Announcement

**pinbrook** · 02-Nov-2007, 12:57 PM

Originally posted by Dex

Hello
I've setup Actinic to use HSBC secure ePayments which is working fine, except that before the shop transfers the user to HSBC it momentarily visits https://secure.actinicsecure.com/cgi-bin/is_main.pl

I can't see any reason why that is needed so is it normal? how can I prevent it?

Best Regards,
Derek

As far as i know that is the correct and how it should work.

(History. In case it's relevant, I originally setup the trial version using the Actinic site, and upgraded that to the full version, and my "web username" in the housekeeping, security, still begins with "trial")

I don't know

**RuralWeb** · 02-Nov-2007, 01:23 PM

As far as i know that is the correct and how it should work.

It is - Actinic passes shopping data through the Actinic servers before going to the HSBC site - some days its more obvious than others but there is no way round it that I know of.

**pinbrook** · 02-Nov-2007, 02:13 PM

Originally posted by RuralWeb

It is - Actinic passes shopping data through the Actinic servers before going to the HSBC site - some days its more obvious than others but there is no way round it that I know of.

I suspect it does this to get round the insistance by HSBC that all sites come to them from a secure socket, this in turn clarifies old discussions that have happened here in the past over whether you need an SSL cert in addition to using HSBC as PSP.

HSBC have told peeps that they need SSL cert, where in fact they don't as Actinic takes care of the requirement by behaving in the above manner.

Phew i hope thats clear.

**Dex** · 02-Nov-2007, 02:34 PM

Thank you for the replies.

I'm very disappointed to learn that's the way it should be. I don't like the idea that all my web sales are sent to actinic first. I don't see any reason why it's needed and it just seems to be a possible failure point and a security risk in the process.

I run my shop on a dedicated server so any processing that needs to be done should be done on my own server before it goes to HSBC.

Best Regards,
Derek

**RuralWeb** · 02-Nov-2007, 02:35 PM

I don't see any reason why it's needed

Its all to do with the psp integration - perhaps chris will tell us more

**Dex** · 02-Nov-2007, 02:38 PM

Originally posted by pinbrook

I suspect it does this to get round the insistance by HSBC that all sites come to them from a secure socket, this in turn clarifies old discussions that have happened here in the past over whether you need an SSL cert in addition to using HSBC as PSP.
HSBC have told peeps that they need SSL cert, where in fact they don't as Actinic takes care of the requirement by behaving in the above manner.

I think this reply came in while I was typing my last one so I didn't see it. Yes, that makes sense for sites without SSL, so hopefully there is a way to change it as my site has its own SSL certificate and my cart is SSL

Best Regards,
Derek

**wjcampbe** · 02-Nov-2007, 04:02 PM

Originally posted by Dex

I think this reply came in while I was typing my last one so I didn't see it. Yes, that makes sense for sites without SSL, so hopefully there is a way to change it as my site has its own SSL certificate and my cart is SSL

Best Regards,
Derek

OK, but can you get HSBC to add you to their list of trusted sites that are named on the connection server? This is what Actinic is providing you - trusted connection access.

**Dex** · 03-Nov-2007, 12:51 PM

Originally posted by wjcampbe

OK, but can you get HSBC to add you to their list of trusted sites that are named on the connection server? This is what Actinic is providing you - trusted connection access.

HSBC gave me a merchant post url, so I'd say yes, they will allow my server to post to their CPI

Best Regards,
Derek

**Mike Hughes** · 05-Nov-2007, 09:44 AM

I have to agree with Dex on this. Why would HSBC say you need to have SSL in order to connect to their server if they weren't going to allow you to make the connection?

It sounds to me like Actinic has put in the redirect to make it work for people without SSL but haven't included the option to bypass it.

Maybe Actinic would care to explain?

Mike

**cdicken** · 05-Nov-2007, 05:25 PM

It's true that HSBC require a secure server, but we don't want to have to require our customers to get an SSL certificate, just to make a payment via HSBC - so we provided the intermediate server. There is also some formatting of the information I believe, but I'm a bit hazy on the details.

**RuralWeb** · 05-Nov-2007, 05:29 PM

There is also some formatting of the information I believe

There is - it went a bit tits up a while back so there may be problems doing it yourself. The way it currently works is very good IMO but its nice to know you can go the DIY route.

**Dex** · 05-Nov-2007, 11:00 PM

we don't want to have to require our customers to get an SSL certificate, just to make a payment via HSBC - so we provided the intermediate server

I can see how that would be helpful to someone who didn't have SSL, but it would be nice for people with SSL to have the option to avoid having all orders pass through Actinic servers on their way to the payment processor

Best Regards,
Derek

**cdicken** · 06-Nov-2007, 09:28 AM

I'm afraid all I can do is add this one to the wish list for you.

Announcement

Why does my shop bounce to https://secure.actinicsecure.com before getting to HSBC?

Why does my shop bounce to https://secure.actinicsecure.com before getting to HSBC?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment