Announcement

Collapse
No announcement yet.

WorldPay Upgrade

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #76
    Hello,

    Not sure if this is related or not?

    We were upgraded several weeks ago, seemingly without any issues. However in the last few days we have become aware (via customer complaints) of two situations where customers have had payments processed by Worldpay but we have not received an order in any way or form.

    Only by taking details from the customer and checking our Worldpay account have we found the transactions, this is clearly not a great place to be.

    Actinic Version 8.5.0.0.0.0 hbka

    Any thoughts?

    Cheers,

    Frenchy.
    www.likeys.com

    Comment


      #77
      Hi,

      Do you receive any errors when downloading? Have you checked if the orders have gone into the 'Pending Payment Service Provider' tab?
      ********************
      Tracey
      SellerDeck

      Comment


        #78
        WorldPay Security

        Hi,
        We were looking into the WorldPay security today and noticed that a client can change the address when they are in the WorldPay side of things.
        So ... If a fraudster put his/her delivery address in the V8 cart side of things we would of course deliver to this address once we have the all clear from WP.
        The WP result would be based on the address THEY get sent to them, so if the "fraudster" put the billing address in on WP side it would give the all clear and we would ship the goods. Of course we do not cross reference the addresses with the WP transaction reports all the time so here we have a security issue.
        WP say that a parameter can be placed in the code sent to them each time and here it is:
        fixContact
        hideContact
        with a value of true, so Actinic would need to pass across:
        <input type="hidden" name="fixContact" value="true">
        <input type="hidden" name="hideContact" value="true">

        Has anyone used this?
        If so where does it go?

        Any help with this would be great.

        Comment


          #79
          with a value of true, so Actinic would need to pass across:
          <input type="hidden" name="fixContact" value="true">
          <input type="hidden" name="hideContact" value="true">
          Our developers have had a look at this and I'm afraid that because we have a customised integration with Worldpay these parameters will not work. We are contacting WorlPay to see if they can stop the customer from changing the address on their side. I'll post back as soon as I have an answer.
          ********************
          Tracey
          SellerDeck

          Comment


            #80
            Originally posted by Darren B
            hey were did that post go
            what post?
            don't know what you mean
            Tracey

            Comment


              #81
              I think you have lost it today Tracey, probably all those support tickets

              Comment


                #82
                Call from WorldPay today.

                Originally posted by TraceyG
                Our developers have had a look at this and I'm afraid that because we have a customised integration with Worldpay these parameters will not work. We are contacting WorlPay to see if they can stop the customer from changing the address on their side. I'll post back as soon as I have an answer.
                Hi,
                have you any news from WorldPay on this issue?
                We are still getting fraudsters trying to exploit this loop hole in WP/Actinic security.

                Regards
                Peter

                UPDATE:
                Just been talking to WorldPay about this and they tell me the extra code needed from the Actinic cart is a simple thing to add. . . i will quote what they said "Actnic must not be interested in your business" if they cannot add this code for you or tell you how to do it. They (WorldPay) cannot "By default" hide the address/Post code, so an option or piece of code is required from the Actinic cart data. This is a security issue so prompt attention is required i would think.
                Last edited by PeterM; 01-May-2008, 12:37 PM. Reason: More information gained.

                Comment


                  #83
                  The initial responses from Worldpay are suggesting that their integration with us mean that mean that those parameters will not work. We are, however, still trying to find out if there is anything we can do about this.
                  ********************
                  Tracey
                  SellerDeck

                  Comment


                    #84
                    Okay thanks.

                    Peter

                    Comment


                      #85
                      After numerous discussions with WorldPay, we finally have a solution. Please try the following:

                      - open the 'Sites'\Sitename\CommonOCC\OCCWorldPayScriptTemplate.pl' file in a text editor such as notepad (take a backup of the file first)
                      - search for:

                      Code:
                      $sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=\"USERDEFINED\" VALUE=\"" . $::InvoiceContact{USERDEFINED} . "\">\n";
                      - insert the following lines directly after the above:

                      Code:
                      $sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=\"country\" VALUE=\"" . uc($sCountryCode) . "\">\n";
                      $sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=\"address\" VALUE=\"" . $::InvoiceContact{ADDRESS1} . "\">\n";
                      $sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=\"email\" VALUE=\"" . substr($::InvoiceContact{EMAIL}, 0, 80) . "\">\n";
                      $sHiddenValues .= "<INPUT TYPE=HIDDEN NAME=\"fixContact\" VALUE=\"TRUE\">\n";
                      - save and close the file
                      - update your site

                      The customer then shouldn't be able to amend the address on the Worldpay site.
                      ********************
                      Tracey
                      SellerDeck

                      Comment


                        #86
                        Pending Payment Service Provider issues

                        Hi guys,

                        I know that this is a long thread but we have it issues with the Worldpay upgrade with orders being sent to 'Pending Payment Service Provider'.

                        There has been the odd one but over the past few days 40% have had payments taken but ended up in the 'Pending Payment Service Provider' status.

                        Our upgrade happened in February, we are running V7.0.7.0.0.0.HCFA on a Window Fasthost Server. I have seen the issues with Fasthost on other threads, so there may be other issues as well (having trouble uploading too that is another story).

                        We have check with Worldpay the callback log and they have come back with this:

                        mm1imspsp7/MsgService.out.mm1imspsp7.20080722:MsgService.out: [2008-07-22 12:43:32.637 (msg2Conn6-371411)] TRANSID: 14637xxxxx
                        mm1imspsp7/MsgService.out.mm1imspsp7.20080722:MsgService.out: [2008-07-22 12:43:32.785 (msg2Conn6-371411)] --- No logfile for callback failure: 22/07/2008 12:43:32,1463704690,JS11YS1xxxx89,67211,Request failed CAUSED BY invalid HTTP status line: >null< ---
                        So for this transaction which went to the 'Pending Payment Service Provider' as it recieved a callback or was it blocked indicated by
                        Request failed CAUSED BY invalid HTTP status line
                        or is that relating to the fact that there is not log so it has failed and the callback was sent and recieved.

                        We have spoken to fasthost but they have not been very helpful.

                        Any pointers to help with this I would be very greatful.

                        Would it be possible that the problem transactions happen on a different Worldpay server to the successful ones, anyway any help would be excellent.

                        Thanks
                        Mash

                        Comment


                          #87
                          Hi Mash,

                          Looking at the log you have posted:

                          No logfile for callback failure:
                          This suggests to me that there was a problem with the callback but no logfile was created because:

                          Request failed CAUSED BY invalid HTTP status line:
                          You would really have to clarify that with Worldpay though as it is their log.

                          The only reason that an order will go into the Pending PSP tab is because their is no callback file on your server (in the format of 'ordernumber.occ') for that order. This can be caused by:

                          1. Worldpay not sending the callback
                          2. internet problem somewhere between Worldpay's server and your server
                          3. you server blocking the callbacks

                          From the log, I would guess at no 1 otherwise their logs wouldn't record a problem. So you should check with them as to why the callbacks are failing.
                          ********************
                          Tracey
                          SellerDeck

                          Comment


                            #88
                            Thanks Tracey for your reply, we are still having issues with it and have not nailed down what is causing it, Worldpay, the hosting company (Fasthost) or a combination of both! Neither have been too helpful on the matter.

                            We are seeing what orders have come in over the weekend and if any become allocated to PSP pending.

                            Has anyone else had a problem with Worldpay recently?

                            We are thinking of moving from the Fasthost Windows server to their Linux ones, have seen the postings on too many issues regarding that so slightly nervous, do not want all the wheels to fall off the bus!!

                            Any thoughts I would be grateful to hear. Thanks Mash
                            Mash

                            Comment


                              #89
                              Could this still be a problem in v11.0.2?

                              Hi

                              Have a similar looking problem, "An error occurred while reading PSP Auth..." and then orders which had successfully completed at WorldPay came down from the server as "CC Details sent separately" with "Waiting for CC details".

                              WorldPay is in production/pre-authorise

                              Many thanks, Dan
                              adaptive-image.co.uk

                              Comment


                                #90
                                Hi there,

                                We had a more recent problem with Worldpay (we did move our hosting to ee-scape which has been excellent but that is another story).

                                Worldpay wasn't working properly, can't remember the error message. But we had move from v9 to SD13, there is a different length code between the two versions issued by Worldpay. I just contacted them and they gave me a new good and it was sorted.

                                I am sorry post is not very helpful, I am doing it way from my office and any notes.

                                Thanks M
                                Mash

                                Comment

                                Working...
                                X