Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Authorize.net DPM (PA/DSS Compliant)

 
Reply
   X-Cart forums > X-Cart 4 > Third Party Add-Ons for X-Cart 4
 
Thread Tools
  #91  
Old 04-03-2014, 07:49 PM
  tqualizerman's Avatar 
tqualizerman tqualizerman is offline
 

X-Adept
  
Join Date: Jun 2008
Posts: 392
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

Hi Carrie,

Just working on our SAQ but am confused about something. The BCSE web site says that we can use the SAQ-A if we're using this DPM module, but the SAQ-A has the following requirement:

"The entirety of all payment pages delivered to the consumer's browser originates directly from a third-party PCI DSS validated service provider(s)."

But with DPM that's not the case, or am I confused?

** Edit **

That quote comes from the SAQ 3.0 (which doesn't come into force until January 2015.) Nonetheless, this will have implications for this addon, no?
__________________
- www.nerdseven.com - Gadgets & Gizmos from Out of This World
- Sound Sensitive T-Shirts That Flash to the Beat of Music (http://www.tqualizer.com)


X-Cart Version 4.1.10
Reply With Quote
  #92  
Old 04-04-2014, 04:34 AM
 
BritSteve BritSteve is offline
 

eXpert
  
Join Date: Apr 2006
Posts: 339
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

You also can't fill out SAQ-A if you take orders by phone, or fax. Saying you can use SAQ-A is not true if you take credit card payments by other methods.

Steve
__________________
Version 4.1.8 & 4.1.9
ezcheckout4.1.x
cdseolinks2
product_metatags41x
shipping_per_product41x

http://www.earthsmagic.com
Reply With Quote
  #93  
Old 04-04-2014, 09:31 AM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,090
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

Let me get back to you on this. It seems they have changed some things recently. The best person to help me with this answer is out until Tuesday.

I do know that you can tell the scanning people that you are a 'redirect merchant' type which makes what scans you have to pass simpler. And Steve is right, it all really depends on your other business processes as well as to what SAQ you fill out per our *'d note on the page too.

"* A full assessment of a vendors specific business process is required to determine which SAQ needs to be completed to achieve PCI compliance."

Thanks,

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #94  
Old 11-07-2014, 11:59 AM
  Mr. G's Avatar 
Mr. G Mr. G is offline
 

eXpert
  
Join Date: Nov 2010
Posts: 386
 

Question Re: Authorize.net DPM (PA/DSS Compliant)

I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png

Will it look like this?
http://www.x-cart.com/sites/default/files/blog/4.png
or this?
http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png
or something else?

Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots.
__________________
4.7.6 Gold Plus
XCartMods.co.uk Ultra Template
X-Cart Abandoned Cart
BCSE PayPal DPM
CDSEO Pro 2.1.8
BCSE Drop Shipper Pro
Google Rich Snippets
Time and money-saving tips I've learned as a webstore owner at http://ShoppingCart-Program.com
Reply With Quote
  #95  
Old 11-09-2014, 11:28 AM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,090
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

Quote:
Originally Posted by Mr. G
I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png

Will it look like this?
http://www.x-cart.com/sites/default/files/blog/4.png
or this?
http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png
or something else?

Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots.

It basically looks like this:
http://www.x-cart.com/sites/default/files/blog/4.png

But it has the card logos, etc too.

Let us know if that doesn't help answer your question.

Thanks,

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote

The following user thanks BCSE for this useful post:
totaltec (11-10-2014)
  #96  
Old 01-28-2015, 04:46 AM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,090
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

We're still improving this module based upon customer feedback! Most recent improvement was some extra javascript to help customer interaction!

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #97  
Old 04-21-2015, 09:46 AM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,090
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

Our Authorize.net DPM module is now compatible with 4.7.x!

http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html

Did you also know we have a Paypal DPM now too?!

http://www.bcsengineering.com/store/paypal-dpm-for-x-cart.html

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #98  
Old 05-15-2015, 12:11 PM
 
snowman99 snowman99 is offline
 

Member
  
Join Date: Feb 2007
Posts: 21
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

I get the following message when I submit an order with Auth DPM enabled.

