Results 1 to 9 of 9
  1. #1
    Join Date
    Jun 2012
    Posts
    57
    Plugin Contributions
    2

    Default 3D-Secure: NOT PROTECTED???

    Just implemented PayPal Payments Pro and now when people pay with their credit card I'm seeing the following message in the comments section of their order on my admin page:

    3D-Secure: NOT PROTECTED
    ECI Value =
    CAVV Value =

    What is this? I didn't see anything in the configuration about 3D-Secure. Did I miss something?

    If they pay using PayPal, no such message.

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: 3D-Secure: NOT PROTECTED???

    It simply means that the transaction isn't protected by the 3D-Secure transaction protection coverage which PayPal offers.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jun 2012
    Posts
    57
    Plugin Contributions
    2

    Default Re: 3D-Secure: NOT PROTECTED???

    Should I be concerned that this is not provided? Is this something I need? Where do I find and configure it? I did a search of PayPal and did not find anything on 3D-Secure!

  4. #4
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: 3D-Secure: NOT PROTECTED???

    The information you posted suggests that the credit card used didn't qualify for 3D-secure processing, thus was irrelevant.

    Sounds like you don't know what 3D-Secure is. Some visa/mastercard accounts have a password associated with them, and in those cases the 3D-secure step is the thing which makes the customer enter the password they'd previously selected.

    References:
    Files already on YOUR own site:
    - your_site.com/vbv_learn_more.html
    - your_site.com/mcs_learn_more.html

    Wikipedia:
    - http://en.wikipedia.org/wiki/3D_secure
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jun 2012
    Posts
    57
    Plugin Contributions
    2

    Default Re: 3D-Secure: NOT PROTECTED???

    You are correct in that I am unfamiliar with what 3D-Secure is. Thanks for pointing me to available information on this.

    It seems however, there is some inconsistency in the implementation of this. For example:
    - In looking through older threads on this particular issue it would seem that 3D-Secure is only used for a UK based merchant store.
    - In looking through the code (paypaldp.php module), there is a check for the merchant being set to UK in all areas where 3D-Secure is used except where the message is generated for the order history.

    Based on this, one could conclude that the 3D-Secure is only for UK based merchants and that there is an error in the code causing the message to be generated for non UK based merchants. My store is US based.

    So now my question is, is 3D-Secure only for UK merchants? If so, then would adding the check for the merchant being UK based on line 868 of paypaldp.php module correct this issue? (Yes, I understand the code and can make the change if required). If not, then why does the code check for the merchant being UK based?

    Thanks!
    Last edited by batracy; 26 Mar 2013 at 07:32 PM.

  6. #6
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: 3D-Secure: NOT PROTECTED???

    PayPal only requires it for UK merchants who have opted to accept Mastercard-affiliated cards.
    Thus, yes ZC intentionally handles it only when in UK mode.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jun 2012
    Posts
    57
    Plugin Contributions
    2

    Default Re: 3D-Secure: NOT PROTECTED???

    Thanks! Appreciate the quick response!

    Is there any problem with editing the code so the message is not generated then?

  8. #8
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: 3D-Secure: NOT PROTECTED???

    probably no problem
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Jun 2012
    Posts
    57
    Plugin Contributions
    2

    Default Re: 3D-Secure: NOT PROTECTED???

    Ok, changing line 868 in module paypaldp.php from:

    if ($this->requiresLookup($order->info['cc_type']) == true) {

    to:

    if (MODULE_PAYMENT_PAYPALDP_MERCHANT_COUNTRY == 'UK' && $this->requiresLookup($order->info['cc_type']) == true) {

    I'll post here if this creates any problems.

    Thanks again for the help!

 

 

Similar Threads

  1. v139h 3D-Secure: NOT PROTECTED 1.3.9h
    By ksoup in forum PayPal Website Payments Pro support
    Replies: 3
    Last Post: 28 Jan 2013, 12:58 AM
  2. v150 Most admin pages not SSL protected
    By loggades in forum Basic Configuration
    Replies: 5
    Last Post: 12 Nov 2012, 08:33 PM
  3. Secure catalog pages not secure 1.3.9h
    By crichw in forum General Questions
    Replies: 1
    Last Post: 5 Apr 2012, 05:01 PM
  4. Replies: 9
    Last Post: 11 Mar 2012, 05:38 AM
  5. Login is not secure. How do I secure Login?
    By makenoiz in forum Basic Configuration
    Replies: 18
    Last Post: 12 Nov 2008, 10:00 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg