Announcement

**pinbrook** · 17-Aug-2006, 11:29 AM

How do you take payment?

is you are using a PSP you do not additionally need an SSL cert. If you download orders and process them manually you should have a cert. Contact your host to ask them about it

**Martin** · 17-Aug-2006, 01:25 PM

I do use a PSP, WorldPay now ST as well as PayPal. So I understand payment is secure, but the comments have been made about the name and address form, before my site goes off to the PSP.

Having been a victim of fraud before, I know all you need is a current name and address, and it looks like Actinic provides this.

Martin

**Seethapathy** · 22-Aug-2006, 12:27 AM

Hi Martin,

I've had a few instances of problems with initiating transfer to the PSP's server from a secure platform(https//..).

To use the SSL tab that appears in the Network settings window, you will have to fill in the secure server details (signed up with the hosting company)or run the wizard to configure the settings for the 'secure' bit of the server. Also further details about setting up the SSL, based on the server setup at host's end, is available here.

**pinbrook** · 22-Aug-2006, 09:38 AM

Having been a victim of fraud before, I know all you need is a current name and address, and it looks like Actinic provides this.

whilst not really understanding what this above line means, adding SSL to the page that collects cusomername/address is not going to prevent fraud.

The address given here is freely available to anyone, ie electoral roll etc, SSL is there to encrypt CC info

**Donna Kempster** · 22-Aug-2006, 11:47 AM

Originally posted by Martin

I am with 1and1, does anyone have any experience with them regarding this query?

Martin

We are with 1&1 and set up our secure cert with them but we process offline. Anyway I just went onto 1&1 customer account maint. and went to the ssl section and went through the process to apply for the cert. It took a couple of weeks to go through the system. Theres a minimal monthly charge but some packages come with a secure cert as standard. Not sure if this helps you would have though your payment provider should have a shared cert for you to use?

**scsishop** · 22-Aug-2006, 03:33 PM

My advice would just be pay actinic 100� + VAT and you get a secure checkout page on actinics server , then you put the card numbers through your termainal as normal

Then all you have to do is select actinic shared SSL and enter your actinic number and sorted, works great for us

Thanks

Gavin

www.kernelpower.co.uk

**pinbrook** · 22-Aug-2006, 03:46 PM

For Martin's situation I would not recommend actinic shared SSL or any other form of shared SSL as this just compounds the number of bounces off the original site in order to process a CC

Marin just wants to additionally encrypt the 1st checkout page, if he goes down the route of adding a shared SSL provider, the customer will go from the original site, to the shared provider, then to the PSP then return to the original site.

**scsishop** · 22-Aug-2006, 06:29 PM

ok , sounds good , you obviously know more than me as in reality im just a pup at this sort of stuff , but thats what i like about the forum , alot of clever ppl on here

www.kernelpower.co.uk

**Jan** · 22-Aug-2006, 07:30 PM

I thought that the purpose of having SSL on the address pages was to encourage people to enter their own names and addresses, some people don't like to enter this info if the golden padlock isn't visible, so it is more of a giver of warm fuzzy website feelings than an actual security measure on this sort of page. If this is true then it might depend what you are selling as to whether it is worth bothering with, as a seller of Actinic plugins there is little point but as a seller of health products maybe there is.

Regards,

**los_design** · 23-Aug-2006, 07:43 AM

With regards SSL we are currently in discussion with one of our clients who wishes to have the whole site SSL (after log in), nice and easy to implement (not)...watch for the topic to begin on an actinic forum near you soon

But with regards to this topic, SSL Certs can add that 'warm feeling' as Jo states above and on the addy page it really would depend on your market (once again as above).

We have clients who offer both PSP and Shared SSL, PSP only and shared only, and to be honest, all work well and there seems to be no major differential in customer confidence.

So, no PSP, shared SSL is fine on checkout, PSP in place, status quo, no add-on spend needed. IMHO

Regards
Daren

**Martin** · 24-Aug-2006, 02:50 PM

Thanks for replies everyone.

Jo, Encrypting the Customer’s name and address details will not necessarily prevent fraud I know, but customers have left comments about it, and if this information is intercepted it can be used. As I had mobiles phones bought in my name sent to another address, with made up bank account details, they made up my birthday also, but that didn’t stop me getting invoices to my home address.

So I can understand their concerns, and as Jan says, I reckon it is a lot to do with the “warm feeling” that it is secure to the regular punter, who just wants to buy a printer cartridge.

Donna, I found the necessary links on the 1&1 control panel, (its free on my package) and after confirming its gone quiet. I did that Monday, and its good to know yours took a couple of weeks, so I’ll keep waiting.

**berryhill** · 24-Aug-2006, 09:29 PM

Originally posted by Jan

I thought that the purpose of having SSL on the address pages was to encourage people to enter their own names and addresses, some people don't like to enter this info if the golden padlock isn't visible

How can I capture these names/adress details within the SSL/Padlocak area??? currently like many users its only on the credit card page and that warm feeling it what the client is after due to comments when ordering

Andy

**Sally Dickson** · 24-Aug-2006, 09:48 PM

Trials and Tribulations

I am setting up SSL on 1and1 and at the present time we are having difficulties getting the CGI_BIN to work, but Support are helping me sort it out.

I have four shops on the same shared server and 1and1 suggested I set-up a domain and directory:

secure.creativecatalogues.co.uk

/secure
and within that directory:

/secure
../wookie
../fop
../tom
../miffy

representing all my shops.

The nice thing about this is that when customers go to enter their details the address line in Internet Explorer reads: Http://secure.creativecatalogues.co.uk, which I can't help thinking is a nice advert for the parent company.

Well it will be when I get it working...

I'll have another go at getting the server to reckonise the cgi-bin and continue.

BTW if you tick SSL and your SSL is not correctly working your entire shopping cart is shot to pieces. I found this out the hard way, The Wookieshop was down for four days before a customer emailed me: 'What was goin' on?'

Go forth and have fun!

**los_design** · 25-Aug-2006, 07:38 AM

Our clients use our actinic hosting packs and to set up the ssl for checkout and login in is just a case of 'switching on' via your Business Settings | Payment & Security

Ahh, good old one and one

. If your problems are with the cgi-bin check with them and see what the default permissions are set to. This is a common fault of many non-actinic specialist hosts.

Regards
Daren

Announcement

How do you setup SSL?

How do you setup SSL?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment