Not true. Quick Checkout is way of paying without leaving website.[/QUOTE]
I am sorry, where did you find this information?
I talked with a Moneybookers representative today and she confirmed that the Quick Checkout had 2 ways of integration - the first one was used in CS-Cart (your customers are taken to www.moneybookers.com to pay) and the second one was displaying the same Moneybookers payment form in an IFRAME on your website.
The second way is more complex for integration into CS-Cart and have a limitation. In order to show this payment form on the last checkout page/step CS-Cart should send a request to the Moneybookers server, but the order is not created in CS-Cart at this time, so CS-Cart cannot send the order ID within the request. After the customer completes his payment in the embedded IFRAME, Moneybookers redirects him to the CS-Cart order landing page. CS-Cart creates an order in its database a moment before displaying the landing page.
Thus, you will be able to see this payment in your Moneybookers merchant panel, but the CS-Cart order ID will be missing in its details. Unlikely, you will be able to recognize this payment even in several days (if you have a lot of orders every day). The situation becomes worse, if you use the same Moneybookers account for accepting payments on several websites that use IFRAME.
Anyway, we are planning to add this way of integration to one of the nearest CS-Cart releases.
Thank you for the clarification. You can read on the same page that it has “multiple integration options”.
Moreover, if you display a payment form on your own website, it will be required to certify the whole website to make it PCI-DSS compliant. If your customers are taken to moneybookers.com (paypal.com, 2checkout.com, etc) to pay, you do not have to do it.
Moreover, if you display a payment form on your own website, it will be required to certify the whole website to make it PCI-DSS compliant. If your customers are taken to moneybookers.com (paypal.com, 2checkout.com, etc) to pay, you do not have to do it.
[/quote]
Almost every merchant that uses cs-cart qualifies for “self certification” given the volume of transactions they do. We rely upon cs-cart for PCI compliance in he code/database assuming the server and the hosting environment is PCI compliant.
[quote name=‘kogi’]Did the jquery update make it into this version? or has is slipped?
kogi[/quote]
No, it was skipped, they are still working on it, hopefully we’ll see it in the next version. They needed to get some bug fixes issued into the next release, so it was good they pushed this up.
[quote name=‘tbirnseth’]Almost every merchant that uses cs-cart qualifies for “self certification” given the volume of transactions they do. We rely upon cs-cart for PCI compliance in he code/database assuming the server and the hosting environment is PCI compliant.[/QUOTE]
Sure, we take into account the PCI requirements.
I hope, the following information can be helpful for everyone who plans to be PCI certified:
Also, as I understand this process, once a Qualified Security Assessor audited you (merchant) that included the audit of everything you had on your server (shopping cart software and any other programs you might have had), you are not allowed to change anything in the source code of these programs (you are not an expert and cannot guarantee that the new change will keep the software security). I do not know if it is allowed to change at least a CSS file No software upgrades, nothing (what about adding new products to the database?).
So, if you have changed something, it is required to be audited and pay a whole lot of money once again (though I may be mistaken).
And all that super security fails when a computer virus stoles your very complex password (it cannot be memorized) from your desktop…
So, from my point of view, the PCI Security Standards are a good idea, but not a cure-all.
There are exclusions for sites that process < 20,000 (I think that’s the number) of CC transactions per year. You can achieve certification by doing a Q&A “self assessment”. Your merchant account provider can usually assist you with this. Mine provided it free for a while. Now, I think there is a small charge for the 3rd party service that conducts the survey and generates a certificate of certification upon completion. However, hosting providers may have more stringent requirements such as no SSH access to a certified server. But again, this is based on the combined transaction totals for a “system”.
I talked with a Moneybookers representative today and she confirmed that the Quick Checkout had 2 ways of integration - the first one was used in CS-Cart (your customers are taken to www.moneybookers.com to pay) and the second one was displaying the same Moneybookers payment form in an IFRAME on your website.
The second way is more complex for integration into CS-Cart and have a limitation. In order to show this payment form on the last checkout page/step CS-Cart should send a request to the Moneybookers server, but the order is not created in CS-Cart at this time, so CS-Cart cannot send the order ID within the request. After the customer completes his payment in the embedded IFRAME, Moneybookers redirects him to the CS-Cart order landing page. CS-Cart creates an order in its database a moment before displaying the landing page.
