Re: Authorize.net DPM (PA/DSS Compliant)
Confused - we can use Authorize.net DPM WITHOUT X-Payments or do we need X-Payments as well in 4.6.X to be PA/DSS compliant?
|
Re: Authorize.net DPM (PA/DSS Compliant)
If you mean BCSE's mod - no, you do not need X-Payments, but you should consult with your PCI QSA or merchant account provider first as the mod is not listed at the PCI Council's list of PA-DSS validated applications. This doesn't mean you can't use it, though. That's why I suggest you to consult first.
|
Re: Authorize.net DPM (PA/DSS Compliant)
You do not need X-payments with either of our Authorize.net modules. Both the DPM and CIM send payments directly to Authorize.net.
However, to be fully PCI compliant, no matter whether you use our modules or X-payments, you still need to fill out a PCI questionnaire as PCI compliance goes beyond what Credit Card processor you use. Your underlying business processes are also looked at to make sure they are PCI compliant as well. Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Got it - thanks.
|
Re: Authorize.net DPM (PA/DSS Compliant)
Major problem. We have x-cart pro with this mod, and now I see that when someone places an order that is split between two vendors, authorize.net only authorizes the first invoice - whatever the amount is, and does not pass on the amount for the second invoice.
I just checked and see this happened twice. The approval code is the same for both orders, but only the first gets charged. |
Re: Authorize.net DPM (PA/DSS Compliant)
Okay, I checked and it does pass the values. The problem is that on authorize it will only capture first amount and then close the charge, not letting the second get captured. This post doesn't belong here - not sure where, but not here. sorry.
|
Re: Authorize.net DPM (PA/DSS Compliant)
If you mean our module, please drop us an email or support ticket so we can take a look. We don't have any reports of this and we have a *lot* of people using it. I'm not sure if any use pro/platinum though.
Thanks Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Just wanted to check in to make sure you dropped us an email. Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
This had nothing to do with your module, it actually was a stoneedge issue. When capturing a split invoice, it would deny the balance.
|
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Thanks for letting us know! I appreciate it! Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Hi Carrie,
Just working on our SAQ but am confused about something. The BCSE web site says that we can use the SAQ-A if we're using this DPM module, but the SAQ-A has the following requirement: "The entirety of all payment pages delivered to the consumer's browser originates directly from a third-party PCI DSS validated service provider(s)." But with DPM that's not the case, or am I confused? ** Edit ** That quote comes from the SAQ 3.0 (which doesn't come into force until January 2015.) Nonetheless, this will have implications for this addon, no? |
Re: Authorize.net DPM (PA/DSS Compliant)
You also can't fill out SAQ-A if you take orders by phone, or fax. Saying you can use SAQ-A is not true if you take credit card payments by other methods.
Steve |
Re: Authorize.net DPM (PA/DSS Compliant)
Let me get back to you on this. It seems they have changed some things recently. The best person to help me with this answer is out until Tuesday.
I do know that you can tell the scanning people that you are a 'redirect merchant' type which makes what scans you have to pass simpler. And Steve is right, it all really depends on your other business processes as well as to what SAQ you fill out per our *'d note on the page too. "* A full assessment of a vendors specific business process is required to determine which SAQ needs to be completed to achieve PCI compliance." Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png
Will it look like this? http://www.x-cart.com/sites/default/files/blog/4.png or this? http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png or something else? Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots. |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
It basically looks like this: http://www.x-cart.com/sites/default/files/blog/4.png But it has the card logos, etc too. Let us know if that doesn't help answer your question. Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
We're still improving this module based upon customer feedback! Most recent improvement was some extra javascript to help customer interaction!
Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Our Authorize.net DPM module is now compatible with 4.7.x!
http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html Did you also know we have a Paypal DPM now too?! http://www.bcsengineering.com/store/paypal-dpm-for-x-cart.html Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
I get the following message when I submit an order with Auth DPM enabled.
