X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   Authorize.net DPM (PA/DSS Compliant) (https://forum.x-cart.com/showthread.php?t=57792)

cedaly1968 10-31-2013 11:22 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Confused - we can use Authorize.net DPM WITHOUT X-Payments or do we need X-Payments as well in 4.6.X to be PA/DSS compliant?

ambal 10-31-2013 11:39 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
If you mean BCSE's mod - no, you do not need X-Payments, but you should consult with your PCI QSA or merchant account provider first as the mod is not listed at the PCI Council's list of PA-DSS validated applications. This doesn't mean you can't use it, though. That's why I suggest you to consult first.

BCSE 11-01-2013 04:20 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
You do not need X-payments with either of our Authorize.net modules. Both the DPM and CIM send payments directly to Authorize.net.

However, to be fully PCI compliant, no matter whether you use our modules or X-payments, you still need to fill out a PCI questionnaire as PCI compliance goes beyond what Credit Card processor you use. Your underlying business processes are also looked at to make sure they are PCI compliant as well.

Thanks,

Carrie

cedaly1968 12-02-2013 08:29 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Got it - thanks.

shopchimney 03-12-2014 09:07 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Major problem. We have x-cart pro with this mod, and now I see that when someone places an order that is split between two vendors, authorize.net only authorizes the first invoice - whatever the amount is, and does not pass on the amount for the second invoice.
I just checked and see this happened twice. The approval code is the same for both orders, but only the first gets charged.

shopchimney 03-12-2014 10:02 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Okay, I checked and it does pass the values. The problem is that on authorize it will only capture first amount and then close the charge, not letting the second get captured. This post doesn't belong here - not sure where, but not here. sorry.

BCSE 03-12-2014 10:25 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
If you mean our module, please drop us an email or support ticket so we can take a look. We don't have any reports of this and we have a *lot* of people using it. I'm not sure if any use pro/platinum though.

Thanks
Carrie

BCSE 03-24-2014 06:07 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by shopchimney
Okay, I checked and it does pass the values. The problem is that on authorize it will only capture first amount and then close the charge, not letting the second get captured. This post doesn't belong here - not sure where, but not here. sorry.


Just wanted to check in to make sure you dropped us an email.

Carrie

shopchimney 03-24-2014 07:24 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
This had nothing to do with your module, it actually was a stoneedge issue. When capturing a split invoice, it would deny the balance.

BCSE 03-24-2014 07:52 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by shopchimney
This had nothing to do with your module, it actually was a stoneedge issue. When capturing a split invoice, it would deny the balance.


Thanks for letting us know! I appreciate it!

Carrie

tqualizerman 04-03-2014 07:49 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Hi Carrie,

Just working on our SAQ but am confused about something. The BCSE web site says that we can use the SAQ-A if we're using this DPM module, but the SAQ-A has the following requirement:

"The entirety of all payment pages delivered to the consumer's browser originates directly from a third-party PCI DSS validated service provider(s)."

But with DPM that's not the case, or am I confused?

** Edit **

That quote comes from the SAQ 3.0 (which doesn't come into force until January 2015.) Nonetheless, this will have implications for this addon, no?

BritSteve 04-04-2014 04:34 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
You also can't fill out SAQ-A if you take orders by phone, or fax. Saying you can use SAQ-A is not true if you take credit card payments by other methods.

Steve

BCSE 04-04-2014 09:31 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Let me get back to you on this. It seems they have changed some things recently. The best person to help me with this answer is out until Tuesday.

I do know that you can tell the scanning people that you are a 'redirect merchant' type which makes what scans you have to pass simpler. And Steve is right, it all really depends on your other business processes as well as to what SAQ you fill out per our *'d note on the page too.

"* A full assessment of a vendors specific business process is required to determine which SAQ needs to be completed to achieve PCI compliance."

Thanks,

Carrie

Mr. G 11-07-2014 11:59 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png

Will it look like this?
http://www.x-cart.com/sites/default/files/blog/4.png
or this?
http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png
or something else?

Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots.

BCSE 11-09-2014 11:28 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by Mr. G
I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png

Will it look like this?
http://www.x-cart.com/sites/default/files/blog/4.png
or this?
http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png
or something else?

Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots.


It basically looks like this:
http://www.x-cart.com/sites/default/files/blog/4.png

But it has the card logos, etc too.

Let us know if that doesn't help answer your question.

Thanks,

Carrie

BCSE 01-28-2015 04:46 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
We're still improving this module based upon customer feedback! Most recent improvement was some extra javascript to help customer interaction!

Carrie

BCSE 04-21-2015 09:46 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Our Authorize.net DPM module is now compatible with 4.7.x!

http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html

Did you also know we have a Paypal DPM now too?!

http://www.bcsengineering.com/store/paypal-dpm-for-x-cart.html

Carrie

snowman99 05-15-2015 12:11 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I get the following message when I submit an order with Auth DPM enabled.

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

This transaction has been approved.
It is advisable for you to contact the merchant to verify that you will receive the product or service.



I thought this might be a receipt or response URL issue. I do not use Receipt or Response URLS by default. But I went ahead and added: http://www.memorial-urns.com/authorizenet_dpm_response.php to the receipt URL in Authorize.net's panel. (BTW, this is a live site. I have my IP added for testing).

Now I get the following message when an order is executed:

3,2,14,The referrer, relay response or receipt link URL is invalid.,,P,0,,,0.02,CC,auth_capture,,,,,,,,,,,,,, ,,,,,,,,,

The script is in the store root directory. I have tried changing it to 777 permissions. No help.

I have submitted a BCSE ticket: #ZWM-970-72798

Thanks,

Vaughn

BCSE 05-15-2015 05:25 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Vaughn,

I'll detail more in your ticket, but I'd recommend *not* having a return url as we pass that to Authorize.net anyway.

The reason for the first error, could be due to various things.

1. Shop Closed
2. SSL certificate that Authorize.net doesn't recognize.
3. Reverse DNS issues

Basically it's saying, yes I approved your transaction, but I don't trust your site to get back to it, or I can't get there.

I'll submit in the ticket as well and we can figure it out from there so we can share the info with my staff.

thanks,

Carrie

snowman99 05-19-2015 12:23 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I have the BCSE DPM module working temporarily by forcing the Authorizenet response URL to a non-secure HTTP instead of HTTPS which is timing out.

Some history and a heads up...

This all came about because I wanted to verify on the Authorizenet sandbox that our site would continue working after May 26th when the SHA2 certs would be required. Their Sandbox has the upgraded ver 3.1 that will go live on May 26th. What I discovered while testing was that the BCSE module installed two years ago on our site had never been executing. I'm disappointed in myself for not checking more deeply. I relied on the installation instruction for the module and it's method for determining if the module was really executing. It turns out, that for us, with the Xcart's One Page Checkout installed, that the method is inconclusive. Whether the module is enabled or not the order submit page displayed is exactly the same. I hold myself fully responsible for this as I should have caught this then. I have since placed log messages in the code to indicate when it's Executing.

The installation instructions state:

If the mod is active and working correctly the credit card input fields will become disabled and gray out when the customer hits the button to submit the order.

In case anyone is interested here is what I think is the problem, but since I'm not a security expert it's going to be an uphill climb.

Our current certificate connection as shown on Chrome:

- Your connection to www.memorial-urns.com is encryted with obsolete crytography.
- Connection uses TLS 1.2
- Your connection is encrypted with aes_256_cbc, with SHA1 for message authentication, and ECDHE_RSA as the key exchange mechanism.

I'm getting all Green locks on Chrome. My understanding is this has to do with server settings having to do with encryption and not the certificate itself which is a SHA2 Cert as verified by QUALYS SSL Labs.

QUALYS LABS:
Key: RSA 2048 bits.
Signature Algorithm: SHA256withRSA

According to QUALYS Labs, The certificate path does show a Self Signed RSA 2048 bits / SHA1withRSA which is weak or insecure but no impact on root certificate.

I'll be sending this to Authorizenet and my host provider and see what they say.

BCSE 05-21-2015 09:51 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Glad you got so much information figured out. Let us know what they say. I do know Authorize.net is VERY picky on the SSL certs they will trust.

Carrie

BCSE 06-15-2015 05:46 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by 2coolbaby
I am in the process of doing a major upgrade. From 4.4.5 to 4.7.2. If I purchase the 4.5.0 version for the first stage of the upgrade, will I have to pay to upgrade to further versions during the upgrade process? It could take days or longer to get to the final upgrade and I prefer to have my store open during that time.


You can just request both versions at time of purchase. We can send both to you no problem!

Thanks,

Carrie

BCSE2 06-26-2015 08:18 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
We have added new functionality to the Authorize.net DPM mod; It now allows customers to save their credit card information for future use!

Here are some screenshots of how this appears to the customer:

http://www.bcsengineering.com/store/images/D/01_loading.jpg

http://www.bcsengineering.com/store/images/D/02_saved_cards.jpg

http://www.bcsengineering.com/store/images/D/03_new_card.jpg


For more details on this mod, please check out the features on our store page: http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html?utm_source=xforum&utm_medium=forum& utm_campaign=modupdate


Mario
BCS Engineering

BCSE 12-01-2015 12:38 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
One of our best mods got better! Did you know you can now STORE credit cards with our latest DPM module? Authorize.net updated their API to allow storage of credit cards securely on their servers. We have taken advantage of it and you can allow your customers to store their cards for future use. You only store a unique token to be able to reuse that card information at Authorize.net, no card data is seen or stored by your X-cart!

Drop us an email if you want a demo or see screen shots from previous post!

http://www.bcsengineering.com/contact_us/


Thanks,

Carrie

quietcoolone 12-01-2015 12:58 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Carrie,
Great work.
is there a separate update for those of us who already have this Module?

BCSE 12-02-2015 04:07 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by quietcoolone
Carrie,
Great work.
is there a separate update for those of us who already have this Module?


Thanks! Just drop us an email and we can figure out how best to update you!

Thanks,

Carrie

quietcoolone 03-07-2016 11:49 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by BCSE
Thanks! Just drop us an email and we can figure out how best to update you!

Thanks,

Carrie

Purchased the update and had some issues, but the folks at BCSE took care of them and i'm happy!

Thank you.

BCSE 03-11-2016 10:24 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by quietcoolone
Purchased the update and had some issues, but the folks at BCSE took care of them and i'm happy!

Thank you.


Glad we could help!

Carrie

mattstyle2 04-10-2016 12:06 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Can refunds be sent to customers without them having to save their card information?

BCSE 04-12-2016 11:47 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Yes I'm pretty sure. If you could email though I could be more confident in our answer as it depends on what version of X-cart, what version of the DPM you have, etc.

Thanks,

Carrie

mattstyle2 04-13-2016 01:19 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by BCSE
Yes I'm pretty sure. If you could email though I could be more confident in our answer as it depends on what version of X-cart, what version of the DPM you have, etc.

Thanks,

Carrie


OK, I did some testing.. With XC 4.1.x version of the mod there is no method to refund an order but I was able to create one using the SDK that was included with the 4.7.x version, making some custom dbase tables, modifying the php and templates...

If I had to do it again, I'd probably use their soap xml or JSON method to create a refund request..

The thing I really don't like about authorize.net is that refunds cannont take place until the payment has settled.. So this requires more custom software.. to queue the refunds and then retry them until they are approved..

overall the module is good.. especially for the price.. would of paid a few hundred more though if you included the refund functions for the older XC versions and also had some type of refund queue.

I'll write back after we move it live in a week or so.. hopefully this will work better than the alterdcart paypal dpm module that gives us random unfinished orders.

-Matt

BCSE 04-13-2016 05:57 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Yes it really depends on the X-cart version as some did not have means of being able to refund. Let us know if you need anything!

Thanks,

Carrie

2coolbaby 04-15-2016 05:43 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I just purchased the newest version for my 4.7.5 store a few weeks ago. I didn't see anything about being able to save a card to charge later. I get lots of customer asking me to add something on and just charge their card, which has been impossible until now. So how do I activate this and use it? I didn't see anything in the instructions, but I might have just missed it. If it is there, give me an idea where to find it please.

BCSE 04-20-2016 07:11 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by 2coolbaby
I just purchased the newest version for my 4.7.5 store a few weeks ago. I didn't see anything about being able to save a card to charge later. I get lots of customer asking me to add something on and just charge their card, which has been impossible until now. So how do I activate this and use it? I didn't see anything in the instructions, but I might have just missed it. If it is there, give me an idea where to find it please.



Sorry for the delay here! I've been out of the office with a sick child. Did you email us for support? I didn't know if you had your question taken care of that way.

Thanks,

Carrie

2coolbaby 04-22-2016 01:13 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
No, I didn't. I didn't realize that was a feature of the mod until I read this topic, which is why I posted the question here.

BCSE2 05-18-2016 08:17 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Sign up for Authorize.net through us and we will give you our Authorize.net DPM for free! Click here for more details.

Mario
BCS Engineering

BCSE2 11-07-2016 08:13 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Sign up for Authorize.net using our link we will give you our Authorize.net DPM Mod for FREE!! Already registered with Authorize.net but want to take advantage of this terrific offer? Contact us and we will work with you to fill out a transfer form and provide you with a coupon code for the free mod!

2coolbaby 12-18-2016 03:01 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
I use your mod, but lately, I have been having an issue with incorrect x-cart invoice Order ID numbers being sent to Authorize.net and it is causing some serious problems. For instance, we are now at invoice number 47800. But a new sale sent an invoice number of 47759 and then the second time they tried 47760 to Authorize.net and there is no new order in our system for this customer. Those invoice numbers are for orders already processed and completed by different customers weeks ago. So Authorize.net can't transmit back correctly that payment has been accepted and if they try again to purchase thinking something went wrong, they get an Access Denied. This has happened 4 times in the last few days! But other orders transmit correctly. I have no idea why it just occasionally glitches, but it's causing upset customers. Any ideas what we have going on?

cherie 12-18-2016 04:53 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
You may need to get a more recent version of the module.

BCSE 12-21-2016 01:43 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by 2coolbaby
I use your mod, but lately, I have been having an issue with incorrect x-cart invoice Order ID numbers being sent to Authorize.net and it is causing some serious problems. For instance, we are now at invoice number 47800. But a new sale sent an invoice number of 47759 and then the second time they tried 47760 to Authorize.net and there is no new order in our system for this customer. Those invoice numbers are for orders already processed and completed by different customers weeks ago. So Authorize.net can't transmit back correctly that payment has been accepted and if they try again to purchase thinking something went wrong, they get an Access Denied. This has happened 4 times in the last few days! But other orders transmit correctly. I have no idea why it just occasionally glitches, but it's causing upset customers. Any ideas what we have going on?


Best to always email us for support! We sometimes do not have time to check the forums! I see you've contacted us today though. :)

thanks,

Carrie


All times are GMT -8. The time now is 03:32 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.