High Security mode adds additional protection to your customer self-support pages by adding a signature to all pages which include existing customer data. We use multiple techniques to protect your self-support pages from unauthorized access in Standard Security mode. However, the High Security mode signature provides a greater level of protection by verifying that the URL was generated by ChargeDesk (or your company). It also allows pages to expire after a set period of time.
Standard security mode provides strong protection for your data. For most companies, it will provide a sufficient level of security. However, if possible, we encourage all companies to switch on High Security as an additional layer of protection.
In particular you should considering migrating if your company;
Migrating from Standard to High Security can be relatively straight forward. If you don't link directly to customer self-support pages, or use embedded components, you can enable High Security without making any other changes. In other words, if you don't have any custom code which integrates with ChargeDesk, you can switch on High Security immediately.
Follow these steps to enable High Security;
When you switch on High Security mode, any existing links to self-support pages (such as those in email receipts and invoices) will cease to work. However, if you have enabled the Sign In Landing Page, your customers will be able to enter their email address to re-authenticate themselves to access these pages. This will also work when the signature on a page has expired.
Any Self-Support page which includes existing customer data will require a signature in High Security mode. This does not include generic payment pages, card collection or product payment pages. This does include charge support, billing history, customer card update, invoice update and subscription management pages.
ChargeDesk will automatically add a signature to any of these Self-Support URLs generated inside email receipts, invoices, apps, the web interface and API. You can use the ChargeDesk API to return a current support URL for a charge.
Alternatively, signatures can be generated on your own server using your secret support key. Find out how to generate this signature.
Like Self-Support pages, Embeddable Components which include existing customer data will require an additional signature. This includes only the Update Card, Subscription and Billing History components. Other components do not require a signature.
Instead of generating a signature, you can instead use the Self-Support Sign In component which allows your customers to verify themselves using their email address.
Alternatively, signatures can be generated on your own server using your secret support key and included in the embedded component parameters. Find out how to generate this signature.