In September 2019, inLeague launched both a brand new, invoice-based system for managing payments, and a "back-end" integration with the Authorize.net payment gateway that supports both the invoicing system and all of the legacy forms of payment collection within inLeague. This page reflects the current status of the back-end Authorize.net update as inLeague retrofits its existing payment mechanisms to support Authorize.net accounts. For more information on the invoice system, see Invoice Templates.
Why re-write our credit card processing mechanism?
- As of Fall 2019, inLeague's payment system had processed about $51,000,000.
- While inLeague has never had any 'data leak' incidents, security standards evolve and inLeague had an opportunity to improve both the customer experience and embrace current best practices for handling customer data.
- The previous payment system was reliable, but doesn't support recurring transactions.
- inLeague's recommended merchant company, Flagship, was purchased by Paysafe, and Paysafe encourages all their customers to migrate from the FirstData payment gateway to Authorize.net. inLeague was already familiar with Authorize.net, which was the runner up when inLeague last investigated payment gateways in 2012.
| inLeague System | Authorize.net Support |
|---|---|
| Invoicing & Invoice Templates | v1.0 Complete (September 15, 2019) |
| Registration | Complete (September 27, 2019) |
| Team Payments | Complete (October 4th, 2019) |
| Donations | Complete (October 11, 2019) |
| Event Signups | Complete (October 17, 2019) |
| Sponsorships | Complete (October 30, 2019) |
Authorize.Net
Authorize.net, owned by Visa, fulfills the same functions as FirstData, and they have the most customers of any payment gateway. Leagues who have used both Authorize.net and FirstData reported that the customer experience for the merchant account holder was superior with Authorize.net.
Impact on inLeague Users
The payment experience is both more secure and more convenient. Instead of entering credit card information into an inLeague form, parents will get a Manage Payment Profiles button that will open a small, mobile-friendly window directly onto Authorize.net, where inLeague will automatically and seamlessly create a user profile for each inLeague user. Parents can enter one or more credit cards into their secure profile, and the only data that inLeague saves is a unique code for their profile; that code is useless outside of transactions made for the league. Parents will not have to log in separately to Authorize.net; they will be automatically authenticated on the basis of their existing inLeague login.
When inLeague users need to submit a payment, they will see a list of their payment methods on an inLeague payment form, and select the one they want to use. As far as the user is concerned, it appears as though inLeague is saving more payment-related information than it did previously, because users will not have to re-enter their billing details for every transaction; in fact, it is saving less.
Will all inLeague payments use the new system?
For the Fall 2019 launch, only the new Invoice Templates system requires the new Authorize.net accounts. Registration, team payments, event payments, and donations were all retro-fitted to support Authorize.net, but they continue to function with legacy FirstData accounts. Support for Firstdata merchant services accounts will be retired effective December 31st, 2019, with the exception of issuing refunds.
Has any functionality from FirstData been lost?
There are two side-effects that are not specifically limitations with Authorize.net, but rather consequences of heightened security measures.
1. It is not possible to make a payment when impersonating a user. Because the payment profiles are attached to the logged-in user that creates them, a genuine login is needed to insure that the person accessing the payment form should be able to initiate a charge. There may be workarounds should issues arise from this limitation; please contact inLeague support for more information.
2. Anonymous (non-logged-in) users are no longer able to make donations. This is a policy change to bring our payment forms in line with industry standards. It is difficult to continue to support the ability for anyone on the public Internet to submit a credit card number against a merchant account. This feature was only used a few times per year. It is possible to bring back a secure mechanism for anonymous donations, but the development required was beyond the scope of this project.
Setting Up and Configuring an Authorize.net Account
See Authorize.net Account Configuration for details on establishing and managing your Merchant Services and Payment Gateway accounts.