Hi Rod,
Our paths have crossed before, back in 2013 I believe.
I think you kindly did the Zen Cart e-Path plugins for us, or updated them. You may remember we offered to pay you for your help but you suggested we make a donation to the Zen Cart team. Nice of you. I then made a $5 USD donation for every individual customer of ours that we were aware was using Zen Cart as their shopping cart. Quite a lot of little $5.00 USD donations made over a two day period as DrByte may like confirm. It is important for me to let you know we did the right thing and honoured your wishes.
Anyway, back to the matter being discussed.
Sounds like it has slipped your mind about how e-Path works. We are a manual payment gateway and thus a little unique so you are forgiven ;)
No credit card data is entered on any Zen Cart site, no credit card data is transmitted anywhere. We create individual gateways for each client of ours located on our PCI compliant and THAWTE SSL protected servers. No sharing any payment pages either, with us each customer has their own unique and exclusive payment gateway system, individual and exclusive encryption system and directory on our servers. They "own" their gateway on our servers. Data encrypted on their gateway is theirs and can not even be read by us.
So, I wholeheartedly agree with you about the safest place for customers to enter their CC details. As you eluded to this negates the need for PCI compliance on the source Zen Cart site because credit card data is not being stored, transmitted or processed on the site. The Zen Cart site never even sees CC data, and as you rightly say this means the Zen Cart doesn't really need SSL.
However, in relation to the browser warning - I am talking about a completely different browser warning to the one you are talking about.
The one I am talking about pops up when the customer is being auto returned from a secure (https) site where there is data attached and being also returned via POST method back to a non-secure location (http) location.
Our team did a test on "websmith's" Zen Cart website as part of our investigation in to this issue and this is the actual screen capture of the exact warning (this one from Firefox) displayed after e-Path sends the 'customer' back automatically to "websmiths" Zen Cart. Instead of Zen Cart receving the customer back, this is the pop up warning displayed instead ...
(see attached image below)
The information the warning refers to relates to basic data like the order number, the date, customers email address etc., which e-Path is returning back to the Zen Cart software.
When his customers see this warning it is highly probable many will click "Cancel" which means the customer has just stopped himself/herself from being received back by his Zen Cart which in turn means his Zen Cart does not record the order ... which he then blames e-Path for!!
This warning does not happen if the data is being moved from a secure location to another secure location, hense us more than keen to help "websmith" to get an SSL installed on his site so people go back to his Zen Cart without any issue at all.
But granted, if an SSL is installed on his site but his site is not correctly configured to operate under SSL (for example he may be calling images in by http) then there will be those warnings you talk about which could mean more trouble.
Ragards
Peter Thwaites
Bookmarks