We recently had the opportunity to experience one of our customers Paybox a module with many security holes. We wanted to alert our readers to the fact that this module is available in the forums dedicated to Prestashop . It is also possible that the module by a provider, is one of those flaws.
These faults are not only unfortunate errors codes (such as a variable poorly protected), but beautiful and many errors in the construction of the module Prestashop. According to the manual that provides Paybox any user to communicate with the bank, some manners are not recommended.
With this in mind we have developed a module that meets the Paybox remarks that our clients throughout this article (module currently in production at some of our customers). We offer it for your PrestaShop store at a price of € 85, with updates and free support. We can also offer installation on your shop for 15 € extra. Simply we contact by mail or order directly from our shop .
How to tell if the module for Prestashop Paybox you are using has these flaws:
Just simulate a purchase on your store to reach the page: Choose your method of payment. When you are on this page, view the source code of the page (with the right mouse button).
Do a search on it, the following: form id = "paybox_form" if you get data like below to your form, is that your module Paybox is not secure:
<input type="hidden" value="1" name="PBX_MODE"/>
<input type="hidden" value="1999888" name="PBX_SITE"/>
<input type="hidden" value="98" name="PBX_RANG"/>
<input type="hidden" value="3" name="PBX_IDENTIFIANT"/>
<input type="hidden" value="19703" name="PBX_TOTAL"/>
<input type="hidden" value="978" name="PBX_DEVISE"/>
<input type="hidden" value="3;CP;01-10-09-22:06:47" name="PBX_CMD"/>
<input type="hidden" value="aa@a.com" name="PBX_PORTEUR"/>
<input type="hidden" value="pbx_amount:M;ref:R;pbx_auth:A;pbx_trans:T;pbx_error:E;pbx_sign:K" name="PBX_RETOUR"/>
<input type="hidden" value="POST" name="PBX_RUF1"/>
<input type="hidden" value="http://localhost/prestashop12/modules/paybox/validation.php" name="PBX_EFFECTUE"/>
<input type="hidden" value="http://localhost/prestashop12/modules/paybox/validation.php" name="PBX_REFUSE"/>
<input type="hidden" value="http://localhost/prestashop12/order.php" name="PBX_ANNULE"/>
</ Form>
Paybox you clearly recommends not doing that (A page 13 of their manual startup ). In fact you spend all your data in clear identifications and payments in your html page. A malicious person could then modify the data to pass a transaction or intercept data sent to the server Paybox. It would for example to change the amount for a much lower amount. The server will validate the transaction, and you accept an order with an amount lower than it should have. With this kind of practice if ever, you do not check out each of your orders, you will deliver your client for an amount different from what it should be.
Also in the installation package provided by Paybox there are a number of functions to use when returning information Paybox to your store, but this is not the case in the module.
Functionality of the module for Prestashop Paybox:
For those unfamiliar with the usefulness of a module Paybox: Paybox Install a module for your shop, you can accept transactions from your customers by credit card on your shop. This gives you a secure TPE to interface between your shop and your bank. The subscription contract with Paybox will not relieve you of the obligation to have a contract with your bank merchant account.
What are the advantages to using Paybox:
- The contract Paybox TPE is more easily accessible, even for small shops, as your bank (unless you are asked warranty and service).
- You can switch from one bank to another for free (after signing a contract with the correspondent bank VAD).
- The interface for entering bank details in Paybox is highly customizable (colors, logos, font, buttons).
- Ability to accept beyond the bank card (VISA & MASTERCARD), more than 15 payment methods (Amex, Diners, JCB, E-CB, Cofinoga, Sofinco, Finaref, Aurora, 1Euro.com, PayPal, Gift Card, payment "n" times, Quasi Cash, CUP card, ...).
Paybox pricing module for Prestashop:
To get an idea of what will cost you the implementation of this module to your Paybox Prestashop, we have listed the prices of foundation:
- Commissioning costs: 390 € HT
- Monthly subscription (with 100 transactions included): 23,74 € HT
- Additional transaction: 0,069 € HT
- Access to proprietary cards or payment in 3 installments: € 8.96 each Ht
These rates are those of 2009, we must add to those you ask your bank in your contract VAD.
Conclusion:
We are not here to criticize a module using these methods, let alone their authors. This article is intended to warn our readers, users of this type of module that must be quickly replaced by a module Paybox Prestashop more secure. It is essential when working with payment modules for your shop, to thoroughly check the safety level of these.
With this in mind we have developed a module that meets the Paybox remarks that we made along this article (module currently in production at some of our customers). We offer it for your PrestaShop store at a price of € 85, with updates and free support. We can also offer installation on your shop for 15 € extra. Simply we contact by mail or order directly from our shop .
- Paybox Prestashop: 25% off your opening contract Paybox + 100 transactions available Feel free to sign up for RSS feeds do not miss any article.Module Paybox We offer very competitive rates Paybox Module and its installation for 100 € . Installation is performed within 48 hours. You can order ...
- Free module, to sell items in your PrestaShop store, your Facebook account Feel free to sign up for RSS feeds do not miss any article. A new version of the application is available, please visit this page: http://www.magavenue.com/blog/application-facebook/shopializable-facebook-installation Noa 's approach, the team is proud Magavenue offer you: a module ...
- Prestashop: Warning, your templates are easily copiable Feel free to subscribe to the RSS feed to not miss any article.For customize your PrestaShop store, you need to create or buy a theme. These themes are more commonly called "templates". To treat the code of these themes, ...
Items on the same subject:
Keywords:
CB , payment , Paybox , Prestashop , settlement
I do not know what they say, but it is indeed not our style
yes this is the module I posted on the forum
seen what he is and especially what he says it would have actually bothered to see the module that I put online for free paid version.
except thank you for the information on the recommendations Paybox.
Hello Vincent,
I do not know if this is your module. We saw one of our customers who told us he had found on the forum.
Even if the payment error is mentioned, these are problems in addition to the manager. Word of one against the other, how to prove the customer to change ...
And hey, if Paybox not recommend this method is that problems have been or may happen.
On the module that we propose is a module developed completely from scratch with our hands, validated by Paybox and used by many customers.
Do not worry, we do not make money on your module
Hello,
Prestashop forum member pointed out to me that your article mentioned indirectly the module that I put online for free on the forum.
In principle, there are no worries on that note I want to say that if we modify the amount, the order will be in error and that payment therefore the merchant realizes the attempt.
After regarding payment information, I do not all need ways they have of confidential (it's like a RIB).
On the module you are proposing, is it a trend that I've uploaded a module or start from scratch?
Vincent.