Table of Contents
Episode Summary
In this episode our host Zach Malloch, is joined by Director of Customer Services, Cullen Barber, Bret Alarcon, and Michael Cianci to discuss adding a reCAPTCHA check to your online payments page. The team walks through why you would want to implement reCAPTCHA on your website, the process of generating a key, and what it will look like for your customers looking to make a purchase.
Recording
Transcript
Zach Malloch 0:09
man, the healing power of the RecChat theme song can't be overstated. But here's Cullen, smiling, Bret smiling. Mike, I assume some time he's going to join us. And he'll probably also be smiling. There he is. Look at that smile. Yeah, so we're here to make everybody feel better. And to talk a little bit about reCAPTCHA, a phrase that we're certainly throwing around the office a little bit frequently these days. And to join us. As I mentioned, we have Cullen Barber, Director of support services municipal support services, Bret Alarcon, member of my team and edu and Mike Cianci, a support analyst of senior status. Mike, can you tell us a little bit about what reCAPTCHA is, please?
Mike Cianci 0:54
Yes, sir. So, um, reCAPTCHA is, it's a free service that Google provides, helps protect websites from spam and a potential abuse. A CAPTCHA is like a Turing test. So it helps determine whether or not someone would be like a robot or not.
Zach Malloch 1:13
Named after the famous Alan Turing?
Mike Cianci 1:16
I believe so yes, I think I think yes. So by adding reCAPTCHA, which would be Google's form of CAPTCHA to a site, you can help block automated software attacks by determining whether or not those people are you no real people or just a bot trying to, you know, attack your, your website or your WebTrac.
Zach Malloch 1:37
Speaking of that, so Well, we're talking about reCAPTCHA, just kind of as general here. But see, you mentioned it helps protect websites, and like, why is that important to people using RecTrac?
Mike Cianci 1:51
Okay, reCAPTCHA is recommended by most of our payment partner partners over here, what it does is it, it slows down and prevents automated card testing from bad actors. So on our end, it helps us, you know, keep you guys protected, and you know, in essence, protect us as well. What it does, it helps prevent fraud and abuse, which is good, and you know, preventing it on your end. It uses risk analysis, and like an adaptive engine that challenges malicious software from engaging in abusive activities on your website. So what this essentially does is stops people from, you know, pinging through and processing, you know, fraudulent transactions on your WebTrac. So it's a protective means
Zach Malloch 2:33
sounds very useful. So if somebody wanted to take advantage of reCAPTCHA, how would they do that?
Mike Cianci 2:40
So there's a few things on our end, we have put out recently a patch file, it would be on the FTP, I think we can provide a path to that. Once you have that patch file, you would be able to load it into you know, your your database or on your server. Upon doing that, you would then clear out your custom screens. We have a list of those custom screens from web checkout, processing prompts, web billing, update, web auto update, I think, potentially web contact us and sa household add, but again, we have a list of those which we can provide you. And then what you'd need to do is process through Zach, I think it was knowledge base ka 01399.
Zach Malloch 3:23
I think I've got that I could put into the chat here.
Mike Cianci 3:26
Yep. And what that does is it helps you, it provides instructions on how to create and generate those reCAPTCHA keys through the Google website. And then upon doing that, I believe it also tells you where you would need to drop those reCAPTCHA keys, it's going to be your WebTrac parameters Profile, right into the reCAPTCHA tab. What's also nice is on top of the patch file that we've provided, this is also going to be released in the 3.1.10.08.00 release. That release is slated for sometime in the more than not immediate future. So we should be seeing that potentially end of this week, beginning of next week.
Zach Malloch 4:05
It's good information to have. So this would be the the knowledge base that you're talking about here. Correct, Michael?
Mike Cianci 4:13
Zoom in? Yes. That would be the knowledge base side of reference. Yes. Thank you.
Zach Malloch 4:17
Very good. So that is in the chat. Anybody can Click on that you do have to log into our support portal, but then you'll have access to this. Can you show us a little bit of this Mike are ready to share?
Mike Cianci 4:31
Let's see. So just i Okay. Yeah,
Zach Malloch 4:36
I guess just real real broadly. reCAPTCHA I assume most people have seen reCAPTCHA it's kind of those those challenges like are you a robot Click on all the traffic lights or something along those lines?
Mike Cianci 4:49
Yep, I believe are reCAPTCHA is the V two version of reCAPTCHA. And that V two is more of a Toggle. You know, am I a robot? Am I not a robot and It's more of just a proving it, I don't think and someone can correct me if I'm wrong, that it's the you know, pick all the bicycles or all the sailboats or fire hydrants, I believe that's the v3 version. And we have knock on wood that we are using the v2 version, just the the Toggle.
Zach Malloch 5:19
And that's what our, our providers have requested of us to implement the v2 Correct.
Mike Cianci 5:25
Yep, I've had a few talks to some of the other ones. And they say that, you know, v3, on top of having a few issues on the credit card processor, and it just v2 is a better means to an ends currently.
Zach Malloch 5:38
Right. And Paul is asking if we already have reCAPTCHA setup for WebTrac. Is there anything that will need to be done after that someday?
Mike Cianci 5:48
I do not believe so. If you have it currently set up I guess I would verify the changes in the Screen design. I know that updating the well, I guess it depends on which gateway you're currently with and what version you're currently on, I think outlined outlined in our email, provide different steps for ETS and CardConnect. We've made this change with ETS, I think sometime around last year, when they were experiencing some issues, we, you know, setup or caption, we implemented it and we helped a lot of those ETS customers do that I think like last fall into this spring. So those customers should be all set. But if it's something that, um, you know, if you've made any changes to your Screen designs, I think some of these new patches will make changes to those new screens, I think previous it might have just been the checkout screens. And now we've updated a few additional screens. So I would just verify if you have any custom screens out there that those get potentially, you know, deleted and recreated or updated to include reCAPTCHA. And I think generally, if you were on ETS did it more recently, you should be alright, this is just trying to catch the ETS stragglers. And then it's more so the PayTrac and CardConnect customers that we're targeting. But ETS is right there with us. And then just for fun, I'll mention that PlugnPay has their own reCAPTCHA built into their hosted payment page I'm sure you guys have dealt with hosted payment pages is the redirect out to the gateways payment page to enter in your credit card information. And then it redirects back the PlugnPay gateway, they have implemented their own version of reCAPTCHA. So that is already in there. That's why they're not included in this, this update. So fun fact,
Zach Malloch 7:32
it's a really fun fact, I had a lot of fun just hearing that. Heather is asking about what constitutes a customized Screen. I think that's a pretty good question actually.
Mike Cianci 7:42
Sure. So you'd be able to tell if you have a customized Screen by going to here we can even I think I can share my Screen. share my Screen. There is my my note skill. Can you guys see my Screen?
Zach Malloch 7:56
can see your Screen!
Mike Cianci 7:57
All right. There's my fun notes.
Zach Malloch 8:01
Well, man, I thought that all that stuff, you're saying about protecting your website from vulnerability was off the top of your head?
Mike Cianci 8:06
Well, I did Google it, because it is google recaptcha. And it did have a lot of useful information. So I figured I would include some, you know, fun quotes from from Google in there. But so let's see I have my RecTrac up the way that you'd be able to tell them if you have a custom Screen or not would be going into WebTrac processing Screen management in RecTrac, my OpenEdge,
Zach Malloch 8:29
these would only be WebTrac processing screens we're talking about, like you've mentioned a few times six or so screens, they're WebTrac processing screens.
Mike Cianci 8:38
So there are WebTrac processing screens. But then there's also a handful of management screens, I think the management screens are like the household. And let me open my superfine notes again, Zack for you. And let's see WebTrac management screens to include would be the web billing, update, the web auto update, and the Contact Us and household add. But for the processing screens, it's going to be web checkout and processing prompts. So when you come in here, and you'll see that I have a processing prompts custom Screen, if you see a Screen in here, you can assume that you have a customized Screen and you're actively using it. If you do not see that Screen in here and you do not have a custom Screen and you should be fine. Lack of a custom Screen is going to be a good thing in this case, because then you won't have to update anything, it'll just be updated once you update or implement that patch file. Otherwise you would need to come in find your custom Screen, either delete that Screen out and recreate it or update that Screen and then add in those recapture fields. I always suggest I find it you know a bit easier to take a look at it, you know open it up, take a look and then recreate it by deleting the Screen and then adding a new one. I've seen you know nine times out of 10 it's going to be you know a lot less hardship and recreating it because sometimes you know adding into Tracking fields can get a little, little hairy. So I like to take a screenshot of the way the Screen set up, and then delete it, recreate it and remove those fields paring out what we had hidden or removed before customized before, then adding in the new ones, it always just feels a little bit better to me.
Zach Malloch 10:18
Yeah, I'm in now, actually, to kind of talk to that just briefly, we sometimes release updates that include changes to screens, and they might be very subtle changes to, to see a small Field or something that's adjusted or added or removed. So starting from a blank Screen design, and then just re customizing it. Because once again, it's usually we're taking away one or two specific fields, as Mike mentioned, rather than redoing the whole thing. And if we add the brand new design with all the recent updates back in and then just delete, once again, those one or two fields, it's a little bit better process to do so. Alright, so Missy is asking what Screen is that, again, just to make sure that they are in the right place. So can you redo that navigation to where you're at there Mike
Mike Cianci 11:06
of course, so there's going to be the, I always just Type in, you know, super fun new UI with the awesome search feature, I Type in WebTrac, it'll bring up these four options, we'll be looking at WebTrac processing, Screen management, and WebTrac management, Screen management. In the WebTrac process and Screen management, we have and I can, you know, provide you guys with a list of these fields. But it's going to be the processing screens, web checkout and processing prompts under the WebTrac processing, Screen management. And then in the WebTrac, management, Screen manage management, Screen management, it's going to be the web billing update and web auto auto debit update, those are the two major ones. And then it's also a good idea for the web contact us and sa household add to just verify and potentially recreate those, because there will be reCAPTCHA on the generating of a new household for those things now. So
Zach Malloch 12:04
actually, I saw this question come up. And I think it's maybe a worthwhile one to ask overall. But if somebody is at all curious as to whether or not they have reCAPTCHA in place, right now, where would they go to check that Mike?
Mike Cianci 12:17
Sure, sure. So the easiest way to determine whether or not you think you're using it is going to be to pop into Profile assignments, or Profile Management. But I always think Profile assignments feels better to me, what I do is, I'm going to navigate to my www user. So Profile assignments www user, then I'm going to scroll down and look for my WebTrac parameters Profile. Of course, you could find it in Profile Management, or you could find it over here on the left and available profiles. But I always like to look and just you know, make sure for peace of mind that I'm looking at the one associated with the web user. So once you're in here, and you found your WebTrac parameters Profile, if you hit update on that guy. You wait, you know, two seconds, and then down here in this reCAPTCHA settings, you'll have a reCAPTCHA public key enter a CAPTCHA private key. And if you have keys in here, there's probably a pretty good chance that you ever CAPTCHA. Obviously, the ultimate way to determine would be trying to process a transaction, making it all the way to the payment Screen and seeing if you have the reCAPTCHA on there. So you could always pop in here, this will give you a good idea. If you have reCAPTCHA keys in here, you know, very high probability you're using reCAPTCHA. And then I'm always, you know, creating a test household or using a test household to process the transaction through WebTrac. You shouldn't have to process all the way through at the payment page or the checkout page. It should, you know determine whether or not you have reCAPTCHA because you'll be seeing Am I a robot or not a robot and you'll not be a robot
Cullen Barber 13:54
by having these keys in here that does trigger the code to use it. It's just Yeah, whether or not your customization of screens has removed it for some reason. But you probably get an error message if that's the case.
Zach Malloch 14:09
So that might actually go to to Bill's question here. So if he's asking if they have reCAPTCHA keys already turned on, will you still need to apply those patches or double check those screens?
Cullen Barber 14:23
Potentially Yes. For if you're a CardConnect or PayTrac. User, you still want the patches because that's actually going to display the recapture on the credit card screens. It means you if you had it in there before you were using it on those other screens like the household add in Contact Us forms. But it wasn't until those patches were available that it actually applied to the CardConnect and PayTrac interfaces on the payment Screen. So you do need the patches If you're if you're fully hosted with us, then we've already patched the server. So it's ready to go. And we'll provide the reCAPTCHA keys if you don't already have them. If your web hosted with us, you still may need to do your updates and patch files. But we would also provide you with the reCAPTCHA keys when you're ready for them.
Zach Malloch 15:24
So Frank actually had that exact question Cullen about their WebTrac hosted So would they just contact support to get those keys? Or is there somewhere we post those or?
Cullen Barber 15:36
Yes, all the above, you can do a quick, quick chat or a case and we'll get them to you. And we can we can get those right over to there's just there's just two keys and all the support folks have those handy and ready to assist. And I can I might even have Frank's email handy. I might be able to send those to him during the chat here.
Zach Malloch 16:00
Can my Yeah. Let's see. So yeah, Bill said thank you. It sounds like the patch is applying to the CardConnect train, which which sounds accurate CardConnect and PayTrac users. We answered Frank's question about getting the keys from support. Frank mentioned that chat might have a couple of issues. Right now, I'm not sure if
Cullen Barber 16:23
it was true. Some of the the chat that we use, they did an update that has impacted our site. So probably just putting a support case might be the better route right now. Because it's kind of hit or miss whether or not chat will actually function until they can help us get that fixed.
Zach Malloch 16:46
Good to know. So we've actually got a really good question from Theo. So I guess the his their question is whether or not there's a way to tell if your site has been used by bad actors. What what are some of the, the the impacts we've seen here?
Cullen Barber 17:05
Yeah, what what you'll see, it depends on which interface you're using, you'll probably know because if you're using ETS, they're going to notify you. And quite honestly, they're probably going to shut your site down. So we've had had that we've seen that, in the last few weeks, we've seen a few sites get completely shut down. And CardConnect has been a little different. The way the bad actors in been quite successful with that one. But CardConnect will usually alert you and let you know that there's there's some Type of brute force happening and depending on the volume, they will also shut down your your merchant account. You know, essentially what you'll see when you go to do your reconciliations is you may see a lot of extra $1 $2 or $3 charges hitting your your merchant your online merchant account. With ETS, you wouldn't see anything in in the RecTrac side at all. It's all it's all directly hitting your your account. at ETS, with CardConnect, you would see a lot of declines, those there are going to come through as declined in most cases. But we've had a few customers alert us that they've they've been told that this is happening by CardConnect or ETS. So if you're fall in that category, one of those two will let you know if they're seeing any Type of brute force attacks against your account.
Zach Malloch 18:36
So in this case, it's not necessarily that they're using the cards to buy a lot of stuff or commit fraud with any of our customers, they're really just testing those account numbers and seeing what's valid, what's not.
Cullen Barber 18:48
Exactly they're there, they're trying to find sites that you know, that allow a guest, you know, to make a payment attempt. And that's typically what we see is it's a WebTrac site that allows some Type of guest sale where you're not logging in. And they're the bad actors have acquired, you know, stolen cards from a third party somewhere, or they're trying to generate their own card numbers with an algorithm. And they're looking for a place to test the cards. And they're, they're a little attempt to write automated scripts, using, you know, the WebTrac sites to try to figure it out. So they're not, they're not actually trying to do anything inside of the database. They're just trying to use a platform to test cards. It's so it's, you know, it's not like you have any, any danger of your customers information being compromised, or credit cards being compromised, but it is a headache because it you know, ETS or CardConnect is gonna have to get a hold of you. You're gonna have to work through some protocols with them. They have to go through their protocols and research what's happening before they can turn you back on so you can be typically lose access to WebTrac payments for a number of hours or even days, depending on the severity of the attack.
Zach Malloch 20:08
And so basically the, as you mentioned, the bad actors are writing these scripts and reCAPTCHA just works as a wrench in the middle of that. So yeah, it's that interaction, it slows everything.
Cullen Barber 20:18
Exactly. They don't like it because they their scripts, you know, can't deal with those. So they can't automate it, and it just not worth their time to try and in use those sites that have it, because it's way too time consuming to try to get around it. So that's, that's the theory behind, you know, adding reCAPTCHA it really helps with the automation. Yeah, somebody could still go in and do a onesie twosie manually. But you can't really stop that. And as you know, most sites around the world, it's hard to stop that if you allow any Type of guests sale. So
Zach Malloch 20:52
those that that requires the human interaction, it's, as you said, onesie twosie. It's one at a time, it's somebody trying one card, and then another card number rather than some sort of automated attempt.
