less than a minute read • Updated 2 hours ago
Gateway requirements for subscriptions
What you need to know about configuring your payment gateway before using Foxy's subscription and recurring billing functionality.
By default, most payment gateways require a card security code (CSC, also called CVV2, CVC2, or CCID) to be sent with every transaction. Because storing the CSC is prohibited under PCI DSS, Foxy cannot send it for recurring subscription charges — only for the original checkout transaction.
If your gateway is set to require the CSC, all subscription renewals will fail.
What you need to do
You’ll need to configure your gateway to not require the CSC for recurring transactions. Depending on your gateway, you may be able to do this yourself in your gateway’s settings, or you may need to contact your gateway’s support team to make the change on your account.
Check the documentation for your specific gateway for guidance. Even if there are no subscription-specific notes for your gateway, you should still review its CSC settings before going live.
How it works
For all regular transactions through Foxy, the CSC is required at checkout as normal. The CSC is only absent for subscription renewal transactions — it is never stored by Foxy or sent for any recurring charge after the initial purchase.
Test before going live
Always test recurring payments end to end before switching your store to live. A successful initial checkout does not confirm that renewals will work — the renewal transaction is what requires the CSC setting to be correctly configured.
See the testing documentation for details on how to test subscriptions.