bsmither Posted January 22, 2013 Share Posted January 22, 2013 Since the Cubecart code is 99% human-readable, I will assert that anything can be done. Not converting a Shopping Basket to a pending Cart until a payment has been attempted can be done. Time, Money, Quality, Compatibility with other mods and enhancements -- Choose any two. Quote Link to comment Share on other sites More sharing options...
CHGTF Posted December 6, 2014 Share Posted December 6, 2014 Ok I am having this issue as well but my only issue is that when I click the Dashboard > Orders > (Order #####) > Credit Card Details I See ""View under SSL"" How do tunr that on??????? Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 6, 2014 Share Posted December 6, 2014 "How do I turn SSL on?" There is a setting in admin, Store Settings. If you choose to enable SSL for your store, there is the requirement that you get an SSL certificate for your store's domain name and get your hosting provider to install it for you. If you are on a shared server hosting plan, the hosting provider will need to work with you to acquire the certificate. There are also a couple of extra settings that need to be filled in when SSL is enabled. Once that is all good, make sure you access the admin with https. Quote Link to comment Share on other sites More sharing options...
CHGTF Posted December 6, 2014 Share Posted December 6, 2014 HAHA - Just needed a "s" in the http address.. O WOW Thats funny to me - Thanks bsmither - I owe you a drink, a fruit basket, a custom painted mouse pad, or something - HAHA Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 7, 2014 Share Posted December 7, 2014 HAHA - Just needed a "s" in the http address.. O WOW Unless you already had a SSL certificate installed for your domain on your hosting then simply entering https as the url, and ignoring the security warning that would have been shown, is NOT enough Firstly, you will be viewing customer credit card details not protected by any security ! Secondly, this will simply be compounding what is probably an even bigger issue which is using this payment gateway at all when using shared hosting (which I am assuming you are). The PCI requirements of using this gateway are very high even if you are running on your own dedicated server but would probably never be allowed on shared hosting - the fines if discovered cpuld be very large ! Ian Quote Link to comment Share on other sites More sharing options...
CHGTF Posted December 8, 2014 Share Posted December 8, 2014 @havenswift-hosting We have a valid SSL certificate installed I get no security warning what so ever Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 8, 2014 Share Posted December 8, 2014 @havenswift-hosting We have a valid SSL certificate installed I get no security warning what so everAt least you have a SSL installed - that is a start ! The other points still hold true though. Quote Link to comment Share on other sites More sharing options...
CHGTF Posted December 8, 2014 Share Posted December 8, 2014 @havenswift-hosting We have a valid SSL certificate installed I get no security warning what so ever At least you have a SSL installed - that is a start ! The other points still hold true though. Yea I have the SSL certificate I got for the website from the links Host-Gator sent me too from C-Panel. I presumed that the Site having SSL in general means that both the CubeCart part and the site its self which customers place the order on have each been secured by the SSL. Is this not the case? If not - how do I ensure that is the case or how do I make that the case?? Do I need a different SSL certificate for the CubeCart site its self or how do I get that secured as well if it isn’t already ? ? I mean if my Web site has SSL and I can ensure that the transactions are all safe and stuff then CubeCart lets me look at them later but NOT keep those safe as well - why would cube cart offer up a payment option that is not secure?? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 8, 2014 Share Posted December 8, 2014 Having a SSL certificate installed on your hosting will make communication either by front end visitors or you as an admin, more secure and in many people's opinion (mine included) ALL E-Commerce websites or CMS websites should always have an SSL installed if you have customers or admin login functionality. However, PCI validation is something totally different and is something that all E-Commerce stores should get certification for annually. If you use offsite payment methods such as standard PayPal or any other gateway where your customers are taken to the payment gateway companies website to complete payment, then PCI compliance is generally very simple. If however, you take payment on your site or even more importantly, collect credit card details, then the tests to meet PCI compliance are MUCH stricter. It is not about the payment gateway or CubeCart being secure or insecure - PCI compliance required at this level is generally impossible on shared hosting servers and you would almost certainly have to be using your own dedicated server which has gone through high level security hardening Ian Quote Link to comment Share on other sites More sharing options...
bsmither Posted December 9, 2014 Share Posted December 9, 2014 When you visit your domain (your site), try to ask your browser to show you the SSL Cert details. If the cert mentions your domain by name, then it's your cert and applies to everything at www.yourdomain.com and all the folders (path) below it. But not store.yourdomain.com, as this is considered a different "place" or subdomain. You can get a cert that will be applicable to any "sub-domain" of the main domain, but those are very much more expensive. So, just to recap, SSL encrypts the communications (what you want) and also (to varying degrees) confirms you are who you say you are. "the transactions are all safe" In the loosest sense of the phrase. "Why would CubeCart offer up a payment option that is not secure??" I recognize this to be a rhetorical question, but let's look at it anyway. It's very important that transactions be made in the best possible manner (making sure to use encrypted communications when possible, using multiple-path transaction verification, etc). So it's very nice that CubeCart will not interfere with using SSL encryption when available, nor inhibit your store's functionality when it's not*. You must agree that enforcing this environment is not CubeCart's responsibility. * I am very confident that in earlier versions of CubeCart, retrieving locally stored/encrypted credit card numbers was not always confined to an environment where your site must be under SSL encryption. From the fact that CubeCart code is 99% human-readable and editable, it is entirely conceivable that you or a third-party could create a payment gateway that makes a dismal effort, if any effort at all, at keeping credit card info secure/encrypted. Quote Link to comment Share on other sites More sharing options...
CHGTF Posted December 17, 2014 Share Posted December 17, 2014 So do I need anything other then the SSL cert that I was able to purchase and activate through my host site? Do I need to impliment anything else to ensure all the security ends are covered? Or will the SSL I have in place cover that all? Quote Link to comment Share on other sites More sharing options...
havenswift-hosting Posted December 18, 2014 Share Posted December 18, 2014 Hi Yes ! Like EVERY e-commerce store taking payments you should be completing an annual PCI audit. Below is a GUIDE only and each merchant should check with their own PCI certification company what they require - requirements vary from one company to another. This can be very simple if you use a payment gateway where card details are entered on your payment providers website, whether by the customers being taken to the third party site like with standard PayPal or SagePay Form for example, or entering details via an iFrame like with SagePay InFrame integration then it is normally a simple case of completing a short questionnaire certifying your payment method. This is because the payment gateway undergoes the scrict PCI tests and certification. If your customers enter card details on your website such as with SagePay Direct or certain PayPal and Authorize.net methods then there are much stricter requirements and the PCI company will probably want to conduct annual, quarterly or even monthly security scans and audits on your server. If you host on standard Shared Hosting (especially with cheaper hosting plans / companies) then you will likely fail on multiple points and the hosting company will not be willing to adjust the server security setup just for you. Unless you are hosting with a specialist E-Commerce hosting company (and sometimes not even then, as some PCI certification companies can be a real PITA) then you may need a dedicated server so you are in control of the server settings. If you are using Card Capture methods where you are storing credit card details, then the requirements are even higher and I have NEVER known any PCI certification company pass a site unless they are running on their own dedicated server and undergo constant security hardening. The SSL is (in my opinion) a requirement for all e-commerce stores for data transmission security reasons but has nothing at all to do with PCI requirements Ian Quote Link to comment Share on other sites More sharing options...
MARIO AWNA Posted September 17, 2015 Share Posted September 17, 2015 HelloI have SSL on my store...but I could not view the card information....It was working before. Would the new version 6.0.7 have made the changes? Quote Link to comment Share on other sites More sharing options...
MARIO AWNA Posted September 17, 2015 Share Posted September 17, 2015 In comparing the Card Capture module code between CC507 and CC515, the only real difference I see involves American Express. For this module, do you accept American Express, and then do you require the CVV2 code? Of the missing transactions in the log, can you determine which of those may have used Amex? Back to your saying that none of the twenty orders have the Transaction Logs tab. Please know that only those orders that have moved past Pending status will have anything put in the transaction logs. Can you verify that some of the "missing" orders in the transaction logs are in the Processing or later statuses? In the meantime, if you are able, open the file modulesgatewayCard_Capturegateway.class.php for editing (using a programmer's text editor) and in line 369, change "AMERICAN EXPRESS" to "Amex".Success$563.13Card CaptureYesterday, 19:56Card Details captured ready for processing offline. This is the mesage I have but I could not view the card details even under SSL. Where do I look?I am using the latest cubecart version Yes, there should be a tab for the credit card details. Please check these two things: View the Transactions tab for this order. Be sure there is the phrase "Card Details captured ready for processing offline." listed. Then, if you can, use a utility like phpMyAdmin and view the CubeCart_order_summary table. Find that cart order number and be sure there is something in the 'offline_capture' field. If those two things are good, then we need to start looking elsewhere.Hello Bsmither, I have done this instruction...the information on the offline_capture says something like "BLOB-256B". I have the same issue. I could not see the credit card information for processing. Please help. Thanks.In comparing the Card Capture module code between CC507 and CC515, the only real difference I see involves American Express. For this module, do you accept American Express, and then do you require the CVV2 code? Of the missing transactions in the log, can you determine which of those may have used Amex? Back to your saying that none of the twenty orders have the Transaction Logs tab. Please know that only those orders that have moved past Pending status will have anything put in the transaction logs. Can you verify that some of the "missing" orders in the transaction logs are in the Processing or later statuses? In the meantime, if you are able, open the file modulesgatewayCard_Capturegateway.class.php for editing (using a programmer's text editor) and in line 369, change "AMERICAN EXPRESS" to "Amex".Success$563.13Card CaptureYesterday, 19:56Card Details captured ready for processing offline. This is the mesage I have but I could not view the card details even under SSL. Where do I look?I am using the latest cubecart version Quote Link to comment Share on other sites More sharing options...
SemperFi Posted September 17, 2015 Share Posted September 17, 2015 (edited) Possible solution for CC3/CC4 stores that were upgraded to CC6. Edited September 17, 2015 by SemperFi Fixed URL to https://github.com/cubecart/v6/issues/489 Quote Link to comment Share on other sites More sharing options...
bsmither Posted September 17, 2015 Share Posted September 17, 2015 The above link is to the conversation you are now reading. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.