uShop English (U.S.) for 179!

uStorekeeper English (U.S.) for 149!

 Tech Support
       Support Policy
       Knowledge Base
       Reference Sites
       Software Piracy
       Legal Notices
       Privacy Policy
       Reseller Info
       Contact Us
       Site Map Security Issue. PW only mode?

Knowledge Base Lobby : uShop Support Conference : Problems with trying to Place Orders
Aug-17-18 01:43 PM EST
Original Message Security Issue. PW only mode?
Author Gary Torello on 03-27-2002 at 14:24 (EST)

We use as our gateway and, due to some hacking attempts, would like to set our gateway to "password only" mode.

This means however, that the uShop cart would need to pass the Merchant password encrypted via ADC to

We don't see this as an option.. is it possible?

A little history regarding the latest scam:

Without in PW only mode, Hackers EASILY send "authorize only" reguests DIRECTLY to for small sums like $0.01, using your username (which is routinely kept non-encrypted by many shopping carts).

These "Authorize only" requests are purely to determine if the card/cardholder data is good.. and since no money is being withdrawn or charged to anyone, there are NO security checks by

The problem is the Merchant gets stuck with the small per transaction fee for every one of these. (around 35 cents and another .35 from the Merchant Account Provider). Unfortunately this seems to be BIG business.. we had over 500 of these pumped thru our gateway in the space of 1/2 hour! ..complete with Cardholder names, address, etc... (transaction costs were over $700!)

Well.. I don't want to scare anyone.. but after LENGTHY discussion with, the conclusion is if you use in anything but PW ONLY mode, you're vunerable... and they WON'T refund you any transaction fees, since the *have* provided a secure means: PW only.

OK.. RANTS OVER.. any help available on this??


Table Of Contents
  RE: Security Issue. PW only mode? Bill Weiner, 2002-03-28 06:54:54 (1)
            RE: Security Issue. PW only mode? Gary Torello, 2002-03-29 18:22:17 (2)

Messages In This Discussion
         1. RE: Security Issue. PW only mode?
        Author Bill Weiner on 03-28-2002 at 06:54 (EST)
Hmmm... that does sound like a flaw with Authorize.Net. They should just add some feature on their Authorize.Net control panel to disable "authorize only" requests from the web. Anyway, we'll look into it some more. By the way, do they have any additional documentation about that on their website?
                 2. RE: Security Issue. PW only mode?
                Author Gary Torello on 03-29-2002 at 18:22 (EST)
Sorry Bill, that's MUCH too easy a solution to expect to implement [sarcasm intended] besides.. might be admitting to a flaw!

I've checked their docs and couldn't find anything more specific about this. Although perhaps as a developer you might have some luck in discussing the issue with them... I've probably worn out my welcome screaming about refunds.

FWIW, I have used other carts in the past(MIVA in particular) that I beleive could pass the PW to A.N - but I DON'T want to change. I like the simplicity of uShop for what we're doing.


© 2003 Microburst Technologies, Inc.