Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

About chooch

  • Birthday 12/01/1973

Profile Information

  1. From what I recall the restriction field works in reverse: If you enter a Product ID in the restriction field it basically means that Points CAN be redeemed at checkout IF that item is in the cart. The install instructions did not make this clear but as I said, from what I recall that is the case.
  2. I that case will just go with WPP and put htaccess on the store for PayPal to vet before going live with it. Thanks Steve.
  3. The madness of PCI!!!! After days of trying to work out if I need PCI and if I do which form to complete (SAQ C or PCI SAQ D), I am totally baffled and bamboozled. This what PayPal have said to me on the phone yesterday. After I telephoned them and questioned it today, they put it in an email too: Thank you for contacting PayPal. As you state clearly on your website that you do not store / hold / keep financial details of your customers you donot have to be pci compliance. the finacial process is done by paypal pro. See also the attachment I have send you earlier (The attachment was their Disclosure Payment Compliance Guidelines.pdf) However in the first email PayPal sent me a day earlier they wrote: In relation to your query related to PCI the standards apply to all organizations that store, process or transmit cardholder’s data. Therefore we can say that applies to your payment card environment not just about the storage of the information but about how secure your system as website, hosting service and shopping cart are What they said to me on the phone was that there is no need for a seller to be PCI compliant if they are using PayPal WPP on the condition that there is a 'Privacy Policy' checkbox under the credit card input field that customers must check before the transaction is completed and the Privacy Policy should state "We do not store credit card numbers". PayPal said they are the ones who store, process or transmit cardholder’s data and if a seller decides not to store credit card numbers in the database then there is no need to have PCI but if a seller wanted to store card numbers then without a doubt PCI was needed but PayPal would not give advice on how one should get their PCI but were adamant no PCI is required where card numbers are not written to the database. Does anyone know about PCI using oscommerce and WPP? If I were to remove the parts of this contribution that write the last 4 digits of the card number to database, the admin/orders page and to the checkout_confirmation page then would I need PCI using WPP? I have asked tens of web hosts and asked people from PayPal to PCI assisting organisations and everyone including PayPal seems to be contradicting themselves. If PCI is required then a separate database server and separate application server costs make using WPP unviable as the database cannot have an internet/IP connection, it will be expensive :( However, if no PCI is needed because of these two factors then it means an oscommerce store with WPP can even be used on a shared host making everything cheaper: 1) No card numbers and stored 2) A Privacy Policy checkbox is placed under the WPP card input field The madness of it all. Can anyone shed some light please?
  4. Glen I agree with you about PayPal contributions not being supported. I have used this one on demo mode (sandbox) for a long time and now am going live with a store and just wanted a comparator. Once PayPal approve the application and the store goes live I will test out the "switch/maestro" issue on the live store and see if I can replciate the problems that have been mentioned and then update here. Thank you for supporting this fantastic contribution.
  5. For some time now 'Switch' has been rebranded as Maestro, maybe that has something to do with it?
  6. First and foremost a very big thanks to Brian and Glen (DynamoEffects and SteveDallas) for keeping this fantastic contribution active with posts and regular bugfix updates. I have two questions: Can someone please explain the pros/cons of using this PayPal WPP contribution over the newly released official PayPal WPP one: Also, can someone please explain if the either of these PayPal WPP contributions are supporting the Advanced Fraud Management Filters add-on. To add this feature costs £20 per month per 5p per transactions on top of the £20 per month WPP and 3.4%-1.4% and 20p per transaction fees but it seems like a good thing to have as an extra security measure.
  7. This is how mine is set-up Sub-Total: £1,640.65 Per Item (Best Way): £3.78 UK VAT 15%: £245.54 Points Redeemed: -£10.00 Total: £1,879.97 At first look the VAT is wrong because 15% of £1640.65 = 246.10. But the tax is not being calculated on £1640.65 instead it is being calculated on £1636.93 which is my Sub-Total minus those items that have no VAT added to them - in this case the VAT is correct. I suggest everyone keep their order totals as originally advised when adding this contribution, make sure Points deduction is after sub total and shipping, tax but before total. It makes more financial sense to deduct Points at the end, for example, your customer buys an item for £100 and pays £10 for shipping and £15 VAT and uses £20.00 worth of Points at checkout, meaning you get payment of £105. If you do it your way the customer would pay £80 for the item as they would redeem £20.00 worth of Points and then pay £10 for shipping and then pay £12 VAT, meaning you get a payment of £102. I seem to recall the order total for Points was set to 6 because it was supposed to be applied after tax so there is not a ready made solution to this issue, not one that I can recall.
  8. That is a strange thing to happen to your store. My order totals add up correctly. Try to text-diff using your store files against the original instructions with this download, they are the order totals and checkout process and look for any errors. If that does not work report back here and I will try to help get to the bottom of it.
  9. Do it like this: 1 sub-total (eg £100) 2 Points redeemed (eg £50) 3 VAT (£7.50) 4 Total £57.50
  10. Then why don't you go to admin/modules and then order total and make tax list after points (by default it is the other way round)
  11. Go to your admin area, click the modules link in the left column. Go to order totals and then set the sort order to show Points deduction after shipping: 1-subtotal 2-shipping 3-points 4-total
  12. The hack does not work on HSBC, PayPal WPP, Authorizenet AIM but I think it does work on AuthorizeNet basic and it does not work on some other payment modules but the hack does work on PayPal standard, PayPal IPN, PayPal WPP id Express Checkout is activated, Moneybookers and many others. The hack can only be confirmed by process of elimination. I only highlighted the issue here because apparantly Moneybookers is becoming popular with lots of stores and I used the contribution to test. Anyone with downloadable products or digital/software/music/video files etc are the ones who will be at risk until they decide which payment module they want and test to see if the hack works before working out a way to plug it.
  13. Just like with the PayPal IPN (and PayPal Express but not PayPal WPP) and numerous other payment contributions, the Moneybookers module is open to abuse. The hack will affect store owners by having to use their time to filter through and find order statuses for hacked orders and genuine ones but if you sell virtual products like audio/visual downloads then you are losing money as people are obtaining them for free. Here's the Moneybookers hack: 1) Open and account on any oscommerce store 2) Add any items to cart and hit the checkout button 3) When you get to checkout_payment.php select Moneybookers 4) Then when the Moneybookers payment details appear simply checnge the end of the URL in your browser from 'checkout_payment.php' to 'checkout_process.php) and press enter/return. 5) Checkout_success.php appears and order has been completed From what I can tell it needs to be plugged in checkout_payment before and after Moneybookers is selected otherwise those with digital downloads are open to fraud. The same hack affects nearly all of the payment modules for oscommerce. For what it's worth, PayPal WPP if selected from a lsit of options by customers or if used by store owners as the default single payment option blocks this hack from working, the only time I could tell PayPal WPP was open to the hack was when Express Checkout was installed and operated alongside WPP. Be careful people.
  14. Thanks for the reply FWR, I was trying to compare certain aspects of the two ;)
  15. Can someone point out the key issues that define the re-write in the two contributions: SEO URL: /hewlett-packard-laserjet-1100xi-p-27.html SEO-G: /hewlett-packard-laserjet-1100xi.html Just a few ideas buzzing in my head and wanted to double check before experimenting. Thanks.