Jump to content

Card Capture - Can't view card details


Household 6 Designs
 Share

Recommended Posts

Since the Cubecart code is 99% human-readable, I will assert that anything can be done. Not converting a Shopping Basket to a pending Cart until a payment has been attempted can be done.

 

Time, Money, Quality, Compatibility with other mods and enhancements -- Choose any two.

Link to comment
Share on other sites

  • 1 year later...

"How do I turn SSL on?"

 

There is a setting in admin, Store Settings. If you choose to enable SSL for your store, there is the requirement that you get an SSL certificate for your store's domain name and get your hosting provider to install it for you. If you are on a shared server hosting plan, the hosting provider will need to work with you to acquire the certificate.

 

There are also a couple of extra settings that need to be filled in when SSL is enabled.

 

Once that is all good, make sure you access the admin with https.

Link to comment
Share on other sites

HAHA - Just needed a "s" in the http address.. O WOW

Unless you already had a SSL certificate installed for your domain on your hosting then simply entering https as the url, and ignoring the security warning that would have been shown, is NOT enough

Firstly, you will be viewing customer credit card details not protected by any security !

Secondly, this will simply be compounding what is probably an even bigger issue which is using this payment gateway at all when using shared hosting (which I am assuming you are). The PCI requirements of using this gateway are very high even if you are running on your own dedicated server but would probably never be allowed on shared hosting - the fines if discovered cpuld be very large !

Ian

Link to comment
Share on other sites

 

@havenswift-hosting We have a valid SSL certificate installed

 

I get no security warning what so ever

At least you have a SSL installed - that is a start ! The other points still hold true though.

 

 

Yea I have the SSL certificate I got for the website from the links Host-Gator sent me too from C-Panel.

I presumed that the Site having SSL in general means that both the CubeCart part and the site its self which customers place the order on have each been secured by the SSL.

Is this not the case? If not - how do I ensure that is the case or how do I make that the case??

Do I need a different SSL certificate for the CubeCart site its self or how do I get that secured as well if it isn’t already ? ?

I mean if my Web site has SSL and I can ensure that the transactions are all safe and stuff then CubeCart lets me look at them later but NOT keep those safe as well - why would cube cart offer up a payment option that is not secure??

Link to comment
Share on other sites

Having a SSL certificate installed on your hosting will make communication either by front end visitors or you as an admin, more secure and in many people's opinion (mine included) ALL E-Commerce websites or CMS websites should always have an SSL installed if you have customers or admin login functionality.

However, PCI validation is something totally different and is something that all E-Commerce stores should get certification for annually. If you use offsite payment methods such as standard PayPal or any other gateway where your customers are taken to the payment gateway companies website to complete payment, then PCI compliance is generally very simple. If however, you take payment on your site or even more importantly, collect credit card details, then the tests to meet PCI compliance are MUCH stricter.

It is not about the payment gateway or CubeCart being secure or insecure - PCI compliance required at this level is generally impossible on shared hosting servers and you would almost certainly have to be using your own dedicated server which has gone through high level security hardening

Ian

Link to comment
Share on other sites

When you visit your domain (your site), try to ask your browser to show you the SSL Cert details.

 

If the cert mentions your domain by name, then it's your cert and applies to everything at www.yourdomain.com and all the folders (path) below it.

 

But not store.yourdomain.com, as this is considered a different "place" or subdomain. You can get a cert that will be applicable to any "sub-domain" of the main domain, but those are very much more expensive.

 

So, just to recap, SSL encrypts the communications (what you want) and also (to varying degrees) confirms you are who you say you are.

 

"the transactions are all safe"

 

In the loosest sense of the phrase.

 

"Why would CubeCart offer up a payment option that is not secure??"

 

I recognize this to be a rhetorical question, but let's look at it anyway.

 

It's very important that transactions be made in the best possible manner (making sure to use encrypted communications when possible, using multiple-path transaction verification, etc). So it's very nice that CubeCart will not interfere with using SSL encryption when available, nor inhibit your store's functionality when it's not*.

 

You must agree that enforcing this environment is not CubeCart's responsibility.

