RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
Yeah.. I've noticed that it's fairly simple. Unfortunately, it tends to be expensive for the little guys out there -- which we seem to be running into a lot, these days. I've looked at SimplePay, and LinkPoint. They're much cheaper. But question is.. Are they as reliable and workable? Anyone have experience with these or others that they would like to share? | -Original Message- | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 11:38 AM | To: CF-Talk | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | Excellent product. Easy to use and setup. | | | - Original Message - | From: Lee Fuller [EMAIL PROTECTED] | To: CF-Talk [EMAIL PROTECTED] | Sent: Friday, November 22, 2002 11:14 AM | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | Quick thoughts, pitfalls, opinions? | | TTAIA | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
We wrote a custom tag for CDG Commerce (http://www.quilldesign.com/cdg/index.cfm) It is a simple custom tag to install. The custom tag is free as well as the payment gateway setup is free. You just have to pay the normal processing fee's monthly. Hope this helps! Paul Giesenhagen QuillDesign - Original Message - From: Lee Fuller [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Friday, November 22, 2002 1:51 PM Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?) Yeah.. I've noticed that it's fairly simple. Unfortunately, it tends to be expensive for the little guys out there -- which we seem to be running into a lot, these days. I've looked at SimplePay, and LinkPoint. They're much cheaper. But question is.. Are they as reliable and workable? Anyone have experience with these or others that they would like to share? | -Original Message- | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 11:38 AM | To: CF-Talk | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | Excellent product. Easy to use and setup. | | | - Original Message - | From: Lee Fuller [EMAIL PROTECTED] | To: CF-Talk [EMAIL PROTECTED] | Sent: Friday, November 22, 2002 11:14 AM | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | Quick thoughts, pitfalls, opinions? | | TTAIA | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
Is LinkPoint by Card Service International? I see their little logo on the page when I found linkPoint If so - don't let their promise of service and talk of them being one of the largest sway you. I have a list of clients that are incredibly unhappy. Although fairly simple- roadblocks left and right. Customer Service departments are horrendous. And to top it off - being a business man - reseller fees happen to be a plus - Well they managed to scam me out of about $1800 in client referrals. So - horrible service, what I think as a non impressive product. beware. Also - I had my own companies card processing go through them. They conveintly had me lease the software - for $3500 for 3 years.. then proceed to tell me that fairmarket was $2800 on the software for buyout - or I had to pay a cancellation fee - of about $400 - all very gray in the contracts. I tried to convert a Link Point account to an upgraded version - and after 6 months of trying to get my account changed - I finally gave up. I mean - I was trying to UPGRADE On trying to cancel the service - they also were kind enough not releasing my account for an additional 6 months - because I did not send the proper formated letter - When resolving it -they so happened to delay it for enough weeks - where I missed this ridicoulous cancellation date ( one of those- on the 3rd monday of the 16 month of this year prior to notifying us by this date type date) All in all - 2 years of bad service! *grin I have used authorize.net on 4 clients - affordable - coldfusion really easy to integrate with. Worth checking out. Good Luck, jay miller Lee Fuller wrote: Yeah.. I've noticed that it's fairly simple. Unfortunately, it tends to be expensive for the little guys out there -- which we seem to be running into a lot, these days. I've looked at SimplePay, and LinkPoint. They're much cheaper. But question is.. Are they as reliable and workable? Anyone have experience with these or others that they would like to share? | -Original Message- | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 11:38 AM | To: CF-Talk | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | Excellent product. Easy to use and setup. | | | - Original Message - | From: Lee Fuller [EMAIL PROTECTED] | To: CF-Talk [EMAIL PROTECTED] | Sent: Friday, November 22, 2002 11:14 AM | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | Quick thoughts, pitfalls, opinions? | | TTAIA | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
Thanks for the info Jason. I've looked at Authorize.Net again. Have had it integrated as part of our storefront software for some time. However, I've not dealt with them directly. The user experience is a big thing for me. So I'm wanting to make certain that the end-user's ability to manage their account/charges/voids, etc., is powerful and easy. How would you rate Authorize.net on these issues? Lee PS - I thought about moving this discussion.. But it seems relevant to all of us here. Mike will tell us otherwise, I'm sure, if I'm wrong. ;) | -Original Message- | From: Jason Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 3:19 PM | To: CF-Talk | Subject: Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | Is LinkPoint by Card Service International? I see their | little logo on | the page when I found linkPoint If so - don't let their promise of | service and talk of them being one of the largest sway you. | | I have a list of clients that are incredibly unhappy. Although fairly | simple- roadblocks left and right. Customer Service departments are | horrendous. And to top it off - being a business man - reseller fees | happen to be a plus - Well they managed to scam me out of | about $1800 in | client referrals. | | So - horrible service, what I think as a non impressive | product. beware. | | Also - I had my own companies card processing go through them. They | conveintly had me lease the software - for $3500 for 3 years.. then | proceed to tell me that fairmarket was $2800 on the software | for buyout | - or I had to pay a cancellation fee - of about $400 - all | very gray in | the contracts. | | I tried to convert a Link Point account to an upgraded version - and | after 6 months of trying to get my account changed - I | finally gave up. | I mean - I was trying to UPGRADE | | On trying to cancel the service - they also were kind enough not | releasing my account for an additional 6 months - because I | did not send | the proper formated letter - When resolving it -they so happened to | delay it for enough weeks - where I missed this ridicoulous | cancellation | date ( one of those- on the 3rd monday of the 16 month of this year | prior to notifying us by this date type date) | | All in all - 2 years of bad service! *grin | | I have used authorize.net on 4 clients - affordable - | coldfusion really | easy to integrate with. Worth checking out. | Good Luck, | jay miller | | Lee Fuller wrote: | | Yeah.. I've noticed that it's fairly simple. | | Unfortunately, it tends to be expensive for the little guys | out there | -- which we seem to be running into a lot, these days. I've | looked at | SimplePay, and LinkPoint. They're much cheaper. But | question is.. Are | they as reliable and workable? | | Anyone have experience with these or others that they would like to | share? | | | -Original Message- | | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | | Sent: Friday, November 22, 2002 11:38 AM | | To: CF-Talk | | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Excellent product. Easy to use and setup. | | | | | | - Original Message - | | From: Lee Fuller [EMAIL PROTECTED] | | To: CF-Talk [EMAIL PROTECTED] | | Sent: Friday, November 22, 2002 11:14 AM | | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Quick thoughts, pitfalls, opinions? | | | | TTAIA | | | | | | | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
to pose as the merchant. Even if I can't refund my card, I can cause a lot of unwanted trouble by charging cards, etc. == Summary == Unprotected Digital Certificates (no passphrase) that establish the identity of a merchant are sent via unencrypted email, along with the merchants Store Name. Someone with access to the LinkPoint API could use this information to pose as the merchant and have access to all of the same functions and information as the merchant (charge a card, etc). -chris.alvarado [ application developer ] 4 Guys Interactive, Inc. http://www.4guys.com We create websites that make you a hero. -Original Message- From: Lee Fuller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 2:25 PM To: CF-Talk Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?) Thanks for the info Jason. I've looked at Authorize.Net again. Have had it integrated as part of our storefront software for some time. However, I've not dealt with them directly. The user experience is a big thing for me. So I'm wanting to make certain that the end-user's ability to manage their account/charges/voids, etc., is powerful and easy. How would you rate Authorize.net on these issues? Lee PS - I thought about moving this discussion.. But it seems relevant to all of us here. Mike will tell us otherwise, I'm sure, if I'm wrong. ;) | -Original Message- | From: Jason Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 3:19 PM | To: CF-Talk | Subject: Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | Is LinkPoint by Card Service International? I see their | little logo on | the page when I found linkPoint If so - don't let their promise of | service and talk of them being one of the largest sway