Dual Vaulted Credit Card Processing
- 1 Introduction
- 2 Supported Payment Processors
- 2.1 Authorize.Net
- 2.2 Braintree (BETA)
- 2.3 NMI (BETA)
- 2.4 PayPal
- 2.5 Stripe
- 3 Auto Order Editor
- 4 Backfill to Payment Processor
- 5 BigQuery
- 6 REST API / Webhook
- 7 Tasks Integration
- 8 Dual Vaulted Life Cycle
- 9 Vault All Transactions
- 10 Processor Specific Configuration
- 10.1 Braintree
Introduction
For certain gateways, UltraCart can store the credit card information within the UltraCart vault and also within the credit card processor's vault. When an auto order rebill occurs, UltraCart instructs the payment processor to use the credit card information stored within the payment processor's vault. Using the gateway vaulted credit card information allows for one very important function to occur: automated credit card updates.
The supported payment processors periodically send the vaulted card information off to the credit card companies (Visa, MasterCard, AMEX, etc.) and ask them if there are any updates to the given card. When those updates occur due to card changes, the payment gateway takes that new information and updates the vault record.
You may have experienced this automatic update for your own personal subscriptions as they continue to work even after receiving a new card.
Supported Payment Processors
As of May 2023, we are supporting this functionality on the following gateways:
Authorize.Net
Braintree (BETA)
NMI (BETA)
PayPal (Latest Version)
Stripe
The configuration for each gateway varies and some charge a fee for the service.
Authorize.Net
The Authorize.Net integration requires you to have the “Authorize.NET JSON” configured. Many merchants are currently running the older Authorize.Net 3.1 integration. The credentials are the same. You just need to change the integration type and move your credentials down to the new gateway.
This will not work until you upgrade from Authorize.Net 3.1 to Authorize.Net JSON and enable the Account Updater feature.
Are you have configured the proper gateway, within the Authorize.Net interface you will need to login to authorize.net and enable the Account Updater functionality shown in the menu below.
Authorize.Net charges the typical $0.25 per update fee.
Braintree (BETA)
For Braintree, you must contact your Braintree Representative and have your contract modified to include the Account Updater service. More information on Braintree can be found here:
https://www.braintreepayments.com/features/account-updater
Braintree charges the typical $0.25 per update fee.
NMI (BETA)
Follow these instructions to use the Automatic Card Updater with NMI.
PayPal
The latest version of PayPal utilizes their new RTAU (real-time account updater) which retrieves updated card information when a card is charged again. There is no configuration required to use this functionality when PayPal is your credit card processor.
Stripe
Stripe includes card updater functionality for free with their standard pricing plan. The integration does not require any further setup. UltraCart will automatically dual vault all auto order subscription card information. When updates occur, UltraCart receives a webhook notification from Stripe and notes the update in the Auto Order Logs.
If you have negotiated pricing with Stripe to receive a discount then the fee for card updates is the typical $0.25 per update.
Auto Order Editor
UltraCart will display a small message under the card number to indicate if the credit card information is dual vaulted.
Backfill to Payment Processor
Once UltraCart Support has validated that you have a proper dual vaulting configuration, UltraCart can perform a backfill operation to most payment providers. Please contact UltraCart Support if you are interested in having a backfill performed.
BigQuery
The Orders table within BigQuery will contain a dual_vaulted record under the credit card object. The presence of the record indicates the card information is dual vaulted.
REST API / Webhook
Similar to BigQuery, the order → payment → credit_card → dual_vaulted object indicates the presence of dual vaulted card information on the order.
Tasks Integration
The new Tasks module can generate a system task whenever a card update is received that indicates that the customer needs to be contacted for new information. Configuring this task generation is done under:
Configuration → Order Management → Task Generation → Auto Order Processing
A screenshot of this setting is shown below.
Dual Vaulted Life Cycle
Payment processors do not know whether you still need the vaulted credit card information for a future transaction. They will gladly store larger and larger amounts of information and seek updates to that information. Given that the typical card will receive at least one update every three years due to expiration, the expected average cost of update fees associated with a vaulted card is 8.3 cents per year. To avoid incurring a large cost for updating thousands of cards, UltraCart has a system to remove unused cards.
UltraCart keeps track of each dual vaulted card record and their associated orders. Card information is purged from an order 60 days later (or when a recurring order completes). Once the credit card information is purged from ALL of the orders that used the dual vaulted record a cleanup life cycle will begin. UltraCart will set a 200 day expiration time on the dual vaulted information. After the time period expires, UltraCart will make an API call to your payment gateway to delete the vaulted card information. So for a single order, the vault will delete after 260 days.
Vault All Transactions
Some merchants have external call centers that use the dual vaulted information to perform subsequent transactions during outbound marketing calls. Using this dual vaulted information prevents them from having to obtain the credit card information from the customers a second time thereby reducing PCI scope.
Because of this possibility, whenever a channel partner object is imported we will extend the life span of dual vaulted tokens an additional 200 days. Even if UltraCart does not have an active auto order using the dual vaulted information, it will not be purged as long as it’s used once every 180 days (six months). UltraCart extends the expiration of the dual vaulted information based upon the email address originally used during the vaulting process being specified on the channel partner order import operation.
Because dual vaulting every transaction is a substantially higher amount of transactions, the dual vaulted life cycle manager that UltraCart implements is critical to reducing the cost associated with dual vaulting.
Please contact UltraCart Support if you would like to have all your transactions dual vaulted.
Processor Specific Configuration
Braintree
Once you have enabled the Card Updater functionality on your Braintree account, you need to create a webhook within your Braintree account that points to:
https://api.ultracartstorefront.com/braintree/webhook/{MERCHANT ID}/{RTG CODE}
Replace {MERCHANT ID} and {RTG CODE} with your merchant ID and the rotating transaction gateway code associated with your Braintree gateway.
There is a bug in the Braintree UI. When you first create the webhook there is not an option for the “account updater report”. Just select any other type of notification and save. Then edit the webhook again and the “account updater report” webhook type will appear. Select the webhook type and save.
The processing of Braintree card updates is logged within Integration Logs and auto order logs to help you keep tabs on the updates that you are receiving on your subscriptions.