Page 9 of 11

Re: Future store updates planned (backend)

Posted: Tue Sep 10, 2019 1:56 pm
by exxos
Got this from Stripe again..


With the Strong Customer Authentication (SCA) deadline coming up soon, here’s what to expect on Saturday, 14 September.

After announcements by many national regulators, we anticipate a phased enforcement of the new SCA requirements over the coming months. However, we do expect some European banks to start declining payments that aren’t SCA-ready starting 14 September.

Our information shows that you still need to make changes to your Stripe integration in order to prepare for SCA and help avoid an increase in declines starting 14 September. Updating your integration can require frontend, backend, and client bindings version changes, so we recommend that you begin updating your integration as soon as possible.

Once your integration is updated, we’ll dynamically start applying exemptions and authentication when required by the cardholder’s bank—taking into account each country’s enforcement timeline to minimise friction.

If you have any questions, please visit our support site for answers to common SCA questions and to get in touch with our support team.


The Stripe team

Then got this 2 hours later...

Important information

Are you preparing for new Strong Customer Authentication regulation?
Notice 19-L | 10 September 2019

We're writing to update you on some recent changes to the Strong Customer Authentication regulation, part of the Second Payment Services Directive which affects all businesses who take online card payments in the European Union (EU) and European Economic Area (EEA).
Last month, the Financial Conduct Authority announced a welcome 18 month extension to the 14 September 2019 Strong Customer Authentication deadline giving businesses, banks and online account providers more time to roll-out the next phase in fraud protection technology. Businesses like yours now have until March 2021 to become compliant.

At Sage Pay we've been working to minimise the impact for our customers by upgrading our systems to support 3D Secure. While we expect a gradual transition to SCA enforcement by banks and issuers across the EU, in time for the deadline, there are steps we recommend you start to take now to prepare your business.

Getting started with 3D Secure

If you are using our Form or Server integrations all you need to do is click activate in your My Sage Pay account to get started with 3D Secure version 1. For Pi or Direct integrations, you may need to undertake additional development to integrate your systems with 3D Secure.

What's more, Sage Pay customers can now have exclusive access to our new 3D Secure 2 test environment, giving merchants the opportunity to test how best to incorporate SCA compliance together with an improved user experience at checkout.

We'll continue to work closely with acquirers and issuers across the industry to confirm 3D Secure 2 timelines applicable to Sage Pay customers. You can check our support pages for regular updates on industry developments.

Why it pays to be protected

If you're wondering why you should act now, here are four reasons to make the change:

27% of consumers surveyed abandoned online transactions that lacked visible signs of security [Experian, 2018 Global Identity and Fraud Report]. Give your customers more security and build trust with an added layer of security.

Fraud losses on UK-issued cards totalled £671.4 million in 2018 [UK Finance, Fraud the Facts 2019 Report], with 3D Secure you'll have fraud liability protection saving you time and money on potential disputes.

Improve your checkout flow and customer experience with frictionless authentication. With 3D Secure 2 activated, the customer may not even realise authentication has taken place.

From 1 February 2020 issuers will begin to step up transactions. As SCA comes into force, banks will start to decline transactions that don't have appropriate authentication in place.

Looking for more information on SCA?

To help guide you, we've put together some frequently asked questions. From what SCA is and how it'll affect your business, to the steps you need to take to ensure your business is SCA ready.

Alternatively, if you can't find the info you're looking for, visit our support pages or contact us to talk to a member of our team.


Sage Pay Team

I guess I am not surprised. At least it takes the pressure off a bit to get my new store online and I can do more testing and code tidying before rolling out the new system.

Re: Future store updates planned (backend)

Posted: Tue Sep 10, 2019 7:21 pm
by exxos
On my current store I allow most accent letters such as å ä Ä ö .. Now with Sage they do not support such letters.. BUT.. They do seems to go through their system , but they do not display correctly during Sage checkout. They do come back to my system correct, so it shouldn't cause any problems as such. The odd exception for this is the first & last name fields. Which I couldn't get the accent letters to go though. I have mentioned this issue to Sage and awaiting a reply.

I have put in the store script to automatically remove any characters which will likely break Sage's system. Though I currently don't have any definite list of what will and won't break it. So if anyone finds any letters in any fields which cause a errors then please let me know and I will add them to the letter removal list.

In light of out of stock items which may happen during ordering. The stock levels are checked during and after your order automatically. If the system detects a discrepancy with stock levels, it will mark your order as "ON HOLD" while it is investigated. You will be notified in a email also. I think it's unlikely this will ever happen though.

The store is having some initial testing currently from start to end. I may be looking for some testers to try it out in about a weeks time.

Re: Future store updates planned (backend)

Posted: Fri Sep 13, 2019 10:13 am
by exxos
Really starting to hate worldpay. Not only are they trying to sneak in business accounts (which are charged) I am now getting emails about PCI compliance and fees..

Capture.JPG (45.07 KiB) Viewed 1630 times

I emailed Sage and they contacting Worldpay about it.
I have sent this query over to worldpay to contact you back as your PCI should be included as you signed up via sagepay for the simplicity plan with worldpay
So far Worldpay messed up my sign up with Sage which had to be fixed. The business account was pretty much sprung on me with no mention of it anywhere. Now I am getting PCI stuff which I remember them telling me there was going to be fees, but when I questioned it (was on the phone to them signing up) he butted in and said I don't need to worry about it as it was included. The whole point of having a "off site payment processor" is that you don't need PCI compliance :roll:

I remember years ago I hated Worldpay for some reason, but couldn't remember why. But I think its coming clear now :roll: I mean 2 huge companies I am having to deal with, and nothing is going right, and as usual it's me who ends stuck in the middle of it all trying to sort it all out when it shouldn't happen in the first place :( Worldpay seem to have no idea what they are doing at all
:headbang: :mad:


Back to this again..
Capture.JPG (50.16 KiB) Viewed 1626 times
I tried to cancel it, WTF ?

Reply back from Sage to ring worldpay so they can explain it all.. Well if getting PCI and being billed for it is how its going to end up I will likely cancel the account and be looking for some other payment processor who know what they are doing :roll:

Re: Future store updates planned (backend)

Posted: Fri Sep 13, 2019 10:48 am
by exxos
So rang worldpay, apparently its some £4 a year fee I don't have to pay, but still have to be PCI compliant else there be a £15 a month charge. They had not much clue and told me to ring another number for them to explain it.

I did look into PCI a while ago, I will look into it again, but this is just madness now. PCI is for taking card payments which I am not even doing :roll: Setting up a server firewall just ended in breaking loads of things to get the compliance. Even if I did jump though all the hoops, if the PCI requirements change , then I would have to go through it all again. Not thanks. It defeats the object of having a "off site" payment processor.

I will contact Sage again, but I've had enough of all this now. Neither company seem to really know what they are doing and I just can't deal with companies who operate like a loose cannon :roll:

If this is the shape of things to come, I think honestly I may well just dump all my items over to ebid and use their store system. Its not ideal, but I can't keep going around in circles with these companies like this. I've spent 3 weeks solid on it already and now its looking like I will be right back at square 1 again :(


Reply from Sage..
You always have to be compliant for PCI no matter who you use as the merchant bank, we just have an agreement with worldpay that there is no monthly charge for compliance as its usually a monthly fee but you still have to become compliant.

If you are not compliant with in the certain time then a non compliance fee is charged by the bank. I am afraid that’s the same who ever you use as the merchant bank as its rules set out by visa and mastercard in Europe
That makes no sense, I don't have these issues with Stripe. You only need PCI if you use their full integration checkout (which take the card numbers on your own site) which I do not do.


On stripes site...
The simplest way for you to be PCI compliant is to never see (or have access to) card data at all. Stripe makes this easy for you as we can do the heavy lifting to protect your customers’ card information
So exactly.. Worldpay are just talking rubbish.


OK so trying to jump though their hoops... takes me to this page ?!

2.jpg (52.62 KiB) Viewed 1607 times

Think I finally found the right page and ....

Oh what a surprise..

3.jpg (63.15 KiB) Viewed 1607 times

They sent me the login info in the first place :roll:

I'm going to see if I can bodge something up with Stripe somehow as this is just getting ridiculous. If its this much trouble signing up, whats it gonna be like when things are actually running ? :roll:

Re: Future store updates planned (backend)

Posted: Fri Sep 13, 2019 4:50 pm
by exxos
Sage have gone quiet, so I guess I guess "no reply" is my reply then :roll:

I'm looking into Stripe options again. One of the issues was this...

000.png (21.08 KiB) Viewed 1594 times

BUT, seems Stripes dashboard can send data to my server about the order which I didn't know until just. So I am knocking up some test scripts to see if I can figure it out.

How things are looking, I am pretty sure my account with worldpay and Sage will get canceled. No doubt I will get loads of cancelation fees. Though I thought Stripe's system was a mess, but geese, Sage & worldpay is a whole new level of mess. Sage's system isn't to bad overall, but when they use Worldpay which is just one problem after another... it doesn't give me much hope for Sage either.

I remember I had issues with worldpay years ago, but I couldn't remember what. Though the whole thing is just dealt with very poorly and the system is just beyond broken to keep messing about with it. Dealing with one company is trouble enough, but dealing with 2 seperate companies to take payments is just a nightmare I can do without. So in case of anyone on the web reading this, I just wouldn't bother with Sage, or any company which is merging with worldpay, it's just not worth the hassle.


I've got my test scripts for stripe mashed up and working.. also started to move the code over to my store code.

One good thing about the massive re-code, is I took into account moving to another payment processor... While sage and stripe operate totally different, I can re-use the way the store now works to chop and change code easier than before.

Re: Future store updates planned (backend)

Posted: Fri Sep 13, 2019 9:39 pm
by exxos
Emailed the guy again at Sage and asked to close my account. I rang up worldpay, but they say I need to contact accounts who are only there in the morning. So will see how this ends up. I've not used any services of worldpay or sage either. See how much this is all going to end up costing me for services I haven't even used yet :roll:

They seem to be getting a few bad reviews recently as well.

Will be glad when all this is closed down. It's just been a ongoing nightmare. It just constantly feels like your about to drive off a cliff with it all.

Re: Future store updates planned (backend)

Posted: Sat Sep 14, 2019 10:41 am
by exxos
Rang worldpay to cancel. They wanted to know why of course. I said its been a ongoing nightmare and said every step of the way there has been issues. I can understand one or 2 things going wrong, but even when Sage is in the mix, its ramping up issues rather quickly.

I had to email their loyalty address with the request also. The auto response says do not reply to the email as the main box is not monitored. So erm, why am I emailing info for them to close my account when they don't monitor the account ?! Worldpay really need to get their sh*t togther.

In relation to PCI compliance, they said its the same even if I sign up with cardnet or barclays etc. I said I don't get these issues with Stripe, but seems Stripe are different, I didn't catch exactly what she said as was talking so fast. But its good know that if I signed up with anywhere else, it have to be PCI compliant.. and yet, I am signed up with payacardservices and stripe who I don't need PCI for. It's like saying anyone who accepts paypal payments on their site needs PCI... AFAIK that's simply not true. It could be something to do with Stripe do not accept debit cards, AFAIK payaservices don't either.

She did say its a regulation visa and mastercard put into place, but its all over my head. In terms of stripe, you only need PCI if you store and process card information yourself, which I do not. They should make it more clear PCI is compulsory with these services. Stripe had some requirements to use their system, but really it was just to use HTTPS, which is understandable.

I asked what I would be charged, and 1 month fee of £15.. So I was going to get charged £15 a month ? For what exactly ? I know there was a monthly charge, but I understood it to be with Sage not worldpay. I need to check, but again, this sounds like I would be charged by both sage and worldpay.. so again more problems..

By the sounds of it, I got lucky really when I signed up with Stripe in not having to deal with all this nonsense. I wanted to move away form Stripe as the system no longer seemed to do what I wanted without PCI ( I now know better) but also support was going downhill with Stripe. Though after dealing with Sage and Worldpay, thats taking it to a whole new level of chaos.

If for some reason I could no longer use Stripe then I wouldn't want to go though all this chaos again, I would just close my online shop and people would just have to post cheques or cash to me or something instead. Or someone buys my entire stock, which is currently over £32,000 worth of goods. Hopefully things won't come to that, but you never know.

So I will continue to use Stripe and lesson learned to basically avoid any other payment processors, unless you want to deal with lots of PCI stuff and bad support that is.

Re: Future store updates planned (backend)

Posted: Sat Sep 14, 2019 11:35 am
by PhilC
Happy you now have a solid plan but can imagine how annoying it must be to have spent so much time just to end up back where you started.

What updates do you need to do now?

Re: Future store updates planned (backend)

Posted: Sat Sep 14, 2019 12:48 pm
by exxos
PhilC wrote:
Sat Sep 14, 2019 11:35 am
Happy you now have a solid plan but can imagine how annoying it must be to have spent so much time just to end up back where you started.

What updates do you need to do now?
Yeah royal PITA. I'm sort of at the point I was with Sage now. I gotta finish off the confirmation pages and stock script yet. Though I'm having to rip out loads of stuff because I no longer need to collect the billing address. I also found a couple more bugs in the store which I think are solved now.

Stripe sends a confirmation to my server directly, but I just had to bodge it with it dumping the data to a file on my server to make sure the scripts actually working (which it is) so ive got about another week worth of stuff to do :roll:

Re: Future store updates planned (backend)

Posted: Sun Sep 15, 2019 1:03 pm
by exxos
I remember PhilC saying the clear basket didn't work, but wasn't sure exactly what he meant.. I did forget to update the cookiename in the html.. The old store uses "exxoscookie" and the new store "exxoscookie2" because the basket contents are not compatible between the 2 store versions, I used a different cookie name.

Oddly though, clear basket always worked on my own pc.. but trying it on dawns pc, I have to click it several times before it clears.. bizzare.. AFAIK we are using the same version of chrome... so madness how it works on one pc and not another.

According to , cookies are normally deleted when the browser is closed when setting the exp date. Though I never had that issue, not even with the current store.. So I wonder how many others have actually been unable to clear basket...??

In anycase, the routine now clears the cookie data and also sets the exp time.. and that seems to work.. :shrug:

When the I first loaded the store on dawns pc, I added items to the basket, then viewed basket, and it said all the codes were invalid and it deleted them out... I don't know why it deleted valid codes, but a bug to keep in mind for my store testers... ive not been able to re-produce this issue.

I noticed there was a odd css fault where the store items on the main page would vary in width. This seemed to happen when images were not the normal 320px wide.. smaller images caused the main info box to be a few pixels wider.. this is odd as the placeholder for the images is a fixed size.. After much messing about , I managed to enter some odd width numbers where it seems to behave now. I think it may be relating to widths not been correct as the padding and borders for the boxes would upset the apparent total widths of the areas... So again something to look out for..

As mentioned somewhere before (there was another bug in fact) If you try to enter a quantity to buy, such as 50 items when there is only 1 in stock for example, the store will automatically change this to 1 item to buy. The same will happen in the basket. The message will display for about 3 seconds then it will simply report "1 item in your basket". This is very similar to how the old store worked.

However, If you have for example 10 items in your basket and leave it a few weeks where there is only now 9 items in stock. The store will now not automatically change the quantity but will inform you of the "out of stock" type situation. Then you have to wait for items to go back into stock, or adjust the quantity manually (or delete the item from your basket).

For people who awake, you will notice this behaviour is odd when it automatically adjusts quantities for you... This is because, the buyer may want 10 items and not want to order until 10 are in stock. So I am not forcing the basket to 9 items automatically. The buyer now makes the choice.

Also, the automatic quantity reduction can set the item to zero where zero is what is used to delete items from the basket.. So it would automatically delete items out of your basket, possibly without you noticing. For example, if someone orders a RAM upgrade and needs the cables, if both were in stock one day and the cables went out of stock, if they were deleted automatically, the buyer may forget about the cables and order the RAM kit.. not a good situation... Similar for those who sometimes order 10+ items, if a couple vanished from the basket, they may not notice, and simply think they forget to order them.

So to sum up, if your adding a new item to your basket, you cannot enter a quantity higher than what is in stock. BUT, if the item is already in your basket, it will stay at that number until you change it or delete it, or wait for items to come back into stock again. As before, you cannot checkout unless all the items you are trying to order are actually in stock.