| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
Authorize.net DPM (PA/DSS Compliant) | ||||
|
|
Thread Tools |
#91
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Hi Carrie,
Just working on our SAQ but am confused about something. The BCSE web site says that we can use the SAQ-A if we're using this DPM module, but the SAQ-A has the following requirement: "The entirety of all payment pages delivered to the consumer's browser originates directly from a third-party PCI DSS validated service provider(s)." But with DPM that's not the case, or am I confused? ** Edit ** That quote comes from the SAQ 3.0 (which doesn't come into force until January 2015.) Nonetheless, this will have implications for this addon, no?
__________________
- www.nerdseven.com - Gadgets & Gizmos from Out of This World - Sound Sensitive T-Shirts That Flash to the Beat of Music (http://www.tqualizer.com) X-Cart Version 4.1.10 |
|||||||||
#92
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
You also can't fill out SAQ-A if you take orders by phone, or fax. Saying you can use SAQ-A is not true if you take credit card payments by other methods.
Steve
__________________
Version 4.1.8 & 4.1.9 ezcheckout4.1.x cdseolinks2 product_metatags41x shipping_per_product41x http://www.earthsmagic.com |
|||||||
#93
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Let me get back to you on this. It seems they have changed some things recently. The best person to help me with this answer is out until Tuesday.
I do know that you can tell the scanning people that you are a 'redirect merchant' type which makes what scans you have to pass simpler. And Steve is right, it all really depends on your other business processes as well as to what SAQ you fill out per our *'d note on the page too. "* A full assessment of a vendors specific business process is required to determine which SAQ needs to be completed to achieve PCI compliance." Thanks, Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#94
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
I'm trying to determine what BCSE DPM module will look like when implemented with X-Cart's default One Page Checkout, which looks like this: http://marketplace.x-cart.com/images/xcart_4_4_screenshots/one_page_checkout.png
Will it look like this? http://www.x-cart.com/sites/default/files/blog/4.png or this? http://www.x-cart.com/sites/default/files/blog/__PayPal_Advanced.png or something else? Unfortunately BCSE's page for it here http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html does not have any screenshots.
__________________
4.7.6 Gold Plus XCartMods.co.uk Ultra Template X-Cart Abandoned Cart BCSE PayPal DPM CDSEO Pro 2.1.8 BCSE Drop Shipper Pro Google Rich Snippets Time and money-saving tips I've learned as a webstore owner at http://ShoppingCart-Program.com |
|||||||||
#95
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Quote:
It basically looks like this: http://www.x-cart.com/sites/default/files/blog/4.png But it has the card logos, etc too. Let us know if that doesn't help answer your question. Thanks, Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
|
#96
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
We're still improving this module based upon customer feedback! Most recent improvement was some extra javascript to help customer interaction!
Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#97
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Our Authorize.net DPM module is now compatible with 4.7.x!
http://www.bcsengineering.com/store/authorize.net-dpm-module-for-x-cart-pa-dss-compliant.html Did you also know we have a Paypal DPM now too?! http://www.bcsengineering.com/store/paypal-dpm-for-x-cart.html Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#98
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
I get the following message when I submit an order with Auth DPM enabled.
An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card. This transaction has been approved. It is advisable for you to contact the merchant to verify that you will receive the product or service. I thought this might be a receipt or response URL issue. I do not use Receipt or Response URLS by default. But I went ahead and added: http://www.memorial-urns.com/authorizenet_dpm_response.php to the receipt URL in Authorize.net's panel. (BTW, this is a live site. I have my IP added for testing). Now I get the following message when an order is executed: 3,2,14,The referrer, relay response or receipt link URL is invalid.,,P,0,,,0.02,CC,auth_capture,,,,,,,,,,,,,, ,,,,,,,,, The script is in the store root directory. I have tried changing it to 777 permissions. No help. I have submitted a BCSE ticket: #ZWM-970-72798 Thanks, Vaughn
__________________
X-cart Ver: 4.7.10 (Linux/Apache) XCartMods Ultra Template BCSE Authorize DPM Module CDSEO 2.2.0 CDSEO Pro Admin |
|||||||
#99
|
|||||||||
|
|||||||||
Re: Authorize.net DPM (PA/DSS Compliant)
Vaughn,
I'll detail more in your ticket, but I'd recommend *not* having a return url as we pass that to Authorize.net anyway. The reason for the first error, could be due to various things. 1. Shop Closed 2. SSL certificate that Authorize.net doesn't recognize. 3. Reverse DNS issues Basically it's saying, yes I approved your transaction, but I don't trust your site to get back to it, or I can't get there. I'll submit in the ticket as well and we can figure it out from there so we can share the info with my staff. thanks, Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002! We support X-cart versions 3.x through 5.x! Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more! Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com Please E-Mail us for questions/support! |
|||||||||
#100
|
|||||||
|
|||||||
Re: Authorize.net DPM (PA/DSS Compliant)
I have the BCSE DPM module working temporarily by forcing the Authorizenet response URL to a non-secure HTTP instead of HTTPS which is timing out.
Some history and a heads up... This all came about because I wanted to verify on the Authorizenet sandbox that our site would continue working after May 26th when the SHA2 certs would be required. Their Sandbox has the upgraded ver 3.1 that will go live on May 26th. What I discovered while testing was that the BCSE module installed two years ago on our site had never been executing. I'm disappointed in myself for not checking more deeply. I relied on the installation instruction for the module and it's method for determining if the module was really executing. It turns out, that for us, with the Xcart's One Page Checkout installed, that the method is inconclusive. Whether the module is enabled or not the order submit page displayed is exactly the same. I hold myself fully responsible for this as I should have caught this then. I have since placed log messages in the code to indicate when it's Executing. The installation instructions state: If the mod is active and working correctly the credit card input fields will become disabled and gray out when the customer hits the button to submit the order. In case anyone is interested here is what I think is the problem, but since I'm not a security expert it's going to be an uphill climb. Our current certificate connection as shown on Chrome: - Your connection to www.memorial-urns.com is encryted with obsolete crytography. - Connection uses TLS 1.2 - Your connection is encrypted with aes_256_cbc, with SHA1 for message authentication, and ECDHE_RSA as the key exchange mechanism. I'm getting all Green locks on Chrome. My understanding is this has to do with server settings having to do with encryption and not the certificate itself which is a SHA2 Cert as verified by QUALYS SSL Labs. QUALYS LABS: Key: RSA 2048 bits. Signature Algorithm: SHA256withRSA According to QUALYS Labs, The certificate path does show a Self Signed RSA 2048 bits / SHA1withRSA which is weak or insecure but no impact on root certificate. I'll be sending this to Authorizenet and my host provider and see what they say.
__________________
X-cart Ver: 4.7.10 (Linux/Apache) XCartMods Ultra Template BCSE Authorize DPM Module CDSEO 2.2.0 CDSEO Pro Admin |
|||||||
|
Thread Tools | |
|
|
|
|||
X-Cart forums © 2001-2020
|