Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PayPal WPP Direct Payments & Express Checkout Support


dynamoeffects

Recommended Posts

Hi everyone,

 

Has anyone had issues getting discount coupons (v3.34) to work with PayPal Express here? I had a customer who was able to check out direct payment eventually with everything working, but only after failing to get PayPal to work for them as they couldn't find where to enter the coupon code. I have the latest version of Dynamo WPP installed of course. Any ideas?

 

Thanks,

 

Nick

Link to comment
Share on other sites

The madness of PCI!!!! After days of trying to work out if I need PCI and if I do which form to complete (SAQ C or PCI SAQ D), I am totally baffled and bamboozled.

 

This what PayPal have said to me on the phone yesterday. After I telephoned them and questioned it today, they put it in an email too:

 

Thank you for contacting PayPal.

As you state clearly on your website that you do not store / hold / keep

financial details of your customers you donot have to be pci compliance.

the finacial process is done by paypal pro.

See also the attachment I have send you earlier (The attachment was their Disclosure Payment Compliance Guidelines.pdf)

 

However in the first email PayPal sent me a day earlier they wrote:

In relation to your query related to PCI the standards apply to all

organizations that store, process or transmit cardholder’s data. Therefore

we can say that applies to your payment card environment not just about the

storage of the information but about how secure your system as website,

hosting service and shopping cart are

 

What they said to me on the phone was that there is no need for a seller to be PCI compliant if they are using PayPal WPP on the condition that there is a 'Privacy Policy' checkbox under the credit card input field that customers must check before the transaction is completed and the Privacy Policy should state "We do not store credit card numbers". PayPal said they are the ones who store, process or transmit cardholder’s data and if a seller decides not to store credit card numbers in the database then there is no need to have PCI but if a seller wanted to store card numbers then without a doubt PCI was needed but PayPal would not give advice on how one should get their PCI but were adamant no PCI is required where card numbers are not written to the database.

 

Does anyone know about PCI using oscommerce and WPP? If I were to remove the parts of this contribution that write the last 4 digits of the card number to database, the admin/orders page and to the checkout_confirmation page then would I need PCI using WPP? I have asked tens of web hosts and asked people from PayPal to PCI assisting organisations and everyone including PayPal seems to be contradicting themselves.

 

If PCI is required then a separate database server and separate application server costs make using WPP unviable as the database cannot have an internet/IP connection, it will be expensive :(

 

However, if no PCI is needed because of these two factors then it means an oscommerce store with WPP can even be used on a shared host making everything cheaper:

 

1) No card numbers and stored

2) A Privacy Policy checkbox is placed under the WPP card input field

 

The madness of it all. Can anyone shed some light please?

Edited by chooch

Upon receiving fixes and advice, too many people don't bother to post updates informing the forum of how it went. Until of course they need help again on other issues and they come running back!

 

Why receive the information you require in good faith for free, only to then have the attitude to ignore the people who gave it to you?

 

There's no harm in saying, 'Thanks, it worked'. On the contrary, it creates a better atmosphere.

 

CHOOCH

Link to comment
Share on other sites

The madness of PCI!!!! After days of trying to work out if I need PCI and if I do which form to complete (SAQ C or PCI SAQ D), I am totally baffled and bamboozled.

 

This what PayPal have said to me on the phone yesterday. After I telephoned them and questioned it today, they put it in an email too:

 

Thank you for contacting PayPal.

As you state clearly on your website that you do not store / hold / keep

financial details of your customers you donot have to be pci compliance.

the finacial process is done by paypal pro.

See also the attachment I have send you earlier (The attachment was their Disclosure Payment Compliance Guidelines.pdf)

 

However in the first email PayPal sent me a day earlier they wrote:

In relation to your query related to PCI the standards apply to all

organizations that store, process or transmit cardholder’s data. Therefore

we can say that applies to your payment card environment not just about the

storage of the information but about how secure your system as website,

hosting service and shopping cart are

 

What they said to me on the phone was that there is no need for a seller to be PCI compliant if they are using PayPal WPP on the condition that there is a 'Privacy Policy' checkbox under the credit card input field that customers must check before the transaction is completed and the Privacy Policy should state "We do not store credit card numbers". PayPal said they are the ones who store, process or transmit cardholder’s data and if a seller decides not to store credit card numbers in the database then there is no need to have PCI but if a seller wanted to store card numbers then without a doubt PCI was needed but PayPal would not give advice on how one should get their PCI but were adamant no PCI is required where card numbers are not written to the database.

 

Does anyone know about PCI using oscommerce and WPP? If I were to remove the parts of this contribution that write the last 4 digits of the card number to database, the admin/orders page and to the checkout_confirmation page then would I need PCI using WPP? I have asked tens of web hosts and asked people from PayPal to PCI assisting organisations and everyone including PayPal seems to be contradicting themselves.

 

If PCI is required then a separate database server and separate application server costs make using WPP unviable as the database cannot have an internet/IP connection, it will be expensive :(

 

However, if no PCI is needed because of these two factors then it means an oscommerce store with WPP can even be used on a shared host making everything cheaper:

 

1) No card numbers and stored

2) A Privacy Policy checkbox is placed under the WPP card input field

 

The madness of it all. Can anyone shed some light please?

 

As the card processor, PayPal makes the determination as to what processes and documentation you need to provide to be PCI compliant. Storing the last four digits of a card number isn't the same as storing a card number, and to the best of my knowledge, is permissible. Don't store the expiration date, either. And, of course, *never* touch the CVV value, except to send it on to PayPal.

 

--Glen

Link to comment
Share on other sites

I that case will just go with WPP and put htaccess on the store for PayPal to vet before going live with it. Thanks Steve.

Upon receiving fixes and advice, too many people don't bother to post updates informing the forum of how it went. Until of course they need help again on other issues and they come running back!

 

Why receive the information you require in good faith for free, only to then have the attitude to ignore the people who gave it to you?

 

There's no harm in saying, 'Thanks, it worked'. On the contrary, it creates a better atmosphere.

 

CHOOCH

Link to comment
Share on other sites

Does anybody know what exactly this error means?

 

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_errorcodes

 

15005 Processor Decline -- This transaction cannot be processed. The transaction was declined by the issuing bank, not PayPal. The merchant should attempt another card.

 

I've had 2 customers in the past 2 days get this error. I receive a PayPal Error Dump which indicates the error. I see that both customers are international (I'm a U.S. based merchant). One of them has purchased from me before so I know they are legit and didn't have problems last time. Could it be an address format issue and PayPal is denying it, or is it really being declined by the issuing bank, and not PayPal?

 

Thanks for any thoughts!

Link to comment
Share on other sites

Does anybody know what exactly this error means?

 

https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_api_nvp_errorcodes

 

15005 Processor Decline -- This transaction cannot be processed. The transaction was declined by the issuing bank, not PayPal. The merchant should attempt another card.

 

I've had 2 customers in the past 2 days get this error. I receive a PayPal Error Dump which indicates the error. I see that both customers are international (I'm a U.S. based merchant). One of them has purchased from me before so I know they are legit and didn't have problems last time. Could it be an address format issue and PayPal is denying it, or is it really being declined by the issuing bank, and not PayPal?

 

Thanks for any thoughts!

 

This means that the cardholder's bank has declined the transaction. It could be anything. Here are some possible reasons:

 

1. Insufficient credit line (credit card) or available balance (debit card).

2. Error in entering address (though banks usually allow these transactions and you'll get a Gateway Decline instead).

3. Card restricted from international transactions. Customer can usually call their bank to remove the international restriction.

 

--Glen

Link to comment
Share on other sites

This means that the cardholder's bank has declined the transaction. It could be anything. Here are some possible reasons:

 

1. Insufficient credit line (credit card) or available balance (debit card).

2. Error in entering address (though banks usually allow these transactions and you'll get a Gateway Decline instead).

3. Card restricted from international transactions. Customer can usually call their bank to remove the international restriction.

 

--Glen

 

Thanks Glen.

Link to comment
Share on other sites

Goodday friends

 

I'm new to oscommerce, and while trying to put in place an online store, I found this:

 

The transaction cannot complete successfully. Instruct the customer to use an alternative payment method.

 

I have tried changing currencies as in some forum I saw this might be the reason, but this hasn't changed anything.

 

Any help / suggestion / hint / tip will be extremely appreciated.

 

Best.

Link to comment
Share on other sites

Goodday friends

 

I'm new to oscommerce, and while trying to put in place an online store, I found this:

 

 

 

I have tried changing currencies as in some forum I saw this might be the reason, but this hasn't changed anything.

 

Any help / suggestion / hint / tip will be extremely appreciated.

 

Best.

 

This is the text for a PayPal 10417 error. This error seems to occur when the customer's account has insufficient funds and there is no acceptable backup funding source.

 

It may also occur when the shop is set to require a confirmed address and there is no confirmed address on the account.

 

PayPal doesn't give any detail as to the cause of this error.

 

--Glen

Edited by SteveDallas
Link to comment
Share on other sites

I have a site using WPP and Dynamo Checkout and I want to setup another on a different domain - can I use the same Paypal account to transmit too or do I need to setup another, ideally I would use the same.

 

Thanks,

 

Chris

Founder & Director at CSC Tours Ltd

Link to comment
Share on other sites

I have a site using WPP and Dynamo Checkout and I want to setup another on a different domain - can I use the same Paypal account to transmit too or do I need to setup another, ideally I would use the same.

 

Thanks,

 

Chris

 

It should work fine, but the name displayed to Express Checkout buyers will be the same for both sites, unless you define a separate page style on PayPal and set the appropriate option in the module preferences. The customers of the new site will see your original account name in their transaction history. As long as this is not confusing to the customers, you'll have no problem.

 

--Glen

Link to comment
Share on other sites

It should work fine, but the name displayed to Express Checkout buyers will be the same for both sites, unless you define a separate page style on PayPal and set the appropriate option in the module preferences. The customers of the new site will see your original account name in their transaction history. As long as this is not confusing to the customers, you'll have no problem.

 

--Glen

 

Perfect - I have the name side covered. Thanks Glen.

Founder & Director at CSC Tours Ltd

Link to comment
Share on other sites

I am getting this error:

The credit card information you entered contains an error. Please check it and try again.

 

The first four digits of the number entered are:

If that number is correct, we do not accept that type of credit card.

If it is wrong, please try again.

 

I am using Visa #s from PayPal's sandbox. I notice the first four digits aren't even showing in the error... so what could be causing this?

Link to comment
Share on other sites

Found my problem, but I'm not sure how to fix it.

 

I use Fast Easy Checkout (with checkout_shipping.php & checkout_payment.php combined).

 

When I try to install checkout_payment entries to checkout_shipping.php -- nothing happens.

 

If I manually type "mysite.com/checkout_payment.php" into my browser's address bar, fill in a test CC# & try to checkout; it works.

Edited by eww
Link to comment
Share on other sites

Just spotted this post by dynamoeffects: http://www.oscommerce.com/forums/topic/202604-how-to-take-credit-cards-manually/page__view__findpost__p__1234914

 

* If you're using the latest version of the Header Tags controller and you're storing credit card numbers in your database, anyone can output a list of your customers' data by adding a SQL query to a specific URL parameter.

* Use Fast Easy Checkout? In less than 2 minutes you could be compromised.

 

scary stuff!! Do any of you still use these?

I have header tags controller ( http://addons.oscommerce.com/info/207 ) also & just had a PCI scan run on my server.. curious is anyone else has had issues with these?

Edited by eww
Link to comment
Share on other sites

I installed PayPal Website Payments Pro (US/UK) by Dynamo Effects v1.1.2 and I'm getting the following error upon clicking on the "check out express" button:

 

 unable to set private key file: '/home/[user]/public_html/includes/paypal_wpp/cert/cert_key_pem.txt' type PEM (Error No. 58)

 

Diagnostics test:

 

Basic Tests
Using at least PHP 4.3.0? 	Yes
Does your store have an SSL certificate installed and working? 	Yes
Is cURL installed? 	Yes
Does cURL work? (Simple HTTPS test) 	Yes
API Certificate installed? 	Yes
API Certificate directory protected? 	Yes
API Username in place? 	Yes
API Password in place? 	Yes
Database update in place? 	Yes
Payment class modifications in place? 	Yes
Bug in checkout_process.php fixed? [Read More] 	Yes
XML Document "doDirectPayment.xml" exists? 	Yes
XML Document "doExpressCheckout.xml" exists? 	Yes
XML Document "getExpressCheckoutDetails.xml" exists? 	Yes
XML Document "setExpressCheckout.xml" exists? 	Yes
XML Document "transactionSearch.xml" exists? 	Yes
XML Document "doCapture.xml" exists? 	Yes
XML Document "getTransactionDetails.xml" exists? 	Yes
XML Document "refundTransaction.xml" exists? 	Yes
Advanced Diagnostics
Able to connect to PayPal through cURL? 	No
Error received: 58: unable to set private key file: '/home/green007/public_html/includes/paypal_wpp/cert/paypal_cert_pem.txt' type PEM

I double checked the location of the cert file and it is correct. When I remove it completely I get a 'not found' error, so it's definitely not the location issue.

 

Can anyone help me out on this? I've searched this thread and couldn't find an answer.

 

Thank you!

Link to comment
Share on other sites

Just wanted to add to the last post, I turned off Checkout Express option for the time being because I discovered another error.

 

Check out process seems to loop every time using regular paypal direct payment.

checkout_confirmation.php goes back to checkout_shipping.php and so on.

 

I tried enabling force cookies, and turning of SEO URLs and nothing.

 

Can some please help me out with this?

 

Thank you!

Link to comment
Share on other sites

Just wanted to add to the last post, I turned off Checkout Express option for the time being because I discovered another error.

 

Check out process seems to loop every time using regular paypal direct payment.

checkout_confirmation.php goes back to checkout_shipping.php and so on.

 

I tried enabling force cookies, and turning of SEO URLs and nothing.

 

Can some please help me out with this?

 

Thank you!

 

You must resolve the CURL error first. It sounds as though your certificate file may be corrupted. Try downloading it from PayPal again and re-installing it on your server.

 

--Glen

Link to comment
Share on other sites

After spending another 8 hours I've finally figured out the problem.

 

Turns out I had incorrect certificate downloaded from PayPal.

 

I already had API username and signature created before by previous programmer so I wasn't aware I have to delete the current API sig/pass and then recreate it to download the new certificate. Maybe this could be mentioned in the read me file.

 

Other than the above issue, plug in is awesome and works flawlessly.

 

Thank you SteveDallas and Brian for your quick replies.

Link to comment
Share on other sites

Has anyone gotten Paypal WPP Direct Website Payments Pro to work with One Page Checkout? I have searched everywhere and I can not seem to find an answer.

 

 

They aren't compatible, though the creator of this PayPal WPP add-on has a one page checkout solution available for sale. I went through the same aggravation of installing both a few months back and only later finding out from each of the two developers that these add-ons don't work in unison.

Link to comment
Share on other sites

Any ideas as to why this happens?

 

-Customer enters credit card info

-Customer confirms order

-Customer is returned to page 1 of check (shipping details)

 

I've checked the my api cert is correct (even downloaded a new one just to make sure), username/password are correct, I do have a Pro acct with Paypal.

Any other thoughts?

Link to comment
Share on other sites

They aren't compatible, though the creator of this PayPal WPP add-on has a one page checkout solution available for sale. I went through the same aggravation of installing both a few months back and only later finding out from each of the two developers that these add-ons don't work in unison.

Hey thanks for the reply Nick...it is too bad...have a good weekend.

Link to comment
Share on other sites

Can someone please advise why I get errors from Paypal for the following when customers try to order online using dynamo checkout, I know there are items in the basket and there are costs associated with it but I am wondering if this data is being lost through session timeout or something:

 

[shortMessage] => Invalid Data

[LongMessage] => This transaction cannot be processed. The amount to be charged is zero.

[ErrorCode] => 10525

[severityCode] => Error

 

Thoughts?

 

Chris

Founder & Director at CSC Tours Ltd

Link to comment
Share on other sites

Can someone please advise why I get errors from Paypal for the following when customers try to order online using dynamo checkout, I know there are items in the basket and there are costs associated with it but I am wondering if this data is being lost through session timeout or something:

 

[shortMessage] => Invalid Data

[LongMessage] => This transaction cannot be processed. The amount to be charged is zero.

[ErrorCode] => 10525

[severityCode] => Error

 

By the way... most bookings go through fine but its just a small % of orders where we get the above error sent to us and I have setup the site so they have to have a product (with a value more than zero) in the basket in order to checkout but I think its due to a session timeout that its being lost but I am not sure.

 

Thanks again.

 

Chri

Founder & Director at CSC Tours Ltd

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...