Cullen Barber 21:03
Yep.
Zach Malloch 21:04
So we've got a couple of questions that popped up during that little sidebar there. So fully hosted, we'll just talk a little bit more about the patches, as there's a couple of things there. So with CardConnect, you'll need to apply the reCAPTCHA settings in your WebTrac parameters if you don't already have them, but it won't apply to the CardConnect string until you apply these patch files. Is that accurate? There? Yeah, so that answers Debbie's question. So you will need to make sure that reCAPTCHA is enabled in WebTrac parameters. And then if it is, once the Once the update applies, it will automatically use keycaps. Yep, exactly. Right. Great. And then Deborah had a question following up on that. She was a little bit late. And just double checking. If they're hosted there already. The patches are already there. But they might need the reCAPTCHA keys input into WebTrac parameters,
Cullen Barber 22:01
correct? Yep, yep, the patch files are all there and ready to go. It's just still need to verify whether or not you have reCAPTCHA in that WebTrac parameters, Profile, and then double check any Screen customizations to make sure that the reCAPTCHA is visible and go to work.
Zach Malloch 22:19
And that that was recently released in an email and I believe that would also probably be in our patch information about the next update to RecTrac. In and actually, I see Haroon had the question. So the patch files are on the FTP site. Now.
Cullen Barber 22:35
They are Yep. Yep.
Zach Malloch 22:36
But the actual version updates is going to be out. It's going to be 3.1. Point 10.08. And that'll be sometime potentially in the next few days or very early next week.
Cullen Barber 22:49
Yes, yep.
Zach Malloch 22:50
Okay, great. And let's see is. So Lisa had a question. Is there any way of knowing if reCAPTCHA has rejected any users? Is there any audit trail on those rejections at all?
Cullen Barber 23:04
Interesting question. I don't know. It has to be something through the Google account, I would think nothing you'd see on the RecTrac side.
Zach Malloch 23:16
So I think the the default behavior is just, it'll bring up another challenge or another prompt for you, and then right to do that again. So yeah, I've, I know, on the I guess this would be the v3 thing like they call the traffic lights occasionally, in my own personal web browsing, I've run into situations where it's offered another set of fixtures, because maybe I didn't get that little top corner of the traffic light or something when I was clicking through it. So yeah, I haven't heard of many bad rejections or issues where it's actually rejecting people. But that's a good question, Lisa. Maybe through the Google account analytics side of things. Can I had a question? I'm not sure Mike, if you have an example where you can show what the reCAPTCHA actually looks like, or do you have a screenshot you could display and as you're looking for that, potentially we have Angela's question about whether you would just recommend turning off guest payments at this point
Mike Cianci 24:20
I guess you could turn off Web Payments currently I don't think you should have to I think it's mostly donations colon and then guest sales so like Tee times and tickets and things of that nature. So I would probably just let it go.
Cullen Barber 24:38
Yeah, I mean, if if you haven't had the situation yet, then you if you implement recap show immediately you're probably okay. You know, it there's a chance with with ETS that you you know if they've captured any information and through a browser dev tool, there's a chance, I suppose that they could try to run something, but I think it's again, it wouldn't run through the WebTrac at that point. So I, you know, that certainly helps. But if you have the reCAPTCHA in place, I think they're gonna move on to somebody else anyway, because reCAPTCHA just really is not good for them. Because they can't automate their scripts. So they're gonna, they're gonna move on to somebody else, that's a little easier target.
Zach Malloch 25:33
So I'm just sharing my Screen. This is the WebTrac parameters Profile. And in this, we have our guests settings. And I believe that this is the main area that we're talking about here. Is that correct, Mike? And Colin, about allowing guests transactions for these various modules?
Cullen Barber 25:53
Yes, the big one we've seen though, mainly is the donations if people have, you know, allowed guest donations. If, you know if you if you have guest donations, that's that's what they're really seem to be searching for. And essentially, if you can fill in any donation amount, especially if you've just put out $1. They like to use $1, or $2. If you if you force a higher donation amount, they seem to be less apt to use that. Because those can trigger higher dollar amounts seem to trigger, you know, more more of an alarm for the the end end users and card holders in the processors.
