Our payment processor is asking
To ensure merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend.
While our payment gateway developer says
Signature validation happens at the backend of CS-Cart and is not connected with the payment gateway.
So are we complying with payment processor requirement?
Thanks
Sent from my LND-L29 using Tapatalk
Usually payment systems send signature back to the store. The payment script should generate new signature using received parameters + secret key and compare it with the received value
They want to ensure that merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend.
Reason for this excercise is
validate the reply signature to confirm that the reply data was not amended or tampered with. If the reply signature in the reply field does not match the signature calculated based on the reply data, treat the POST as malicious and disregard it.
Sent from my LND-L29 using Tapatalk
They want to ensure that merchant is performing signature validation with the signature provided by CyberSource in response data before updating status of order at website backend. Reason for this excercise is validate the reply signature to confirm that the reply data was not amended or tampered with. If the reply signature in the reply field does not match the signature calculated based on the reply data, treat the POST as malicious and disregard it. Sent from my LND-L29 using Tapatalk
So it depends on your developer. He should write the validation script. It cannot be universal solution since each payment system uses own algorithms to generate signature
Can you please review this modification requirement and quote your price.
Thanks
Sent from my LND-L29 using Tapatalk
Unfortunately, we have no free developers at the moment. Please ask you payment gateway developers to do it. This is not complex task
When ur developer would be free.
If we can get a. Quote then we can wait for it.
Sent from my LND-L29 using Tapatalk
@e-com lab
Reply awiated please
Sent from my LND-L29 using Tapatalk
Please request a quote on our website
https://www.ecom-labs.com/?quote
Quote requested
Sent from my LND-L29 using Tapatalk