Thus, you will be able to see this payment in your Moneybookers merchant panel, but the CS-Cart order ID will be missing in its details. Unlikely, you will be able to recognize this payment even in several days (if you have a lot of orders every day). The situation becomes worse, if you use the same Moneybookers account for accepting payments on several websites that use IFRAME.
Anyway, we are planning to add this way of integration to one of the nearest CS-Cart releases.
Thank you for your patience and understanding.[/QUOTE]
Does this mean that we can use their IFRAME functionality with the newest version of CSCart? I dont mind having to match up orders until thats fixed. I just want to be able to use Moneybookers without my customers having to leave my site, it leads to too many abandoned shopping carts.
You need to check the FTP account options entered for the upgrade center.
Open the “Upgrade center” page of your CS-Cart admin panel, click on the “settings” link on the page and check the values in the “FTP server options” section. In the “Directory” field should be the name of the directory on your server where your CS-Cart is installed. For example, if your CS-Cart is installed in the “store” directory, you should enter “/store” in the mentioned field.
Added suggestion… Only use the FTP settings as a last resort. Your server may use different users for PHP and FTP. Hence you might have ownership issues which is why CS-cart blindly recommends 777/666 permissions on files. If you don’t have to use FTP, don’t. Use http instead.
[quote name=‘stevethompson’]The upgrade instructions say to enter “/public_html/”, my store is in the root directory. Is that not correct? Should I use “/”
Thanks, STeve.[/QUOTE]
It depends on the fact how the things are organized on your server. Please use the FTP access you entered on the “Upgrade center settings” page to connect to your server using some FTP agent (e.g. FileZilla) and check whether you need to enter some directory to see your CS-Cart files.
If yes, you should enter its name in the corresponding field. It may be “/public_html” or “/web” or something like that.
If you do not need to enter any directory and can see CS-Cart files just after you have connected to the server, you should enter “/” or nothing in the mentinoed field.
[quote name=‘tbirnseth’]Your server may use different users for PHP and FTP. Hence you might have ownership issues which is why CS-cart blindly recommends 777/666 permissions on files.[/QUOTE]
I will expain, why we recommend 777/666. It is exactly because there can be “different users for PHP and FTP” on a server.
For example, If you upload all the CS-Cart files by FTP to your server, you will be unable to change them via CS-Cart (that acts as a PHP user) if there are not enough permissions on them. It means, the template editor and upgrade center (without the FTP access) will not work for you. And some other problems with the ‘access denied’ error may occur as well.
As a result, the CS-Cart source files are uploaded by FTP while the skin and product image files are created by the PHP user. Having 777/666 permission on all these files is the easiest way (I agree, not best) to upgrade everything smoothly.
[quote name=‘joshin’]Does this mean that we can use their IFRAME functionality with the newest version of CSCart? I dont mind having to match up orders until thats fixed. I just want to be able to use Moneybookers without my customers having to leave my site, it leads to too many abandoned shopping carts.
[/QUOTE]
Hello joshin!
Unfortunately, the IFRAME functionality is not supported in the Moneybookers payment module included in the latest version of CS-Cart (2.1.4). I am sorry for not specifying it in my previous post.
But our developers started working on supporting this feature a few days ago. We are currently waiting for Moneybookers’ approval of the updated plugin. So, we are planning to make it available for all the CS-Cart users just in several days. I will provide the further details (where it can be downloaded and how it can be installed) here on the Forums as soon as the plugin is ready.
But our developers started working on supporting this feature a few days ago. We are currently waiting for Moneybookers’ approval of the updated plugin.[/QUOTE]
I would like to add that the problem with the missing CS-Cart order ID in your Moneybookers merchant panel cannot be avoided if we display their payment gateway in IFRAME on the last checkout page. As I explained it in my previous post, CS-Cart creates a new order only after the checkout is over (after the customer clicks the “Place order” button), while the customer completes his payment in this IFRAME on the last checkout page.
No software upgrades, nothing (what about adding new products to the database?).