Zach Malloch 26:42
Alright, so Angela clarifies that she was asking specifically about tee times and ticket sales as a guest user, it doesn't sound like those are the most likely targeted, but they are potentially places that
Cullen Barber 26:53
yeah, potentially, there's potential. But if you get if you get the reCAPTCHA in place, then then I think you're okay. If I guess if it's somebody that the reason you can't update to a version that supports it, then yeah, you may consider turning off all those guests, options and WebTrac until you can update to a version that supports the reCAPTCHA.
Zach Malloch 27:18
Gotcha. All right. And so I've had maybe ties in a little bit with Pam's question here about whether the keys are needed for PlugnPay? Or can we continue with the fix that was applied a few weeks ago. So I don't think that anything a couple of weeks ago would have necessarily specifically addressed reCAPTCHA. So you still need to double check that you have those in your WebTrac parameters?
Cullen Barber 27:43
Well, yeah, so PlugnPay actually has their own reCAPTCHA on their Screen, so they have it built into their end. So so that's why we haven't really been messaging PlugnPay customers as much because PlugnPay handles that side of it, they have their own reCAPTCHA built into their Screen. Now, you we can still use reCAPTCHA in ours, but it's not for the payment processing. It's it's for the Contact Us forms and the adding new new household Type forms. So it's still a good idea maybe to have it in there. If you use PlugnPay. But the the bigger concern might be the payment side and PlugnPay handles that. So you can work with PlugnPay. And they will turn on reCAPTCHA in your account for you if you want.
Zach Malloch 28:32
So if you already have reCAPTCHA on and PlugnPay You're completely fine. And you're getting something like this really affects you either way.
Cullen Barber 28:38
Exactly. Yep.
Zach Malloch 28:39
Gotcha. Very good. Thank you very much for that clarification Cullen. Yeah. So Mike, were you able to find any examples of the the reCAPTCHA Screen?
Mike Cianci 28:50
I think I'm almost there.
Zach Malloch 28:52
All right. So all right,
Mike Cianci 28:53
I gotta, I gotta I gotta got it. Hopefully they don't mind. But I did not have it set up properly nicely in my database. So I'm going to use Greitens because I know a sign into their WebTrac. So I signed in, you know, we've worked with them to implement the reCAPTCHA recently. So I hope it's all right that I go to their WebTrac and go to process the donation and show you what it looks like. So let's see. I'm going to share my Screen. I'm going to bring back up this guy. So I'm going to move all of us out of the way. So you can see. I went to donate, I went to the donation area. I'll walk through it one more time I signed in as John Fowler. Let's see so I'm going to add a community first dinner, I'm going to add that to cart. I'm in as a guest but I think I'm in as myself but I could have been in here as a guest. I will Toggle on that donation for community first dinner. I'll just make it $10 We'll hit continue.
Mike Cianci 30:07
It's going to take a second to load. I'm going to proceed to the checkout you can see that I tested it first with this Groton Beautification Committee, I hit Proceed to Checkout.
Mike Cianci 30:25
So this would be the, you know, the CardConnect iframe, you know, I get down here, if I pick a credit or debit card, you can see that we have the I am not a robot. I have toggled that on. So this is what we're looking at right here, the proceed to enter your credit card information.
Zach Malloch 30:48
So that's the, that's the stop gap that prevents somebody from just like zipping through this and going one after the other after the other after the other,
Mike Cianci 30:56
right, you would see kind of someone like we were talking about previous someone would write a script, or it's going to process through that information and whip right through it, you know, you know, John Doe, same phone number every time this is the email, and then it's just going to roll credit card numbers through just changing the credit card number each time and keep processing until they verify that those are, you know, valid credit card numbers, when we have this set to proceed to enter a credit card information you have to Toggle this on. And just not having it be like a find the Field and fill the Field script and having to deal with toggling on this Field here or this reCAPTCHA throw throws a wrench in it and prevents them from just whipping right through kind of processing like we were talking about. So this is what we're looking for verification expired. So it is the the reCAPTCHA box, you just have to tell them that you are not a robot.
