Meet Formstack’s New, Enhanced Credit Card Field

Written by Abby Nieten on November 29, 2018

Posted in Formstack Updates, Payment Processing

If you’ve been in the builder lately, you may have noticed some alerts and changes related to our Credit Card field. We recently released a new Credit Card field that makes it faster and easier for form submitters to input their cardholder information and even safer for you to collect and process it.

What prompted this change?

Formstack is becoming PCI compliant, and that means we need to adhere to tight security guidelines for payment processing. As an online data collection company, we care deeply about data security. In a world where data breaches are a common occurrence, this is a much needed update to meet industry security standards and ensure we are not putting anyone’s sensitive credit card information at risk.

If your business uses a credit card payment form of any sort, here’s what you need to know about the new Credit Card field in Formstack:

Security-Based Updates

As a PCI compliant form builder, Formstack cannot store full credit card information on our servers. To ensure we meet this standard, we’ve added enhanced security measures to the new Credit Card field.

First, the Credit Card field is disabled in the builder and on the live form until it is properly mapped to an enabled payment integration or a PCI webhook (stay tuned for more on PCI webhooks in the coming weeks!).

Formstack credit card field security

Second, sensitive credit card data is now sanitized upon submission. Only the expiration date and the last four digits of the credit card number will be visible in the Formstack submissions table and emails. The CVC code will also be sanitized and displayed as asterisks.

Formstack credit card field submissions

Other New Features

In addition to making the new Credit Card field more secure, we’ve enhanced the way it looks and works for users.

The new field has a more unified, compact design. Instead of displaying as three separate fields for credit card number, expiration date, and CVC, there is now a single responsive field that allows users to enter all three pieces of cardholder data without needing to tab or click into the next field. (Note: When viewing the field on a narrow mobile phone screen, you may see three fields, but the auto-tabbing will still work.)

Formstack new credit card field 2018

The new Credit Card field is also equipped with automatic validation features. Any credit card number entered on the form is checked to ensure the number exists and is not missing any numerals. If there are issues with the number entered, an error will display on the form. The expiration date is also checked, and an error will display if the card is expired.

Formstack credit card field error

Finally, the new field can automatically identify and display card type based on the number entered into the field, as shown above with the Visa icon. (Note: You are still able to control which credit card types to accept on your form.)

Next Steps

With the release of this new field, we will be discontinuing the old Credit Card field in January 2019. If you use the old field on any of your online forms, you must swap it out for the new field by then. To help you with this, we’ve created an in-app auditing tool—accessible from your account dashboard—that makes it easier for you to find forms that use the old Credit Card field. Simply click “Update Now” on the notification message at the top of your dashboard to see a list of forms that need to be updated.

Formstack credit card field update

To learn more about Formstack becoming PCI compliant and the steps you may need to take to convert your form, check out this help doc.