Signature Validation

valuesbig · November 11, 2020, 12:00am

Our payment processor is asking

To ensure merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend.

While our payment gateway developer says

Signature validation happens at the backend of CS-Cart and is not connected with the payment gateway.

So are we complying with payment processor requirement?

Thanks

Sent from my LND-L29 using Tapatalk

ecomlabs · November 11, 2020, 12:00am

Usually payment systems send signature back to the store. The payment script should generate new signature using received parameters + secret key and compare it with the received value

valuesbig · November 12, 2020, 12:00am

They want to ensure that merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend.

Reason for this excercise is

validate the reply signature to confirm that the reply data was not amended or tampered with. If the reply signature in the reply field does not match the signature calculated based on the reply data, treat the POST as malicious and disregard it.

Sent from my LND-L29 using Tapatalk

ecomlabs · November 12, 2020, 12:00am

They want to ensure that merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend. Reason for this excercise is validate the reply signature to confirm that the reply data was not amended or tampered with. If the reply signature in the reply field does not match the signature calculated based on the reply data, treat the POST as malicious and disregard it. Sent from my LND-L29 using Tapatalk

So it depends on your developer. He should write the validation script. It cannot be universal solution since each payment system uses own algorithms to generate signature

valuesbig · November 13, 2020, 12:00am

Can you please review this modification requirement and quote your price.
Thanks

Sent from my LND-L29 using Tapatalk

ecomlabs · November 13, 2020, 12:00am

Unfortunately, we have no free developers at the moment. Please ask you payment gateway developers to do it. This is not complex task

valuesbig · November 14, 2020, 12:00am

When ur developer would be free.
If we can get a. Quote then we can wait for it.

Sent from my LND-L29 using Tapatalk

valuesbig · November 16, 2020, 12:00am

@e-com lab
Reply awiated please

Sent from my LND-L29 using Tapatalk

ecomlabs · November 16, 2020, 12:00am

Please request a quote on our website

https://www.ecom-labs.com/?quote

valuesbig · November 16, 2020, 12:00am

Quote requested

Sent from my LND-L29 using Tapatalk