Zach Malloch 31:49
And then actually, that brings up a really good question that Stacy's asking. So we're talking all about reCAPTCHA, how do you actually set up reCAPTCHA for yourself?
Mike Cianci 32:00
Oh, maybe I will share my Screen again. So that is where we're referencing the knowledge base ka 01399. If I bring up my notes, you'll see that we have provided I believe there's a link to this inside of the email which We have sent out in the steps. But this knowledge base walks through how to create that reCAPTCHA. So you know it's going to be Click on this link, google recaptcha, you know, set up your admin account, once you have an admin account, you would enter in your domain generate the v2 reCAPTCHA keys, once you have those reCAPTCHA reCAPTCHA keys, it's just a matter of going into the Profile and updating it with those keys. So we have a knowledge base.
Zach Malloch 32:41
And this is a free service that Google offers is kind of the security process here.
Mike Cianci 32:48
I think Cullen has the number for it. But what does it call in is as long as you process under a million transactions annually, you're fine. So
Cullen Barber 32:56
that's a Yeah, under a million per month, a million per month.
Mike Cianci 33:00
So I think most of our customers are, you know, in the area of free under a million transactions monthly. So
Cullen Barber 33:06
yeah.
Zach Malloch 33:09
Very good. Let's see, I think we have another question that just popped up. Yeah. So Pam was talking about a little bit of their issue with plugin pay and getting the auto hash or the the reCAPTCHA turned on on their side. So as Cullen mentioned, that's a conversation with plugin pay more than on our side. This update really applies more towards ETS, which has already had it for a little while, but more specifically CardConnect and PayTrac processing Correct?
Mike Cianci 33:42
Yep, I do have a fun thing. So if you are a PlugnPay customer, and you're looking to add in that inbound verification hash, if you make your way into your credit card Profile, like I have just now, you can see I've got these super fun PlugnPay credit card Profile. If you Click on this little fun question mark, it's going to open up the help within the help we have our super fun PlugnPay Topic doc, when I Click on that topic, Doc, you will see I think it's not too far down. Let me squint. Maybe I'll just go like this. We're looking for the inbound verification hash. When you Click on that, it'll walk you through the steps to create that this is a little bit different. The inbound verification hash, it's more like a lock and key kind of thing that only PlugnPay does. So I'm not going to dig too deep into it. But as long as you're an admin on your PlugnPay account, and you have these steps right here, it's really pretty simple to set up you generate a key you pop the key in your credit card Profile and you're in the money so just be aware that is like kinda I don't want to say hidden but it is in the help and you're able to find it, inbound verification hash, if you do experience a significant amount of trouble, certainly reach out to us. But you know, it should be a pretty simple thing to do and it is included in the help step by step setup for that. So
Zach Malloch 35:00
Nice. Well, I mean that that takes us right about to the end. John called you out specifically Mike saying thanks for helping reston get some of this going on. And then, let's see. Yeah, that's great. Thank you very much for going through that. So that covers reCAPTCHA. And it's intending update, including it in plugins, or PayTrac, and CardConnect. So very nice to, to get through all of this. And hopefully everybody has a little bit of help with this. And this will work is a useful recording for people to refer back to. So I think that that's about it. I think we've covered the questions, we've got another couple of things. So that's always nice to see. And we'll be are responding with a response document with links and like so that'll be linked right next to this in the RecChat archives. And we will see everybody in another couple of weeks. Thank you, Cullen. Thank you, Bret. Thank you, Mike. Any parting thoughts from anybody?
Mike Cianci 36:06
Web safety is fun.
Zach Malloch 36:10
That's the overall piece.
Cullen Barber 36:11
For sure. And and I think, you know, definitely glad everybody attended. You know, we've been trying to get some messaging out, you know, to a lot of customers and sometimes we don't know if it hits deaf ears or not, but this is definitely a topic you don't want to mess with because it just can be really inconvenient and can cause you a lot of extra extra heartache and phone calls and things like that. So definitely glad already attended and I hope you got something out of it. We'll see you next time on the RecChat.
Zach Malloch 36:41
Awesome. All right. Thanks, everybody. Talk to y'all soon. Bye.
Mike Cianci 36:46
Bye.
Supporting Documents
https://support.google.com/recaptcha/