Overview
This guide explains how to switch from sandbox to live MPGS credentials, and what to expect with recurring billing (cron) where CVV is not available.
Before You Go Live
- Confirm sandbox testing is successful
- Confirm refunds work (if you will offer refunds)
- Confirm stored-card transactions behave correctly
- Disable Debug Logging
Switching to Live Credentials
- Go to System Settings → Payments → Payment Gateways → MPGS
- Replace sandbox values with live values:
- Merchant ID
- API Password
- Gateway Hostname (if different)
- API Version (if advised by your bank)
- Click Save Changes
Important: CVV and Recurring Billing
WHMCS does not store CVV. This is by design for PCI compliance.
As a result:
- Client checkout payments can include CVV (user enters it)
- Stored card charges (admin or cron) normally do not include CVV
What This Means for MPGS
Your merchant profile must support merchant-initiated recurring (card-on-file) transactions. If your bank requires CVV for every transaction, then cron and stored-card payments will fail.
Recommended Actions (If Stored-Card Charges Fail)
- Contact your bank/processor and request that merchant initiated recurring / card-on-file transactions are enabled
- Confirm whether your account supports:
- Recurring / MIT (Merchant Initiated Transactions)
- Tokenisation (recommended)
Post-Go-Live Checklist
- Run a small live transaction (e.g. $1)
- Confirm it settles in the bank portal
- Run a test refund (full or partial)
- Confirm WHMCS automation (cron) runs successfully next invoice cycle
Need Help?
If you see errors like “CVV required” during stored-card charges, open a ticket with:
- The WHMCS invoice number
- The gateway log entry (sanitized)
- Confirmation whether it was client checkout vs stored-card vs cron