Gravity Forms eWAY Client Side Encryption

Gravity Forms eWAY v2.1.0 has just been released, with support for Client Side Encryption.

When capturing credit card data directly on a website, it’s important to ensure that no sensitive details are stored anywhere that could be compromised by a hacker. That requires PCI compliance certification by the payment gateway.

To simplify things for website owners, eWAY introduced Client Side Encryption. This allows customers to enter their credit card details in their browser, immediately encrypting those details so that only eWAY can see them.

eway-client-side-encryption-key
eWAY Payments settings in Gravity Forms eWAY

Merchants using the Rapid API with non-PCI compliant websites must copy their Client Side Encryption key from MYeWAY and paste it into the settings page in Gravity Forms eWAY, so that credit card details are always encrypted. Failing to do so will get an error (Unauthorised API Access, Account Not PCI Certified) when processing transactions. PCI compliant websites are also encouraged to set their Client Side Encryption key, for improved security of credit card details.

You can update to the latest version from your WordPress plugin admin page. Here’s the full changelog for Gravity Forms eWAY.

PS: Gravity Forms eWAY Pro is getting closer, with Shared Page (hosted) transactions, feed-driven mapped fields, and more…