Announcement

**paulbeckett** · 26-Sep-2007, 08:14 AM

Hi

I'm talking to Actinic Support about this also but I thought I would pass through futher information.

Worlpay are asking for the HIDDEN parameter named: fixContact with a value to true to be passed through to them in the same way as any other parameter would be (such as Amount).

Has anyone done this before?

This prevents fraudsters from changing the billing name and address on Worldpay to be different from the billing name and address on Actinic. Therefore it removes the need to cross reference the two invoices and reduces a big fraud risk.

Paul

**pinbrook** · 26-Sep-2007, 09:15 AM

Good pick up Paul, please keep us informed....

**paulbeckett** · 26-Sep-2007, 11:53 AM

Thanks.

This is a major thing for us becuase we do manual checks on suspect orders... we have been really good at keeping fraud to a near mimimum. Plus the few that have slipped through have been covered by WorlPay's excellent guarantee.

But the loophole above allows a fraudster to make it look like the billing/card address is the same as the delivery address. This would be considered lower risk of fraud. But of course the real billing address may be different and an additional manual check is required. I want to irradicate this manual check.

I will keep you all posted on my discussions with Actinic. But I'm sure this must be possible.

Paul

**paulbeckett** · 27-Sep-2007, 08:36 AM

Hi all

Response from Actinic support attached... this closes down a big security hole to reduce the work reqiured in stoping fraudsters...

Hi,

OK, using the following document as a guide:-

http://support.worldpay.com/integrat.../invig_47.html

Locate the file: -

OCCWorldPayScriptTemplate.pl

you will find it in the 'CommonOCC' folder underneath the site folder.

Open this in a plain text editor such as 'notepad' (with 'Word Wrap'
switched off)

Search for: -

end of the transaction specific details

and just before those comments, put in the following:

$sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=fixContact VALUE=1>";

and save and close the file.

You will need to run the command 'Web | Refresh Website' to upload the changes to the site.

I haven't tested this yet as I'm not in the office until tommorow but thought it might come in handy for alot of you.

Paul

**4children2enjoy** · 19-Apr-2010, 09:20 AM

Does it work?

This would seem a very useful update from 2007 to reduce possible fraud. Two questions:
1. Has anyone now implemented this update, and found that it works well with no major downside?
2. If so, why is it not included as a parameter-driven option within Actinic?

**guccij** · 19-Apr-2010, 09:42 AM

Intrigued as to why you've waited nearly three years to ask this?

**Mike Hughes** · 19-Apr-2010, 10:41 AM

I haven't tried this as I don't use WorldPay, but in answer to:

2. If so, why is it not included as a parameter-driven option within Actinic?

In my view that would seem a bit of overkill just to add one line to the payment file.

Mike

**4children2enjoy** · 26-Apr-2010, 02:29 PM

Answers

In answer to your questions:
1. Although I noticed this post soon after it was entered, I have only just responded to it because it has only recently become an issue for us.
2. The big advantage of Actinic including a parameter for this is that they would then have to test it and support it!

Announcement

Extra parameter for WorldPay

Extra parameter for WorldPay

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment