Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

Using PayPal "Block Non-encrypted Website Payment" Option

by

Tips and Tricks HQ Support Portal Forums WP eStore Forum WP eStore General Questions Using PayPal "Block Non-encrypted Website Payment" Option

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 7, 2012 at 11:49 am #6255
    Scene13
    Member

    For security purposes, my PayPal website options are set with the “Block Non-encrypted Website Payment” on — which requires that any PayPal button used on my site must be set as encrypted.

    Another plugin that I am using on the site includes an option to create encrypted PayPal buttons. Is this possible currently with WP eStore? If so, how can I do it?

    If it is not possible to encrypt WP eStore PayPal buttons, I will need to turn off the option on my PayPal account, which I would rather not do.

    Thanks much.

    May 7, 2012 at 1:37 pm #44808
    wzp
    Moderator

    The purpose of having encrypted PayPal buttons is to prevent spoofing of transactions.

    https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments

    Under this system, transactions are blindly submitted, without any further verification checks.

    eStore uses PayPal’s IPN feature to verify the integrity of all submitted transactions, the use of encrypted buttons is not necessary.

    https://support.tipsandtricks-hq.com/forums/topic/security-vulnerability

    In fact, because eStore verifies the transaction’s integrity, after it is submitted to PayPal; this is considered a better business practice than blindly relying on a single encrypted transaction submital, without verification.

    Basically, when you use eStore, you don’t have to worry about your button security (all these are taken care of for you). More details about this here:

    http://www.tipsandtricks-hq.com/ecommerce/wordpress-ecommerce-knowledgebase-523

    https://www.youtube.com/watch?v=xl7HMsqCNPQ

    May 15, 2012 at 8:47 pm #44809
    Roger MacRae
    Member

    why not use both though. Then we have multiple layers of security

    May 16, 2012 at 2:04 am #44810
    wzp
    Moderator

    You can’t use encrypted buttons when you are submitting item information from a cart. This is the same for all cart plugins (not just eStore).

    The point of security is to manage risk. The risk we are managing is… “that someone will try to get a five finger discount.”

    PayPal provides two independent methods for preventing this; encrypted buttons and IPN. With eStore, we have chosen the IPN method, because it provides a verifiable way to ensure the proper transaction took place. To implement both would be redundant; because in the end, the IPN verification takes precedence over whatever was transmitted to PayPal.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.