you. | | I have a list of clients that are incredibly unhappy. Although fairly | simple- roadblocks left and right. Customer Service departments are | horrendous. And to top it off - being a business man - reseller fees | happen to be a plus - Well they managed to scam me out of | about $1800 in | client referrals. | | So - horrible service, what I think as a non impressive | product. beware. | | Also - I had my own companies card processing go through them. They | conveintly had me lease the software - for $3500 for 3 years.. then | proceed to tell me that fairmarket was $2800 on the software | for buyout | - or I had to pay a cancellation fee - of about $400 - all | very gray in | the contracts. | | I tried to convert a Link Point account to an upgraded version - and | after 6 months of trying to get my account changed - I | finally gave up. | I mean - I was trying to UPGRADE | | On trying to cancel the service - they also were kind enough not | releasing my account for an additional 6 months - because I | did not send | the proper formated letter - When resolving it -they so happened to | delay it for enough weeks - where I missed this ridicoulous | cancellation | date ( one of those- on the 3rd monday of the 16 month of this year | prior to notifying us by this date type date) | | All in all - 2 years of bad service! *grin | | I have used authorize.net on 4 clients - affordable - | coldfusion really | easy to integrate with. Worth checking out. | Good Luck, | jay miller | | Lee Fuller wrote: | | Yeah.. I've noticed that it's fairly simple. | | Unfortunately, it tends to be expensive for the little guys | out there | -- which we seem to be running into a lot, these days. I've | looked at | SimplePay, and LinkPoint. They're much cheaper. But | question is.. Are | they as reliable and workable? | | Anyone have experience with these or others that they would like to | share? | | | -Original Message- | | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | | Sent: Friday, November 22, 2002 11:38 AM | | To: CF-Talk | | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Excellent product. Easy to use and setup. | | | | | | - Original Message - | | From: Lee Fuller [EMAIL PROTECTED] | | To: CF-Talk [EMAIL PROTECTED] | | Sent: Friday, November 22, 2002 11:14 AM | | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Quick thoughts, pitfalls, opinions? | | | | TTAIA | | | | | | | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting.
RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
I've been using Cybercash WebAuthorize for a few years now and it's pretty nice. Easy to get running with CF plus there are ActiveX, C and Java APIs. I use the ActiveX version with a tag from the DevEx. It's fairly pricey though, I think it was $5k for the software. Joshua Miller Head Programmer / IT Manager Garrison Enterprises Inc. www.garrisonenterprises.net [EMAIL PROTECTED] (704) 569-9044 ext. 254 (Voice Mail) (304) 456-4942 (Home Office) -Original Message- From: Lee Fuller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 2:51 PM To: CF-Talk Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?) Yeah.. I've noticed that it's fairly simple. Unfortunately, it tends to be expensive for the little guys out there -- which we seem to be running into a lot, these days. I've looked at SimplePay, and LinkPoint. They're much cheaper. But question is.. Are they as reliable and workable? Anyone have experience with these or others that they would like to share? | -Original Message- | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 11:38 AM | To: CF-Talk | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | Excellent product. Easy to use and setup. | | | - Original Message - | From: Lee Fuller [EMAIL PROTECTED] | To: CF-Talk [EMAIL PROTECTED] | Sent: Friday, November 22, 2002 11:14 AM | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | Quick thoughts, pitfalls, opinions? | | TTAIA | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
Honestly - in all instances of any installements of authorize.net - My clients signed up for the account. And their FAQ's page had everything I needed once my client gave me certain login information. It was my first year developing in CF and my first commerce integration and it only took me 6 hours to figure it all out. I Never had to contact them so I really can't rate them. The authorization process was simple - You send a few key variables through a URL string through a special secure link - and they send a string back - 1,2,3 etc - and you set up an if condition to meet each string. The documentation on all the error codes was quite easy. I also remember during testing I did live testing wtih a personal card ( even though they had special test card numbers) And you go into user secure area - approve charges you are going to fulfill - select others and hit void. All in all it seemed pretty easy. jay Lee Fuller wrote: Thanks for the info Jason. I've looked at Authorize.Net again. Have had it integrated as part of our storefront software for some time. However, I've not dealt with them directly. The user experience is a big thing for me. So I'm wanting to make certain that the end-user's ability to manage their account/charges/voids, etc., is powerful and easy. How would you rate Authorize.net on these issues? Lee PS - I thought about moving this discussion.. But it seems relevant to all of us here. Mike will tell us otherwise, I'm sure, if I'm wrong. ;) | -Original Message- | From: Jason Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 3:19 PM | To: CF-Talk | Subject: Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | Is LinkPoint by Card Service International? I see their | little logo on | the page when I found linkPoint If so - don't let their promise of | service and talk of them being one of the largest sway you. | | I have a list of clients that are incredibly unhappy. Although fairly | simple- roadblocks left and right. Customer Service departments are | horrendous. And to top it off - being a business man - reseller fees | happen to be a plus - Well they managed to scam me out of | about $1800 in | client referrals. | | So - horrible service, what I think as a non impressive | product. beware. | | Also - I had my own companies card processing go through them. They | conveintly had me lease the software - for $3500 for 3 years.. then | proceed to tell me that fairmarket was $2800 on the software | for buyout | - or I had to pay a cancellation fee - of about $400 - all | very gray in | the contracts. | | I tried to convert a Link Point account to an upgraded version - and | after 6 months of trying to get my account changed - I | finally gave up. | I mean - I was trying to UPGRADE | | On trying to cancel the service - they also were kind enough not | releasing my account for an additional 6 months - because I | did not send | the proper formated letter - When resolving it -they so happened to | delay it for enough weeks - where I missed this ridicoulous | cancellation | date ( one of those- on the 3rd monday of the 16 month of this year | prior to notifying us by this date type date) | | All in all - 2 years of bad service! *grin | | I have used authorize.net on 4 clients - affordable - | coldfusion really | easy to integrate with. Worth checking out. | Good Luck, | jay miller | | Lee Fuller wrote: | | Yeah.. I've noticed that it's fairly simple. | | Unfortunately, it tends to be expensive for the little guys | out there | -- which we seem to be running into a lot, these days. I've | looked at | SimplePay, and LinkPoint. They're much cheaper. But | question is.. Are | they as reliable and workable? | | Anyone have experience with these or others that they would like to | share? | | | -Original Message- | | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | | Sent: Friday, November 22, 2002 11:38 AM | | To: CF-Talk | | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Excellent product. Easy to use and setup. | | | | | | - Original Message - | | From: Lee Fuller [EMAIL PROTECTED] | | To: CF-Talk [EMAIL PROTECTED] | | Sent: Friday, November 22, 2002 11:14 AM | | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Quick thoughts, pitfalls, opinions? | | | | TTAIA | | | | | | | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm
Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
by the gateway server is not meant to prevent a fraudulent merchant -- it is made to prevent fraudulent customers from fooling legitimate merchants. In this scenario, you _would be_ the merchant and therefore not subject to fraud checks. At this point, I had given up. I have a hard time understanding how it's not a security problem for me to be able to pose as the merchant. Even if I can't refund my card, I can cause a lot of unwanted trouble by charging cards, etc. == Summary == Unprotected Digital Certificates (no passphrase) that establish the identity of a merchant are sent via unencrypted email, along with the merchants Store Name. Someone with access to the LinkPoint API could use this information to pose as the merchant and have access to all of the same functions and information as the merchant (charge a card, etc). -chris.alvarado [ application developer ] 4 Guys Interactive, Inc. http://www.4guys.com We create websites that make you a hero. -Original Message- From: Lee Fuller [mailto:[EMAIL PROTECTED]] Sent: Friday, November 22, 2002 2:25 PM To: CF-Talk Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?) Thanks for the info Jason. I've looked at Authorize.Net again. Have had it integrated as part of our storefront software for some time. However, I've not dealt with them directly. The user experience is a big thing for me. So I'm wanting to make certain that the end-user's ability to manage