Migrating to High Security

High Security mode adds additional protection to your customer self-support pages by adding a signature to all pages which include existing customer data. We use multiple techniques to protect your self-support pages from unauthorized access in Standard Security mode. However, the High Security mode signature provides a greater level of protection by verifying that the URL was generated by ChargeDesk (or your company). It also allows pages to expire after a set period of time.

Do I need to migrate to High Security mode?

Standard security mode provides strong protection for your data. For most companies, it will provide a sufficient level of security. However, if possible, we encourage all companies to switch on High Security as an additional layer of protection.

In particular you should considering migrating if your company;

• Has easily guessable customer IDs (such as email addresses), or
• Requires pages with customer data to expire after a set period such as for HIPAA compliance.

What do I need to do to migrate?

Migrating from Standard to High Security can be relatively straight forward. If you don't link directly to customer self-support pages, or use embedded components, you can enable High Security without making any other changes. In other words, if you don't have any custom code which integrates with ChargeDesk, you can switch on High Security immediately.

Follow these steps to enable High Security;

1. Check if you link directly to any Self-Support pages, or use any Embeddable Components. If you do, refer to the sections below before proceeding.
2. From Setup > Customer Self-Support > Security Level enable High Security
   Sign in to show your security settings here.
3. We strongly recommend setting Setup > Customer Self-Support > Landing Page to Sign In Page
   Sign in to show your landing page settings here.

When you switch on High Security mode, any existing links to self-support pages (such as those in email receipts and invoices) will cease to work. However, if you have enabled the Sign In Landing Page, your customers will be able to enter their email address to re-authenticate themselves to access these pages. This will also work when the signature on a page has expired.

I link directly to Self-Support pages. How do I migrate?

Any Self-Support page which includes existing customer data will require a signature in High Security mode. This does not include generic payment pages, card collection or product payment pages. This does include charge support, billing history, customer card update, invoice update and subscription management pages.

ChargeDesk will automatically add a signature to any of these Self-Support URLs generated inside email receipts, invoices, apps, the web interface and API. You can use the ChargeDesk API to return a current support URL for a charge.

Alternatively, signatures can be generated on your own server using your secret support key. Find out how to generate this signature.

I use Embeddable Components. How do I migrate?

Like Self-Support pages, Embeddable Components which include existing customer data will require an additional signature. This includes only the Update Card, Subscription and Billing History components. Other components do not require a signature.

Instead of generating a signature, you can instead use the Self-Support Sign In component which allows your customers to verify themselves using their email address.

Alternatively, signatures can be generated on your own server using your secret support key and included in the embedded component parameters. Find out how to generate this signature.