Announcement

**leehack** · 07-Apr-2008, 02:50 PM

Succesfully operating actinic store + godaddy hosting = rocking horse sh1t.

**pnagames** · 07-Apr-2008, 03:20 PM

Sean

we have an ssl applied to our checkout stages. then customer is either moved to hsbc or paypal for payment which they have their own ssl's as far as i know

if the SSL is only �15 i would not purchase it

reputable providers charge on the �100 mark i think

i would reccomend that you talk to your hosts and see which one they provide / recommend

**sean_jackson** · 07-Apr-2008, 03:46 PM

OK, to quote actinic telephone support: "An SSL certificate is not needed for HSBC secure E payments" as the customer is taken away from your site, which I knew was the case. I do realise the worth and flexiblility of having a certificate for Paypal services and general flexibility etc but this is good news is it not?

Lee: is this not your experience when implementing HSBC within a cart - as I remember reading you were quite happy with their service?

best wishes. Sean

**leehack** · 07-Apr-2008, 04:19 PM

There are differing views of course, however I believe in only securing pages where credit card info is being provided. Anything else the customer provides, is information available from a number of different public domains anyway. I would not setup SSL when i setup HSBC unless a client has a longing to do so. SSL as a backup payment method is not really a viable solution any more, so you are solely securing the address-providing screen with SSL.

**guccij** · 07-Apr-2008, 04:21 PM

Personally I wouldn't touch HSBC with a barge pole and yes, I would get an SSL from a *reputable* host.

HSBC failed again this afternoon, for those who are wondering why there is a hole in their orders.

Apparently it's working again now but who knows for how long.

Thankfully I no longer use them as my main card processor - I learned my lesson back in January.

**pinbrook** · 07-Apr-2008, 04:51 PM

Personally I wouldn't touch HSBC with a barge pole and yes, I would get an SSL from a *reputable* host.

securing your checkout with SSL only is NOT the way to go as you will not be PCI compliant.

and in answer to the OP - no SSL is not required for HSBC, when using HSBC you are bounced back to Actinic SSL thus providing the link to HSBC via SSL - you do not need your own.

**RuralWeb** · 07-Apr-2008, 04:52 PM

Also I have looked for recent setup info for HSBC but not found v much here

There is loads on the forum including a step by step setup guide.

**guccij** · 07-Apr-2008, 04:56 PM

Originally posted by pinbrook

securing your checkout with SSL only is NOT the way to go as you will not be PCI compliant.
and in answer to the OP - no SSL is not required for HSBC, when using HSBC you are bounced back to Actinic SSL thus providing the link to HSBC via SSL - you do not need your own.

Sorry to go over old ground, and at the risk of going further OT, but I understood that if you used a processor such as HSBC or Protx or whatever, the PCI compliance issue was irrelevant so long as you are not capturing the details yourself.

**leehack** · 07-Apr-2008, 04:59 PM

Originally posted by guccij

Sorry to go over old ground, and at the risk of going further OT, but I understood that if you used a processor such as HSBC or Protx or whatever, the PCI compliance issue was irrelevant so long as you are not capturing the details yourself.

Exactly and that is exactly what Jo is implying, i think you read her post wrongly. If you use HSBC or PROTX for example and you have SSL, all you are securing is the address providing screen in reality and you don't even have to do that.

**sean_jackson** · 07-Apr-2008, 05:35 PM

thanks for the feedback - I'm clearer on the SSL situation now - my client has good (in shop) CC history with HSBC so he's happy to to move forward with them, and this may be reflected in his % charges as time moves on, but if their service is poor he can vote with his feet. As it's a start up it's probably a better environment to test with instead of an established online
business.

regards. Sean

**grantglendinnin** · 07-Apr-2008, 05:52 PM

We've had quite a few number of customers who are more than security-conscious and refused to enter their details - personal details, not CC - unless the 'encryption' logo is shown in the web browser. So, in those terms, you could be losing out on over-protective customers.

**guccij** · 07-Apr-2008, 06:06 PM

Originally posted by grantglendinnin

We've had quite a few number of customers who are more than security-conscious and refused to enter their details - personal details, not CC - unless the 'encryption' logo is shown in the web browser.

Same here. Having the Postcode Anywhere add-in is a bit of a pain in this respect, but only for those few paranoid androids out there.

**Darren B** · 08-Apr-2008, 07:32 AM

The biggest problem is the hype on the TV about security of your details, people that dont understand are confusing people about security and personal details, it is not supprising people panic.

Basics in 3 simple lines

If you want an SSL and use Protx, HSBC e.t.c then you can - would i NO
If you capture card details with actinic you will NOT be compliant
PSP is the only real way forward

D

**guccij** · 08-Apr-2008, 07:39 AM

Unfortunately, if you're using HSBC (with SSL or otherwise), your site won't be doing anything today. The system is down

Announcement

HSBC E secure payments - SSL still needed?

HSBC E secure payments - SSL still needed?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment