Announcement

Collapse
No announcement yet.

Why does my shop bounce to https://secure.actinicsecure.com before getting to HSBC?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Why does my shop bounce to https://secure.actinicsecure.com before getting to HSBC?

    Hello
    I've setup Actinic to use HSBC secure ePayments which is working fine, except that before the shop transfers the user to HSBC it momentarily visits https://secure.actinicsecure.com/cgi-bin/is_main.pl

    I can't see any reason why that is needed so is it normal? how can I prevent it?

    (History. In case it's relevant, I originally setup the trial version using the Actinic site, and upgraded that to the full version, and my "web username" in the housekeeping, security, still begins with "trial")

    Best Regards,
    Derek

    #2
    Originally posted by Dex
    Hello
    I've setup Actinic to use HSBC secure ePayments which is working fine, except that before the shop transfers the user to HSBC it momentarily visits https://secure.actinicsecure.com/cgi-bin/is_main.pl

    I can't see any reason why that is needed so is it normal? how can I prevent it?


    Best Regards,
    Derek
    As far as i know that is the correct and how it should work.

    (History. In case it's relevant, I originally setup the trial version using the Actinic site, and upgraded that to the full version, and my "web username" in the housekeeping, security, still begins with "trial")
    I don't know

    Comment


      #3
      As far as i know that is the correct and how it should work.
      It is - Actinic passes shopping data through the Actinic servers before going to the HSBC site - some days its more obvious than others but there is no way round it that I know of.

      Comment


        #4
        Originally posted by RuralWeb
        It is - Actinic passes shopping data through the Actinic servers before going to the HSBC site - some days its more obvious than others but there is no way round it that I know of.
        I suspect it does this to get round the insistance by HSBC that all sites come to them from a secure socket, this in turn clarifies old discussions that have happened here in the past over whether you need an SSL cert in addition to using HSBC as PSP.

        HSBC have told peeps that they need SSL cert, where in fact they don't as Actinic takes care of the requirement by behaving in the above manner.

        Phew i hope thats clear.

        Comment


          #5
          Thank you for the replies.

          I'm very disappointed to learn that's the way it should be. I don't like the idea that all my web sales are sent to actinic first. I don't see any reason why it's needed and it just seems to be a possible failure point and a security risk in the process.

          I run my shop on a dedicated server so any processing that needs to be done should be done on my own server before it goes to HSBC.

          Best Regards,
          Derek

          Comment


            #6
            I don't see any reason why it's needed
            Its all to do with the psp integration - perhaps chris will tell us more

            Comment


              #7
              Originally posted by pinbrook
              I suspect it does this to get round the insistance by HSBC that all sites come to them from a secure socket, this in turn clarifies old discussions that have happened here in the past over whether you need an SSL cert in addition to using HSBC as PSP.
              HSBC have told peeps that they need SSL cert, where in fact they don't as Actinic takes care of the requirement by behaving in the above manner.
              I think this reply came in while I was typing my last one so I didn't see it. Yes, that makes sense for sites without SSL, so hopefully there is a way to change it as my site has its own SSL certificate and my cart is SSL

              Best Regards,
              Derek

              Comment


                #8
                Originally posted by Dex
                I think this reply came in while I was typing my last one so I didn't see it. Yes, that makes sense for sites without SSL, so hopefully there is a way to change it as my site has its own SSL certificate and my cart is SSL

                Best Regards,
                Derek
                OK, but can you get HSBC to add you to their list of trusted sites that are named on the connection server? This is what Actinic is providing you - trusted connection access.
                Bill
                www.egyptianwonders.co.uk
                Text directoryWorldwide Actinic(TM) shops
                BC Ness Solutions Support services, custom software
                Registered Microsoft™ Partner (ISV)
                VoIP UK: 0131 208 0605
                Located: Alexandria, EGYPT

                Comment


                  #9
                  Originally posted by wjcampbe
                  OK, but can you get HSBC to add you to their list of trusted sites that are named on the connection server? This is what Actinic is providing you - trusted connection access.
                  HSBC gave me a merchant post url, so I'd say yes, they will allow my server to post to their CPI

                  Best Regards,
                  Derek

                  Comment


                    #10
                    I have to agree with Dex on this. Why would HSBC say you need to have SSL in order to connect to their server if they weren't going to allow you to make the connection?

                    It sounds to me like Actinic has put in the redirect to make it work for people without SSL but haven't included the option to bypass it.

                    Maybe Actinic would care to explain?

                    Mike
                    -----------------------------------------

                    First Tackle - Fly Fishing and Game Angling

                    -----------------------------------------

                    Comment


                      #11
                      It's true that HSBC require a secure server, but we don't want to have to require our customers to get an SSL certificate, just to make a payment via HSBC - so we provided the intermediate server. There is also some formatting of the information I believe, but I'm a bit hazy on the details.

                      Comment


                        #12
                        There is also some formatting of the information I believe
                        There is - it went a bit tits up a while back so there may be problems doing it yourself. The way it currently works is very good IMO but its nice to know you can go the DIY route.

                        Comment


                          #13
                          we don't want to have to require our customers to get an SSL certificate, just to make a payment via HSBC - so we provided the intermediate server
                          I can see how that would be helpful to someone who didn't have SSL, but it would be nice for people with SSL to have the option to avoid having all orders pass through Actinic servers on their way to the payment processor

                          Best Regards,
                          Derek

                          Comment


                            #14
                            I'm afraid all I can do is add this one to the wish list for you.

                            Comment

                            Working...
                            X