An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card. This transaction has been approved. It is advisable for you to contact the merchant to verify that you will receive the product or service. I thought this might be a receipt or response URL issue. I do not use Receipt or Response URLS by default. But I went ahead and added: http://www.memorial-urns.com/authorizenet_dpm_response.php to the receipt URL in Authorize.net's panel. (BTW, this is a live site. I have my IP added for testing). Now I get the following message when an order is executed: 3,2,14,The referrer, relay response or receipt link URL is invalid.,,P,0,,,0.02,CC,auth_capture,,,,,,,,,,,,,, ,,,,,,,,, The script is in the store root directory. I have tried changing it to 777 permissions. No help. I have submitted a BCSE ticket: #ZWM-970-72798 Thanks, Vaughn |
Re: Authorize.net DPM (PA/DSS Compliant)
Vaughn,
I'll detail more in your ticket, but I'd recommend *not* having a return url as we pass that to Authorize.net anyway. The reason for the first error, could be due to various things. 1. Shop Closed 2. SSL certificate that Authorize.net doesn't recognize. 3. Reverse DNS issues Basically it's saying, yes I approved your transaction, but I don't trust your site to get back to it, or I can't get there. I'll submit in the ticket as well and we can figure it out from there so we can share the info with my staff. thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
I have the BCSE DPM module working temporarily by forcing the Authorizenet response URL to a non-secure HTTP instead of HTTPS which is timing out.
Some history and a heads up... This all came about because I wanted to verify on the Authorizenet sandbox that our site would continue working after May 26th when the SHA2 certs would be required. Their Sandbox has the upgraded ver 3.1 that will go live on May 26th. What I discovered while testing was that the BCSE module installed two years ago on our site had never been executing. I'm disappointed in myself for not checking more deeply. I relied on the installation instruction for the module and it's method for determining if the module was really executing. It turns out, that for us, with the Xcart's One Page Checkout installed, that the method is inconclusive. Whether the module is enabled or not the order submit page displayed is exactly the same. I hold myself fully responsible for this as I should have caught this then. I have since placed log messages in the code to indicate when it's Executing. The installation instructions state: If the mod is active and working correctly the credit card input fields will become disabled and gray out when the customer hits the button to submit the order. In case anyone is interested here is what I think is the problem, but since I'm not a security expert it's going to be an uphill climb. Our current certificate connection as shown on Chrome: - Your connection to www.memorial-urns.com is encryted with obsolete crytography. - Connection uses TLS 1.2 - Your connection is encrypted with aes_256_cbc, with SHA1 for message authentication, and ECDHE_RSA as the key exchange mechanism. I'm getting all Green locks on Chrome. My understanding is this has to do with server settings having to do with encryption and not the certificate itself which is a SHA2 Cert as verified by QUALYS SSL Labs. QUALYS LABS: Key: RSA 2048 bits. Signature Algorithm: SHA256withRSA According to QUALYS Labs, The certificate path does show a Self Signed RSA 2048 bits / SHA1withRSA which is weak or insecure but no impact on root certificate. I'll be sending this to Authorizenet and my host provider and see what they say. |
Re: Authorize.net DPM (PA/DSS Compliant)
Glad you got so much information figured out. Let us know what they say. I do know Authorize.net is VERY picky on the SSL certs they will trust.
Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
You can just request both versions at time of purchase. We can send both to you no problem! Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
We have added new functionality to the Authorize.net DPM mod; It now allows customers to save their credit card information for future use!
Here are some screenshots of how this appears to the customer: http://www.bcsengineering.com/store/images/D/01_loading.jpg http://www.bcsengineering.com/store/images/D/02_saved_cards.jpg http://www.bcsengineering.com/store/images/D/03_new_card.jpg For more details on this mod, please check out the features on our store page: http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html?utm_source=xforum&utm_medium=forum& utm_campaign=modupdate Mario BCS Engineering |
Re: Authorize.net DPM (PA/DSS Compliant)
One of our best mods got better! Did you know you can now STORE credit cards with our latest DPM module? Authorize.net updated their API to allow storage of credit cards securely on their servers. We have taken advantage of it and you can allow your customers to store their cards for future use. You only store a unique token to be able to reuse that card information at Authorize.net, no card data is seen or stored by your X-cart!
Drop us an email if you want a demo or see screen shots from previous post! http://www.bcsengineering.com/contact_us/ Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Carrie,
Great work. is there a separate update for those of us who already have this Module? |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Thanks! Just drop us an email and we can figure out how best to update you! Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Thank you. |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Glad we could help! Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Can refunds be sent to customers without them having to save their card information?
|
Re: Authorize.net DPM (PA/DSS Compliant)
Yes I'm pretty sure. If you could email though I could be more confident in our answer as it depends on what version of X-cart, what version of the DPM you have, etc.
Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
OK, I did some testing.. With XC 4.1.x version of the mod there is no method to refund an order but I was able to create one using the SDK that was included with the 4.7.x version, making some custom dbase tables, modifying the php and templates... If I had to do it again, I'd probably use their soap xml or JSON method to create a refund request.. The thing I really don't like about authorize.net is that refunds cannont take place until the payment has settled.. So this requires more custom software.. to queue the refunds and then retry them until they are approved.. overall the module is good.. especially for the price.. would of paid a few hundred more though if you included the refund functions for the older XC versions and also had some type of refund queue. I'll write back after we move it live in a week or so.. hopefully this will work better than the alterdcart paypal dpm module that gives us random unfinished orders. -Matt |
Re: Authorize.net DPM (PA/DSS Compliant)
Yes it really depends on the X-cart version as some did not have means of being able to refund. Let us know if you need anything!
Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
I just purchased the newest version for my 4.7.5 store a few weeks ago. I didn't see anything about being able to save a card to charge later. I get lots of customer asking me to add something on and just charge their card, which has been impossible until now. So how do I activate this and use it? I didn't see anything in the instructions, but I might have just missed it. If it is there, give me an idea where to find it please.
|
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Sorry for the delay here! I've been out of the office with a sick child. Did you email us for support? I didn't know if you had your question taken care of that way. Thanks, Carrie |
Re: Authorize.net DPM (PA/DSS Compliant)
No, I didn't. I didn't realize that was a feature of the mod until I read this topic, which is why I posted the question here.
|
Re: Authorize.net DPM (PA/DSS Compliant)
Sign up for Authorize.net through us and we will give you our Authorize.net DPM for free! Click here for more details.
Mario BCS Engineering |
Re: Authorize.net DPM (PA/DSS Compliant)
Sign up for Authorize.net using our link we will give you our Authorize.net DPM Mod for FREE!! Already registered with Authorize.net but want to take advantage of this terrific offer? Contact us and we will work with you to fill out a transfer form and provide you with a coupon code for the free mod!
|
Re: Authorize.net DPM (PA/DSS Compliant)
I use your mod, but lately, I have been having an issue with incorrect x-cart invoice Order ID numbers being sent to Authorize.net and it is causing some serious problems. For instance, we are now at invoice number 47800. But a new sale sent an invoice number of 47759 and then the second time they tried 47760 to Authorize.net and there is no new order in our system for this customer. Those invoice numbers are for orders already processed and completed by different customers weeks ago. So Authorize.net can't transmit back correctly that payment has been accepted and if they try again to purchase thinking something went wrong, they get an Access Denied. This has happened 4 times in the last few days! But other orders transmit correctly. I have no idea why it just occasionally glitches, but it's causing upset customers. Any ideas what we have going on?
|
Re: Authorize.net DPM (PA/DSS Compliant)
You may need to get a more recent version of the module.
|
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
Best to always email us for support! We sometimes do not have time to check the forums! I see you've contacted us today though. :) thanks, Carrie |
All times are GMT -8. The time now is 02:10 PM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.