Urgent : iVeri Payment / Function Questions

  • Posts: 33
  • Thank you received: 0
10 years 3 months ago #166158

-- url of the page with the problem -- : www.madman.co.za
-- HikaShop version -- : 2.3.2
-- Joomla version -- : 3.3.0

Circumstances have forced me to make my new shop live asap so I am busy trying to get the iVeri payment plugin working, however it does not look right.

I have it installed, the button is there at checkout.
When I select the iVeri payment option on checkout, the iVeri option simply drops down 4 boxes for name, card number, date and CVC number.

I am pretty sure the customer will not want to enter their card details into a simple form on a plain http link. There is no security. I would assume and expect the plugin to hand over to the iVeri backoffice on a secure server to process the payment ?

We used to use the VCS payment gateway on the old (virtuemart) shop and that would put you into a secure VCS environment where the payment is processed.

I realise this is a combination of code between iVeri and the Hikashop plugin but I do not know how it should work or what it should look like so I do not know who to contact.

I desperately need to get this working as now BOTH the online shops are down so the online payments via credit cards have stopped :-(

Please Help.

Regards
Brian

Engine Monitoring and Performance Systems
Last edit: 10 years 3 months ago by MadMan. Reason: Clarity

Please Log in or Create an account to join the conversation.

  • Posts: 26158
  • Thank you received: 4028
  • MODERATOR
10 years 3 months ago #166169

Hi,

The HikaShop iVeri plugin is working with that mode (where credit card is entered in your website) because the iVeri payment API does not provide any callback function. HikaShop can't know if the transaction has been made or not, it can't trust the generic "return page" where is no parameter allowing to know that it really comes from iVeri platform.
So, yes it means that you have to use a SSL certificate in your website, like other payment methods which are in "form" mode (instead of "redirect" one).

If you want to use iVeri plugin in classical mode, you won't be able to trust the user for the order validation and you should manually confirm your orders checking the iVeri backend (checking the amount is correct, the order number is correct, etc).
There is no possibility to have an automatic validation otherwise than the method we used.
We know that the implication is to have an SSL certificate but it was the only way.

Regards,

Jerome - Obsidev.com
HikaMarket & HikaSerial developer / HikaShop core dev team.

Also helping the HikaShop support team when having some time or couldn't sleep.
By the way, do not send me private message, use the "contact us" form instead.
The following user(s) said Thank You: MadMan

Please Log in or Create an account to join the conversation.

  • Posts: 33
  • Thank you received: 0
10 years 3 months ago #166194

Hi Jerome,
Thank you for your explanation.
If I had known this I would have set out onthis project in a much different way.
Could you PLEASE attach this information to the iVeri plugin so that other potential users can know this pitfall. In todays age of credit card fraud the method is not useable.
Could you suggest a fast, effecient developer that will create a plugin for the VSC payment gateway ?
Regards
Brian

Engine Monitoring and Performance Systems

Please Log in or Create an account to join the conversation.

  • Posts: 82868
  • Thank you received: 13376
  • MODERATOR
10 years 3 months ago #166202

Hi,

Actually, it's the opposite. The fact that we developed it this way makes it more secure provided that you set a SSL certificate on your server which only costs a few bucks each year (it will display the security seal on your website once you configure it). So it's not a pitfall but actually a good point of the plugin we developed for iVeri.
With the way the iVeri API is done, using the VSC payment gateway in the normal way makes the process insecure as anyone can confirm the orders on your website without paying for them by just calling the correct URL. So I wouldn't recommend doing it (even your current website is vulnerable to that).
Our partners can develop such payment plugin. I would recommend that you send them a quote request:
www.hikashop.com/home/our-partners.html

Please Log in or Create an account to join the conversation.

Time to create page: 0.063 seconds
Powered by Kunena Forum