Introduction

For certain gateways, UltraCart can store the credit card information within the UltraCart vault and also within the credit card processor's vault. When an auto order rebill occurs, UltraCart instructs the payment processor to use the credit card information stored within the payment processor's vault. Using the gateway vaulted credit card information allows for one very important function to occur: automated credit card updates.

The supported payment processors periodically send the vaulted card information off to the credit card companies (Visa, MasterCard, AMEX, etc.) and ask them if there are any updates to the given card. When those updates occur due to card changes, the payment gateway takes that new information and updates the vault record.

You may have experienced this automatic update for your own personal subscriptions as they continue to work even after receiving a new card.

Supported Payment Processors

As of May 2023, we are supporting this functionality on the following gateways:

• Authorize.Net

• Braintree (BETA)

• NMI (BETA)

• PayPal (Latest Version)

• Stripe

The configuration for each gateway varies and some charge a fee for the service.

Authorize.Net

The Authorize.Net integration requires you to have the “Authorize.NET JSON” configured. Many merchants are currently running the older Authorize.Net 3.1 integration. The credentials are the same. You just need to change the integration type and move your credentials down to the new gateway.

Open

Are you have configured the proper gateway, within the Authorize.Net interface you will need to login to authorize.net and enable the Account Updater functionality shown in the menu below.

Open

Authorize.Net charges the typical $0.25 per update fee.

Braintree (BETA)

For Braintree, you must contact your Braintree Representative and have your contract modified to include the Account Updater service. More information on Braintree can be found here:

https://www.braintreepayments.com/features/account-updater

Braintree charges the typical $0.25 per update fee.

NMI (BETA)

Follow these instructions to use the Automatic Card Updater with NMI.

PayPal

The latest version of PayPal utilizes their new RTAU (real-time account updater) which retrieves updated card information when a card is charged again. There is no configuration required to use this functionality when PayPal is your credit card processor.

Stripe

Stripe includes card updater functionality for free with their standard pricing plan. The integration does not require any further setup. UltraCart will automatically dual vault all auto order subscription card information. When updates occur, UltraCart receives a webhook notification from Stripe and notes the update in the Auto Order Logs.

If you have negotiated pricing with Stripe to receive a discount then the fee for card updates is the typical $0.25 per update.

Auto Order Editor

UltraCart will display a small message under the card number to indicate if the credit card information is dual vaulted.

Backfill to Payment Processor

Once UltraCart Support has validated that you have a proper dual vaulting configuration, UltraCart can perform a backfill operation to most payment providers. Please contact UltraCart Support if you are interested in having a backfill performed.

BigQuery

The Orders table within BigQuery will contain a dual_vaulted record under the credit card object. The presence of the record indicates the card information is dual vaulted.

REST API / Webhook

Similar to BigQuery, the order → payment → credit_card → dual_vaulted object indicates the presence of dual vaulted card information on the order.

Tasks Integration

The new Tasks module can generate a system task whenever a card update is received that indicates that the customer needs to be contacted for new information. Configuring this task generation is done under:

Configuration → Order Management → Task Generation → Auto Order Processing

A screenshot of this setting is shown below.

Dual Vaulted Life Cycle

Payment processors do not know whether you still need the vaulted credit card information for a future transaction. They will gladly store larger and larger amounts of information and seek updates to that information. Given that the typical card will receive at least one update every three years due to expiration, the expected average cost of update fees associated with a vaulted card is 8.3 cents per year. To avoid incurring a large cost for updating thousands of cards, UltraCart has a system to remove unused cards.

UltraCart keeps track of each dual vaulted card record and their associated orders. Card information is purged from an order 60 days later (or when a recurring order completes). Once the credit card information is purged from ALL of the orders that used the dual vaulted record a cleanup life cycle will begin. UltraCart will set a 200 day expiration time on the dual vaulted information. After the time period expires, UltraCart will make an API call to your payment gateway to delete the vaulted card information. So for a single order, the vault will delete after 260 days.

Vault All Transactions

Some merchants have external call centers that use the dual vaulted information to perform subsequent transactions during outbound marketing calls. Using this dual vaulted information prevents them from having to obtain the credit card information from the customers a second time thereby reducing PCI scope.

Because of this possibility, whenever a channel partner object is imported we will extend the life span of dual vaulted tokens an additional 200 days. Even if UltraCart does not have an active auto order using the dual vaulted information, it will not be purged as long as it’s used once every 180 days (six months). UltraCart extends the expiration of the dual vaulted information based upon the email address originally used during the vaulting process being specified on the channel partner order import operation.

Because dual vaulting every transaction is a substantially higher amount of transactions, the dual vaulted life cycle manager that UltraCart implements is critical to reducing the cost associated with dual vaulting.

Please contact UltraCart Support if you would like to have all your transactions dual vaulted.

Processor Specific Configuration

Braintree

Once you have enabled the Card Updater functionality on your Braintree account, you need to create a webhook within your Braintree account that points to:

Replace {MERCHANT ID} and {RTG CODE} with your merchant ID and the rotating transaction gateway code associated with your Braintree gateway.

The processing of Braintree card updates is logged within Integration Logs and auto order logs to help you keep tabs on the updates that you are receiving on your subscriptions.