An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

This transaction has been approved.
It is advisable for you to contact the merchant to verify that you will receive the product or service.



I thought this might be a receipt or response URL issue. I do not use Receipt or Response URLS by default. But I went ahead and added: http://www.memorial-urns.com/authorizenet_dpm_response.php to the receipt URL in Authorize.net's panel. (BTW, this is a live site. I have my IP added for testing).

Now I get the following message when an order is executed:

3,2,14,The referrer, relay response or receipt link URL is invalid.,,P,0,,,0.02,CC,auth_capture,,,,,,,,,,,,,, ,,,,,,,,,

The script is in the store root directory. I have tried changing it to 777 permissions. No help.

I have submitted a BCSE ticket: #ZWM-970-72798

Thanks,

Vaughn
__________________
X-cart Ver: 4.7.10 (Linux/Apache)
XCartMods Ultra Template
BCSE Authorize DPM Module
CDSEO 2.2.0
CDSEO Pro Admin
Reply With Quote
  #99  
Old 05-15-2015, 05:25 PM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Guru
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 3,090
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

Vaughn,

I'll detail more in your ticket, but I'd recommend *not* having a return url as we pass that to Authorize.net anyway.

The reason for the first error, could be due to various things.

1. Shop Closed
2. SSL certificate that Authorize.net doesn't recognize.
3. Reverse DNS issues

Basically it's saying, yes I approved your transaction, but I don't trust your site to get back to it, or I can't get there.

I'll submit in the ticket as well and we can figure it out from there so we can share the info with my staff.

thanks,

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #100  
Old 05-19-2015, 12:23 PM
 
snowman99 snowman99 is offline
 

Member
  
Join Date: Feb 2007
Posts: 21
 

Default Re: Authorize.net DPM (PA/DSS Compliant)

I have the BCSE DPM module working temporarily by forcing the Authorizenet response URL to a non-secure HTTP instead of HTTPS which is timing out.

Some history and a heads up...

This all came about because I wanted to verify on the Authorizenet sandbox that our site would continue working after May 26th when the SHA2 certs would be required. Their Sandbox has the upgraded ver 3.1 that will go live on May 26th. What I discovered while testing was that the BCSE module installed two years ago on our site had never been executing. I'm disappointed in myself for not checking more deeply. I relied on the installation instruction for the module and it's method for determining if the module was really executing. It turns out, that for us, with the Xcart's One Page Checkout installed, that the method is inconclusive. Whether the module is enabled or not the order submit page displayed is exactly the same. I hold myself fully responsible for this as I should have caught this then. I have since placed log messages in the code to indicate when it's Executing.

The installation instructions state:

If the mod is active and working correctly the credit card input fields will become disabled and gray out when the customer hits the button to submit the order.

In case anyone is interested here is what I think is the problem, but since I'm not a security expert it's going to be an uphill climb.

Our current certificate connection as shown on Chrome:

- Your connection to www.memorial-urns.com is encryted with obsolete crytography.
- Connection uses TLS 1.2
- Your connection is encrypted with aes_256_cbc, with SHA1 for message authentication, and ECDHE_RSA as the key exchange mechanism.

I'm getting all Green locks on Chrome. My understanding is this has to do with server settings having to do with encryption and not the certificate itself which is a SHA2 Cert as verified by QUALYS SSL Labs.

QUALYS LABS:
Key: RSA 2048 bits.
Signature Algorithm: SHA256withRSA

According to QUALYS Labs, The certificate path does show a Self Signed RSA 2048 bits / SHA1withRSA which is weak or insecure but no impact on root certificate.

I'll be sending this to Authorizenet and my host provider and see what they say.
__________________
X-cart Ver: 4.7.10 (Linux/Apache)
XCartMods Ultra Template
BCSE Authorize DPM Module
CDSEO 2.2.0
CDSEO Pro Admin
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Third Party Add-Ons for X-Cart 4


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 04:36 PM.

   

 
X-Cart forums © 2001-2020