their account/charges/voids, etc., is powerful and easy. How would you rate Authorize.net on these issues? Lee PS - I thought about moving this discussion.. But it seems relevant to all of us here. Mike will tell us otherwise, I'm sure, if I'm wrong. ;) | -Original Message- | From: Jason Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 3:19 PM | To: CF-Talk | Subject: Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | Is LinkPoint by Card Service International? I see their | little logo on | the page when I found linkPoint If so - don't let their promise of | service and talk of them being one of the largest sway you. | | I have a list of clients that are incredibly unhappy. Although fairly | simple- roadblocks left and right. Customer Service departments are | horrendous. And to top it off - being a business man - reseller fees | happen to be a plus - Well they managed to scam me out of | about $1800 in | client referrals. | | So - horrible service, what I think as a non impressive | product. beware. | | Also - I had my own companies card processing go through them. They | conveintly had me lease the software - for $3500 for 3 years.. then | proceed to tell me that fairmarket was $2800 on the software | for buyout | - or I had to pay a cancellation fee - of about $400 - all | very gray in | the contracts. | | I tried to convert a Link Point account to an upgraded version - and | after 6 months of trying to get my account changed - I | finally gave up. | I mean - I was trying to UPGRADE | | On trying to cancel the service - they also were kind enough not | releasing my account for an additional 6 months - because I | did not send | the proper formated letter - When resolving it -they so happened to | delay it for enough weeks - where I missed this ridicoulous | cancellation | date ( one of those- on the 3rd monday of the 16 month of this year | prior to notifying us by this date type date) | | All in all - 2 years of bad service! *grin | | I have used authorize.net on 4 clients - affordable - | coldfusion really | easy to integrate with. Worth checking out. | Good Luck, | jay miller | | Lee Fuller wrote: | | Yeah.. I've noticed that it's fairly simple. | | Unfortunately, it tends to be expensive for the little guys | out there | -- which we seem to be running into a lot, these days. I've | looked at | SimplePay, and LinkPoint. They're much cheaper. But | question is.. Are | they as reliable and workable? | | Anyone have experience with these or others that they would like to | share? | | | -Original Message- | | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | | Sent: Friday, November 22, 2002 11:38 AM | | To: CF-Talk | | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Excellent product. Easy to use and setup. | | | | | | - Original Message - | | From: Lee Fuller [EMAIL PROTECTED] | | To: CF-Talk [EMAIL PROTECTED] | | Sent: Friday, November 22, 2002 11:14 AM | | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Quick thoughts, pitfalls, opinions? | | | | TTAIA | | | | | | | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http
RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
The only problem I have with that is the price for PayFlow. It's a bit pricey for the average little guy. By the time they get done paying for their merchant account, and then PayFlow, they're at nearly $100 per month. Pretty amazing price level for little guys. | -Original Message- | From: Jason Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 3:44 PM | To: CF-Talk | Subject: Re: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | Oh and a flash guy I have outsourced some work to - really good guy - | only worked with him a few times - had programmed and offers | a payflow | CF tag | http://www.optimal-media.com I believe - slightly | discouraging becuase | his site is throwing a cf error - but I know he is actively alwasy | working on his site. | | may be worth a quick look. | jay miller | | Chris Alvarado wrote: | | H here is a post I took from the bugtraq group on Google about | Linkpoint. | | NOTE: I AM NOT THE ONE THAT DID THIS INVESTIGATION. I just find it | interesting. | | | == Some Background == | LinkPoint is the name of the API that Card Service International | (one of the biggest online merchant account providers) uses for | communication between a merchant's servers and their credit-card | gateway. | | The LinkPoint client API communicates with the | credit-card gateway | using an SSL-based protocol. Authentication and encryption is | facilitated with x509 digital certificates (the same | ones that https | uses). | | You must provide the client with two pieces of | information for it to | authenticate to the gateway server. The first is what CSI calls | Store Name -- it's actually a six digit number. The | second is the | path to the certificate file they send you. | | | | == The Problem == | Although I have not discovered a technical (code) | security problem, | I | believe there is a serious procedural security problem | in they way | CSI initially sets up accounts. | | When you are approved for a CSI merchant account (or | even when you | are approved for a test account), CSI sends you two | emails. One of | the emails has the subject Welcome to LinkPoint API | (the other is | unimportant). This email contains two pieces of information: | | The gateway server's hostname | Your Store Name (the six digit number) | | Plus, they attach your certificate AND _private key_ to | the bottom | of | the message. The idea is that you copy and paste the | cert + private | key into a file for the client API to use when it connects. | | I don't think I need to spell out the problem any further for | everyone | on this list. Basically, they are sending all of the | information | you | need authenticate as a merchant through plain, | unencrypted, email. | | You would need a few more things to exploit this | potential security | hole. Namely, you would need the CSI API and some | knowledge of how | to use it. This appears to be an attempt at security through | obscurity. | | Also, you would obviously need a way to get the plain email | (sniffing, etc) | | Notes: * The digital certificates do not have a passphrase. |* The LinkPoint API documentation is publicly | available at: | http://www.cardservice.com/inetserv/lpapi.pdf | | | | == Card Service's Response == | My attempt to contact CSI lead to a phone call from the | Lead Senior Tech in the API Support department of CSI. | | Since I did not type this email while I was on the | phone, all of the | quoted comments bellow are from memory and probably aren't exact. | They are, however, pretty close to what was said. | | I spoke with this person for about ten minutes and was | not satisfied | with his response. This person's basic theme was It's never | happened | before and there are security precautions on the back-end. | | I explained to him that using the information in their email, I | could | pose as the merchant -- and after a while, he | reluctantly agreed. I | then asked him to clarify how that isn't a serious | security problem, | and he quickly responded with something along the lines | of lets say | you can pose as the merchant, what are you going to do?. I | responded | by saying I'd start posting refunds to my card and he said the | refund option has to be enabled per merchant. Next, I | told him I | could charge cards. His response to this was that | well, then you | would | be giving money to the merchant. | | I suggested to him that if I was a malicious user, I could charge | random cards with random amounts to the merchant's account. His | response: our backend would detect that. I asked for | clarification | and realized that the security he is talking
RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF Integration?)
Yep.. Not an option. WAY too pricey. Verisign really has gotten way too big for it's britches. .. just my .02 | -Original Message- | From: Joshua Miller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 12:34 PM | To: CF-Talk | Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro | and CF Integration?) | | | I've been using Cybercash WebAuthorize for a few years now | and it's pretty nice. Easy to get running with CF plus there | are ActiveX, C and Java APIs. I use the ActiveX version with | a tag from the DevEx. | | It's fairly pricey though, I think it was $5k for the software. | | Joshua Miller | Head Programmer / IT Manager | Garrison Enterprises Inc. | www.garrisonenterprises.net [EMAIL PROTECTED] | (704) 569-9044 ext. 254 (Voice Mail) | (304) 456-4942 (Home Office) | | | -Original Message- | From: Lee Fuller [mailto:[EMAIL PROTECTED]] | Sent: Friday, November 22, 2002 2:51 PM | To: CF-Talk | Subject: RE: Payment Gateways? (Was: OPINIONS: PayFlow Pro and CF | Integration?) | | | Yeah.. I've noticed that it's fairly simple. | | Unfortunately, it tends to be expensive for the little guys | out there -- which we seem to be running into a lot, these | days. I've looked at SimplePay, and LinkPoint. They're much | cheaper. But question is.. Are they as reliable and workable? | | Anyone have experience with these or others that they would | like to share? | | | -Original Message- | | From: Frank Mamone [mailto:[EMAIL PROTECTED]] | | Sent: Friday, November 22, 2002 11:38 AM | | To: CF-Talk | | Subject: Re: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Excellent product. Easy to use and setup. | | | | | | - Original Message - | | From: Lee Fuller [EMAIL PROTECTED] | | To: CF-Talk [EMAIL PROTECTED] | | Sent: Friday, November 22, 2002 11:14 AM | | Subject: OPINIONS: PayFlow Pro and CF Integration? | | | | | | Quick thoughts, pitfalls, opinions? | | | | TTAIA | | | | | | | | | | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm