If you’ve been in the builder lately, you may have noticed some alerts and changes related to our Credit Card field. We recently released a new Credit Card field that makes it faster and easier for form submitters to input their cardholder information and even safer for you to collect and process it. What prompted this change?
Formstack is becoming PCI compliant, and that means we need to adhere to tight security guidelines for payment processing. As an online data collection company, we care deeply about data security. In a world where data breaches are a common occurrence, this is a much needed update to meet industry security standards and ensure we are not putting anyone’s sensitive credit card information at risk. If your business uses a credit card payment form of any sort, here’s what you need to know about the new Credit Card field in Formstack:
UPDATE: Formstack is PCI compliant!
Security-Based Updates
As a PCI compliant form builder, Formstack cannot store full credit card information on our servers. To ensure we meet this standard, we’ve added enhanced security measures to the new Credit Card field. First, the Credit Card field is disabled in the builder and on the live form until it is properly mapped to an enabled payment integration or a PCI webhook (stay tuned for more on PCI webhooks in the coming weeks).
Second, sensitive credit card data is now sanitized upon submission. Only the expiration date and the last four digits of the credit card number will be visible in the Formstack submissions table and emails. The CVC code will also be sanitized and displayed as asterisks.
Other New Features
In addition to making the new Credit Card field more secure, we’ve enhanced the way it looks and works for users. The new field has a more unified, compact design. Instead of displaying as three separate fields for credit card number, expiration date, and CVC, there is now a single responsive field that allows users to enter all three pieces of cardholder data without needing to tab or click into the next field. (Note: When viewing the field on a narrow mobile phone screen, you may see three fields, but the auto-tabbing will still work.)
The new Credit Card field is also equipped with automatic validation features. Any credit card number entered on the form is checked to ensure the number exists and is not missing any numerals. If there are issues with the number entered, an error will display on the form. The expiration date is also checked, and an error will display if the card is expired.
Finally, the new field can automatically identify and display card type based on the number entered into the field, as shown above with the Visa icon. (Note: You are still able to control which credit card types to accept on your form.)
Next Steps
With the release of this new field, we will be discontinuing the old Credit Card field in January 2019. If you use the old field on any of your online forms, you must swap it out for the new field by then. To help you with this, we’ve created an in-app auditing tool—accessible from your account dashboard—that makes it easier for you to find forms that use the old Credit Card field. Simply click “Update Now” on the notification message at the top of your dashboard to see a list of forms that need to be updated.
To learn more about Formstack becoming PCI compliant and the steps you may need to take to convert your form, check out this help doc.
