Credit Card Migrations
- What are credit card migrations?
- Does WePay participate in credit card data migrations?
- What is an import?
- What is an export?
- What data format does WePay expect and send?
- What do platforms need to do after a migration?
- What are the requirements for a migration?
- How long will a migration take?
- What information should I provide to start a migration?
- What is an SSH key and why do I need one?
Migrations refer to the transmission of credit card data from one processor to another:
- transmitting data from another processor to WePay is called an import
- transmitting data from WePay to another processor is called an export
Credit card migrations deal exclusively with credit card data; WePay cannot migrate client profiles, billing schedules, or payment bank information associated with ACH payments.
Yes! In the spirit of data portability, WePay will migrate credit card information to/from another PCI compliant processor.
WePay will work with any other processor, but there must be a level of commitment from all parties involved. Be sure to have contact information for the other processor so that WePay can work directly with them.
Importing credit cards to WePay involves a merchant (or a batch of merchants) moving their processing to WePay. Rather than having each payer re-submit their credit card information to WePay individually, WePay can work with the legacy processor to securely transmit the data to WePay’s PCI compliant servers.
Here’s an example scenario to help conceptualize imports:
A business, Food For Dogs, currently processes with Stripe, but wants to start using the platform services of PlatformA, which includes using WePay as their new processor.
Food For Dogs should reach out to both Stripe and WePay regarding the migration, from which point Stripe and WePay will coordinate the migration together.
Once the migration is complete, WePay will work with PlatformA to match up imported cards with billing schedules and client profiles.
There are two options for importing credit card data to WePay:
This option requires use of the /credit_card/transfer API call, which in turn requires the platform to have access to the raw credit card data AND permission from WePay.
In cases when the platform does not have access to raw credit card data, WePay will work with the legacy processor to migrate card data.
Exporting credit cards from WePay involves a merchant (or a batch of merchants) moving their processing from WePay to a new processor. Rather than having each payer re-submit their payment information to the new processor individually, WePay can work with the new processor to securely transmit the payment data.
WePay will export for a given merchant/platform once. Once an export begins, be sure to pause onboarding, or begin onboarding with the new processor.
Here’s an example scenario to help conceptualize exports:
A business, Food For Dogs, currently uses the platform services of PlatformA, which includes processing with WePay, but wants to start processing with Stripe.
Food For Dogs should reach out to both Stripe and WePay, at which point the two processors will coordinate the complete the migration. WePay will also collect consent from PlatformA to move processing over to Stripe.
Once the card migration is complete, Stripe will work with Food For Dogs to match up cards to client profiles and billing schedules.
Exports must be conducted via SFTP servers; there is no universal API call between processors in order to migrate card data. That being said, platforms which already have the raw credit card data may work directly with the new processor to migrate the payment data.
For platforms which use tokenization, WePay will work directly with the new processor.
When WePay does not have data for a certain cell (like extended address), the cell will be empty.
Additionally, WePay may export some items referred to as preapprovals, rather than credit cards. If these items are being exported the header will be
preapproval_id rather than
credit_card.token, but all other data can be treated just the same as a credit card. These will be sent in a separate file from any credit cards.
After an import, WePay will provide a mapping file to platforms with the legacy card identifier and the new WePay credit card token. Whatever the legacy processor provides to WePay as the card identifier should be publicly accessible to merchants in their exported client profiles and billing schedules. This will allow you, the platform, to map those client profiles and billing schedules to the WePay credit card object in your own system data.
For an export, WePay provides the card token (or preapproval ID in cases of preapproval card objects) to the new processor. Once the new processor imports the cards to their system, the card token must be used by you, the platform, in order to map the new card token to the merchant’s client profiles and billing schedules.
Please note that credit card migrations only handle the card data itself. Platforms must map credit card identifiers to their own system data in order to migrate items like biling schedules or client profiles.
In order to perform a migration, the following requirements must be met:
- The card data being migrated must include all of the following:
- Card number
- Valid card expiration month
- Valid card expiration date
- Card holder name
- Card holder email address
- Card holder billing address
- Card holder billing country (ISO-2 format)
- Card holder zip/postal code
- Legacy card identifier (token, reference ID, etc)
- Card data must be compiled in a .csv file with descriptive column headers
- The .csv file must be encrypted
- The .csv file must be transmitted on either:
- WePay’s SFTP server
- The other processor’s SFTP server
- Login credentials to the SFTP server must be encrypted with the recipient’s public PGP key (e.g. if WePay’s SFTP server is being used, WePay will require the legacy processor’s public PGP key in order to encrypt login credentials, and vice versa)
In addition to the above, there are import and export specific requirements:
|Legacy processor must provide a merchant-facing card identifier in the card data file sent to WePay||WePay requires the new processor’s public PGP key to encrypt the card data|
|Legacy processor must send customer profiles/billing schedules to the platform; WePay does not handle recurrence||WePay will provide the card token in the card data file sent to the new processor to be used for mapping|
|Once an import is complete, WePay will provide a mapping file containing only the legacy card identifier and the new WePay card token; platforms are expected to use these data points to map the card to items like billing schedules or client profiles||The platform must send customer profiles/billing schedules to the new processor along with the card token|
If these requirements cannot be met, WePay cannot participate in the migration. While we strive to accommodate our clients and support credit card portability, WePay must uphold PCI standards and perform migrations securely in order to protect payers’ credit card information.
Once all requirements are met, WePay aims to complete migrations within 10 business days. If we are coordinating with another processor which WePay has not previously performed a migration with, it may take as long as 30 days to complete the first migration.
This time frame does not include any coordination between the other processor and WePay, and only starts once the other processor and WePay exchange items like PGP keys and SFTP login information.
To avoid any lapse in processing, please ensure the following:
- You can continue processing with your legacy processor up until the data is sent to WePay (imports)
- Your new processor will get you up and running as quickly as possible once WePay sends the data (exports)
Unfortunately, WePay cannot guarantee completion within 10 business days, as migrations require accuracy and active participation from all parties. That said, we do strive to meet this 10-business-day goal.
If you are a platform representative starting the migration process on behalf of a merchant, please provide:
- Your name and email contact
- Your merchant’s name and email contact – Merchants must be directly involved in the migration process, and other processors will typically require authorization from the merchant, as well.
- The name and email contact for the other processor
If you are a merchant requesting your own migration, please provide:
- The business name of the other processor
- The name and email address for your point of contact at the other processor
- The name and email address for your point of contact at WePay’s partner platform (i.e. FreshBooks, GoFundMe, Classy, etc.)
An SSH Key is used by our engineering team in order to grant you access to our SFTP server. The SSH Key is added to our SFTP server so that you can log in and upload/download file(s) securely. Please note that this is different from a PGP key.