 

* I am very confident that in earlier versions of CubeCart, retrieving locally stored/encrypted credit card numbers was not always confined to an environment where your site must be under SSL encryption. From the fact that CubeCart code is 99% human-readable and editable, it is entirely conceivable that you or a third-party could create a payment gateway that makes a dismal effort, if any effort at all, at keeping credit card info secure/encrypted.

Link to comment
Share on other sites

  • 2 weeks later...

Hi

Yes ! Like EVERY e-commerce store taking payments you should be completing an annual PCI audit. Below is a GUIDE only and each merchant should check with their own PCI certification company what they require - requirements vary from one company to another.

This can be very simple if you use a payment gateway where card details are entered on your payment providers website, whether by the customers being taken to the third party site like with standard PayPal or SagePay Form for example, or entering details via an iFrame like with SagePay InFrame integration then it is normally a simple case of completing a short questionnaire certifying your payment method. This is because the payment gateway undergoes the scrict PCI tests and certification.

If your customers enter card details on your website such as with SagePay Direct or certain PayPal and Authorize.net methods then there are much stricter requirements and the PCI company will probably want to conduct annual, quarterly or even monthly security scans and audits on your server. If you host on standard Shared Hosting (especially with cheaper hosting plans / companies) then you will likely fail on multiple points and the hosting company will not be willing to adjust the server security setup just for you. Unless you are hosting with a specialist E-Commerce hosting company (and sometimes not even then, as some PCI certification companies can be a real PITA) then you may need a dedicated server so you are in control of the server settings.

If you are using Card Capture methods where you are storing credit card details, then the requirements are even higher and I have NEVER known any PCI certification company pass a site unless they are running on their own dedicated server and undergo constant security hardening.

The SSL is (in my opinion) a requirement for all e-commerce stores for data transmission security reasons but has nothing at all to do with PCI requirements

Ian

Link to comment
Share on other sites

  • 8 months later...

In comparing the Card Capture module code between CC507 and CC515, the only real difference I see involves American Express.

 

For this module, do you accept American Express, and then do you require the CVV2 code?

 

Of the missing transactions in the log, can you determine which of those may have used Amex?

 

Back to your saying that none of the twenty orders have the Transaction Logs tab. Please know that only those orders that have moved past Pending status will have anything put in the transaction logs.

 

Can you verify that some of the "missing" orders in the transaction logs are in the Processing or later statuses?

 

In the meantime, if you are able, open the file modulesgatewayCard_Capturegateway.class.php for editing (using a programmer's text editor) and in line 369, change "AMERICAN EXPRESS" to "Amex".

Success$563.13Card CaptureYesterday, 19:56Card Details captured ready for processing offline. This is the mesage I have but I could not view the card details even under SSL. Where do I look?

I am using the latest cubecart version

 

Yes, there should be a tab for the credit card details. Please check these two things:

 

View the Transactions tab for this order. Be sure there is the phrase "Card Details captured ready for processing offline." listed.

 

Then, if you can, use a utility like phpMyAdmin and view the CubeCart_order_summary table. Find that cart order number and be sure there is something in the 'offline_capture' field.

 

If those two things are good, then we need to start looking elsewhere.

Hello Bsmither, I have done this instruction...the information on the offline_capture says something like "BLOB-256B". I have the same issue. I could not see the credit card information for processing. Please help. Thanks.

In comparing the Card Capture module code between CC507 and CC515, the only real difference I see involves American Express.

 

For this module, do you accept American Express, and then do you require the CVV2 code?

 

Of the missing transactions in the log, can you determine which of those may have used Amex?

 

Back to your saying that none of the twenty orders have the Transaction Logs tab. Please know that only those orders that have moved past Pending status will have anything put in the transaction logs.

 

Can you verify that some of the "missing" orders in the transaction logs are in the Processing or later statuses?

 

In the meantime, if you are able, open the file modulesgatewayCard_Capturegateway.class.php for editing (using a programmer's text editor) and in line 369, change "AMERICAN EXPRESS" to "Amex".

Success$563.13Card CaptureYesterday, 19:56Card Details captured ready for processing offline. This is the mesage I have but I could not view the card details even under SSL. Where do I look?

I am using the latest cubecart version

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...