Welcome, Guest ( Customer Panel | Login )




 All Forums
 VPCart Forum
 Add-ons for VP-ASP
 ssl certificate & anz egate
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

hpride
Starting Member

11 Posts

Posted - October 27 2010 :  22:15:32  Show Profile  Reply with Quote
Recently I completed our PCI DSS compliance after signing up with Comodo and it turns out we didn't actually need to scan our websites for vulnerabilities because all our card processing for our web sites is done on our banks servers (the ANZ eGate payment gateway add on). I asked the representative at ANZ, who handles PCI compliance, if we still needed SSL certificates, to which he said no. He said we only needed an SSL certificate to handle sensitive information (credit cards, passwords, birthdays etc) which confirmed what I had originally thought...

Why won't our site process orders without SSL certificates if the security of the transaction is provided by ANZ?

I'd appreciate if anyone knows the logic behind this.

Anthony

diegomilito
VP-CART Expert

Argentina
779 Posts

Posted - October 28 2010 :  02:46:46  Show Profile  Reply with Quote
you need the SSL (secure layer) in your site to secure the customer entered card numbers, etc.. to pass to ANZ egate. if you do not have SSL, the customer's private infomation can be stolen in the middle before send to the ANZ egate.

Diego.

Go to Top of Page

hpride
Starting Member

11 Posts

Posted - October 28 2010 :  18:05:36  Show Profile  Reply with Quote
Hi Diego

Thanks for your comment. However the credit card details are not "passed" to ANZ. The credit card details are entered on ANZ's eGate payment screen, after the redirection. Then the only information that's passed back to our site is a confirmation of success or failure, with a successful transaction having a transaction ID and approval number.

I wouldn't call that sensitive information.


Anthony
Go to Top of Page

support
Administrator

4679 Posts

Posted - October 29 2010 :  00:46:29  Show Profile  Visit support's Homepage  Reply with Quote
Hi Anthony,

Is your site actually not working or have you been told you need SSL for the gateway?

If you have been told you need SSL then this is possibly not correct but is dependent on the gateway itself. Some gateways demand that the site itself for some reason be covered by SSL as well even though no data is transferred.

If not working then it may be an idea to submit a ticket into our helpdesk so our support team can investigate for you.

Thank you.

Cam Flanigan
VP-ASP Cart Support

Follow us on Twitter:
http://www.twitter.com/vpasp
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000
0 Item(s)
$0.00