reducing the risk that this data can be stolen.
What is tokenization?
Tokenization is the process of protecting sensitive data by creating a unique token that represents the data while storing the original data securely in a vault.
At Engaging Networks, we have always tokenized credit card data to ensure the highest levels of security. However, with our new tokenization solution, VGS will collect and tokenize the donor’s credit card data immediately after it is submitted by donors, and then securely save it in a vault. By doing this, there is no need for Engaging Networks systems to interact with the card data.
Client Impact
The introduction of VGS tokenization in the Engaging Networks platform affects our clients in three areas:
1) Form Creation — Credit card number and CVV fields
Clients will need to edit their payment form block and select a new Field Type – namely Token – for the credit card number and CVV fields.
Two exciting enhancements with this update:
- Engaging Networks will auto-select the card type (Visa, Mastercard, etc.) and show the credit card logo out-of-the-box, so that no further customization will be needed.
- The CVV field will automatically be limited to either 3-digits or 4-digits, depending on the card type.
Please note: any custom implementation showing credit card logos will no longer be needed and should be removed from your pages. The VGS tokenization solution uses an iframe that might interfere with any custom code used to display credit card logos.
2) Engaging Networks Services (ENS) Application Programming Interface (API)
Clients and Partners who use the ENS API to process transactions that include card details (credit card number / CVV) will need to use the “us-vault” or “ca-vault” endpoints instead of the current endpoints. All other API traffic, like authentication and supporter services, should continue to use the standard endpoints.
The current endpoints are:
-
- https://ca.engagingnetworks.app
- https://us.engagingnetworks.app
The new endpoints (for credit card data only) are:
- https://ca-vault.engagingnetworks.app
- https://us-vault.engagingnetworks.app
- Sandbox (US region) requests will originate from:
- 18.215.58.36
- 34.194.18.145
- 34.206.157.22
- Live (US region) requests will originate from:
- 52.6.216.177
- 52.7.148.215
- 52.72.130.32
- Live (EU region) requests will originate from:
- 3.127.9.201
- 52.58.226.180
- 35.157.113.181
- 3.124.157.86
- 3.127.53.149
- 3.123.45.10
Timeline
- January 12th, 2024 – Clients can start updating pages that process credit card transactions on production.
- March 1st, 2024 – All clients must be using the new fields on all pages that are actively processing credit card transactions.
- If a client doesn’t update the credit card and CVV fields to the new type “Token” by the deadline, Engaging Networks will make the switch automatically for them.
Customization
Allows you to select whether an icon should be displayed in this field.
| Data type: | Default value: |
| boolean | true |
Example:
<script>
window.enVGSFields = {
‘transaction.ccnumber’: { showCardIcon: false },
‘transaction.ccvv’: { showCardIcon: false }
}
</script>
Allows you to style the field using a standalone Cascading Style Sheet.
| Data type: | Default value: |
| object | not provided |
Supported via this method is:
- Regular CSS properties
- Placeholders
- Generic Web Fonts and @font-face property
- Pseudo-classes (eg. :hover, :focus)
- Media queries (media query condition is calculated based on the iframe width, not on the parent window)
There are also some additional classes available that are mapping the current state of the field, and which are inherited from the main styles.
You can style any of the following field states by adding a selector to the css object:
& .invalid – applied when the field has invalid value.& .valid – applied when the field has a valid value.& .empty – applied when the field doesn’t have any value.& .dirty – applied once the user changed the value in the watched field.& .touched – indicates that the field has been touched, applied after the first blur event.
Example
<script>
window.enVGSFields = {
‘transaction.ccnumber’: {
css: {
color: ‘#1b1d1f’,
border: ‘solid 1px #1b1d1f’,
transition: ‘border-color .15s ease-in-out’,
borderRadius: ‘5px’,
padding: ‘0 10px’,
boxSizing: ‘border-box’,
‘&:focus’: {
borderColor: ‘#11bef5’,
}
}
}
}
</script>
Specifies whether a field should automatically get focused when the page loads.
| Data type: | Default value: |
| boolean | false |
By default, each field has its own aria-label value, but you can redefine it and specify the purpose for better accessibility.
| Data type: | Default value: |
| string | not provided |
Placeholder text for a field.
| Data type: | Default value: |
| string | not provided |
Enables or disables the hiding of the input value for a field as it is being typed.
| Data type: | Default value: |
| boolean | false |
Override the default icons presented to the user with your own designs. Images must be provided as inline data URLs.
| Data type: | Default value: |
| object | not provided |
The following are the supported properties:
- cardPlaceholder: card icon for empty and undefined card brand states.
- cvvFront: card icon for the front (amex) CVV.
- cvvBack: card icon for the back CVV.
- visa|amex|maestro|visaelectron|mastercard|discover|dankort|dinersclub|jcb|unionpay|forbrugsforeningen|elo|hipercard: card icons for a particular brand.
Example 1
<script>
window.enVGSFields = {
‘transaction.ccnumber’: {
icons: {
cardPlaceholder: “data:image/svg+xml,%3Csvg xmlns=’http://www.w3.org/2000/svg’ height=’24px’ viewBox=’0 0 24 24′ width=’24px’ fill=’%233BBF45’%3E%3Cpath d=’M0 0h24v24H0z’ fill=’none’/%3E%3Cpath d=’M21 18v1c0 1.1-.9 2-2 2H5c-1.11 0-2-.9-2-2V5c0-1.1.89-2 2-2h14c1.1 0 2 .9 2 2v1h-9c-1.11 0-2 .9-2 2v8c0 1.1.89 2 2 2h9zm-9-2h10V8H12v8zm4-2.5c-.83 0-1.5-.67-1.5-1.5s.67-1.5 1.5-1.5 1.5.67 1.5 1.5-.67 1.5-1.5 1.5z’/%3E%3C/svg%3E”
}
}
}
</script>
Example 2
<script>
window.enVGSFields = {
‘transaction.ccnumber’: {
icons: {
visa: “data:image/svg+xml,%3Csvg xmlns=’http://www.w3.org/2000/svg’ height=’24px’ viewBox=’0 0 24 24′ width=’24px’ fill=’%233BBF45’%3E%3Cpath d=’M0 0h24v24H0z’ fill=’none’/%3E%3Cpath d=’M21 18v1c0 1.1-.9 2-2 2H5c-1.11 0-2-.9-2-2V5c0-1.1.89-2 2-2h14c1.1 0 2 .9 2 2v1h-9c-1.11 0-2 .9-2 2v8c0 1.1.89 2 2 2h9zm-9-2h10V8H12v8zm4-2.5c-.83 0-1.5-.67-1.5-1.5s.67-1.5 1.5-1.5 1.5.67 1.5 1.5-.67 1.5-1.5 1.5z’/%3E%3C/svg%3E”
}
}
}
</script>
Please contact Engaging Networks for further details.
We have done extensive testing on a variety of templates to ensure that making this switch does not cause major issues. However, we encourage you to update the fields on your most active forms as soon as possible so that there is plenty of time to troubleshoot if needed.