Results 1 to 7 of 7
  1. #1
    Join Date
    May 2012
    Posts
    13
    Plugin Contributions
    0

    Default incorrect payment module

    Hello - we are currently experiencing the bug listed in this thread http://www.zen-cart.com/showthread.p...odule-selected

    customer will put the order through our site and pay with sagepay payment module, but when we check in admin, sagepay never processed any transaction and the payment method is shown as "invoice".

    we are running zen cart 1.3.7, i know i need to upgrade, but at this time it is not possible - so is there any way to patch this bug without having to upgrade?

    Thanks

  2. #2
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: incorrect payment module

    Quote Originally Posted by bigduffeye View Post
    we are running zen cart 1.3.7, i know i need to upgrade, but at this time it is not possible
    These are "Famous last words" before you are given no choice.

    Do you think the hackers care that this is an inconvenient time for you?

    Is your web host willing to keep maintaining an old version of PHP because the current versions are incompatible with your current ZenCart installation?

    Either of these events can happen at any time, without warning. Your site *will* fall into a heap, and it is twice as hard (at least) to recover/restore from either event than it is to perform the upgrade.

    These days you'll get no sympathy from anyone if you find yourself in this situation.

    Cheers
    Rod.

    ps. Although there are security and PHP compatibility patches available for these old versions I don't know if there are patches for the payment issue or not. Either way, there's so much 'patching' required, and upgrade really is the easiest solution to this, and many other problems.

  3. #3
    Join Date
    May 2012
    Posts
    13
    Plugin Contributions
    0

    Default Re: incorrect payment module

    thats the exact response i was expecting!

    at least this might open the bosses eyes as to how seriously we need to upgrade.

  4. #4
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: incorrect payment module

    Quote Originally Posted by bigduffeye View Post
    thats the exact response i was expecting!

    at least this might open the bosses eyes as to how seriously we need to upgrade.
    MOST "bosses" haven't a clue about how their site's work - nor do they appreciate that maintaining them (particularly eCommerce) is VITAL for business efficiency and customer security.

    Stick your neck out and show your boss this post...

    UPGRADE NOW before you suffer serious hacks and the possibility of customer data being compromised. This will be VERY EXPENSIVE to fix! Anything up to THIRTY TIMES MORE COSTLY than an upgrade.
    19 years a Zencart User

  5. #5
    Join Date
    Jan 2007
    Location
    Australia
    Posts
    6,167
    Plugin Contributions
    7

    Default Re: incorrect payment module

    Quote Originally Posted by bigduffeye View Post
    thats the exact response i was expecting!

    at least this might open the bosses eyes as to how seriously we need to upgrade.
    If that isn't enough to convince them, you could also try the legal argument.

    Specifically, they are currently running a site with well known exploits that can lead to the leaking of their customers personal data (Names, addresses, phone numbers, products purchased, and in some cases, even their Credit Card details).
    Unless they take immediate action to rectify the problem they could be held legally liable for any damage (or perceived damage) as a result of the leakage of this personal information.
    Simply put, they have a legal responsibility to ensure that their customers data is secure.

    They *may* get away without penalty if they are unaware of the expoit(s), but now that they are aware of it, they have no excuse. If they are unable to protect their customers data they *must* take the site offline to protect both themselves and their customers.

    The relevant law falls under "Duty of care" in most countries.

    Regards
    Rod. (adv dip network security)
    Last edited by RodG; 18 Apr 2013 at 07:10 AM. Reason: typos

  6. #6
    Join Date
    Jun 2005
    Location
    Cumbria, UK
    Posts
    10,262
    Plugin Contributions
    3

    Default Re: incorrect payment module

    Quote Originally Posted by RodG View Post
    If that isn't enough to convince them, you could also try the legal argument.

    Specifically, they are currently running a site with well known exploits that can lead to the leaking of their customers personal data (Names, addresses, phone numbers, products purchased, and in some cases, even their Credit Card details).
    Unless they take immediate action to rectify the problem they could be held legally liable for any damage (or perceived damage) as a result of the leakage of this personal information.
    Simply put, they have a legal responsibility to ensure that their customers data is secure.

    They *may* get away without penalty if they are unaware of the expoit(s), but now that they are aware of it, they have no excuse. If they are unable to protect their customers data they *must* take the site offline to protect both themselves and their customers.

    The relevant law falls under "Duty of care" in most countries.

    Regards
    Rod. (adv dip network security)
    There's a huge court case going on in the USA right now over this very subject.

    Bigduffeye... show this to your boss:

    In December 2010 Genesco had announced that it was the victim of a data breach involving packet-sniffing software on its network, but the retailer claims no evidence was uncovered that the hackers actually stole any card data during the attack. Fast-forward to earlier this year, when Visa fined Wells Fargo and Fifth Third Financial, two transaction processing firms that Genesco uses, over $13 million for noncompliance with PCI standards. The financial firms in turn took the fine money from Genesco's accounts.

    Do a Google search on Genesco vs Visa
    19 years a Zencart User

  7. #7
    Join Date
    Jan 2007
    Location
    Los Angeles, California, United States
    Posts
    10,023
    Plugin Contributions
    32

    Default Re: incorrect payment module

    Quote Originally Posted by bigduffeye View Post
    i know i need to upgrade, but at this time it is not possible
    why??????? Seems silly for your bosses to risk their business over a clear security issue..
    My Site - Zen Cart & WordPress integration specialist
    I don't answer support questions via PM. Post add-on support questions in the support thread. The question & the answer will benefit others with similar issues.

 

 

Similar Threads

  1. Replies: 1
    Last Post: 12 Dec 2014, 05:37 AM
  2. v150 UPS Module Rates Incorrect Under 20lbs.
    By RedDawg1 in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 23 Sep 2012, 02:41 PM
  3. FEDEX 1.4.5 Module calculates incorrect Shipping Weight
    By sgt_slaughter in forum Addon Shipping Modules
    Replies: 1
    Last Post: 21 Feb 2010, 07:01 PM
  4. Australia Post Shipping Module coming up with incorrect costs
    By jazzah in forum Addon Shipping Modules
    Replies: 2
    Last Post: 13 Dec 2007, 05:23 PM
  5. USPS module - incorrect quote for Parcel
    By Red Sonja in forum Built-in Shipping and Payment Modules
    Replies: 2
    Last Post: 27 Jun 2007, 07:54 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR