We recently had the opportunity to learn from one of our customers Paybox module with many security vulnerability. We wanted to alert our readers to the fact that this module is available in the forums dedicated to PrestaShop . It is also possible that the module provided by a service provider, has one of these flaws.
These issues are not only unfortunate errors codes (such as a variable poorly protected), but beautiful and many errors in the construction of the module Prestashop. According to the manual provided Paybox any user to communicate with the bank, some manners are avoided.
In this context we have developed a module that meets Paybox remarks we do along this section (module currently in production at some of our customers). We offer it for your PrestaShop store price of 85 €, with updates and free support. We can also offer installation on your shop for 15 € extra. You just have to contact by mail or order directly at our shop .
How do I know if the module Paybox Prestashop you are using has these faults:
Just simulate a purchase on your store to get to the page: Choose your payment method. When you are on this page, view the source code of the page (with the right mouse button).
Do a search on it, the following: form id = "paybox_form" if you get data like the one below for your form, your module is not secure Paybox:
<input type="hidden" value="1" name="PBX_MODE"/>
<input type="hidden" value="1999888" name="PBX_SITE"/>
<input type="hidden" value="98" name="PBX_RANG"/>
<input type="hidden" value="3" name="PBX_IDENTIFIANT"/>
<input type="hidden" value="19703" name="PBX_TOTAL"/>
<input type="hidden" value="978" name="PBX_DEVISE"/>
<input type="hidden" value="3;CP;01-10-09-22:06:47" name="PBX_CMD"/>
<input type="hidden" value="aa@a.com" name="PBX_PORTEUR"/>
<input type="hidden" value="pbx_amount:M;ref:R;pbx_auth:A;pbx_trans:T;pbx_error:E;pbx_sign:K" name="PBX_RETOUR"/>
<input type="hidden" value="POST" name="PBX_RUF1"/>
<input type="hidden" value="http://localhost/prestashop12/modules/paybox/validation.php" name="PBX_EFFECTUE"/>
<input type="hidden" value="http://localhost/prestashop12/modules/paybox/validation.php" name="PBX_REFUSE"/>
<input type="hidden" value="http://localhost/prestashop12/order.php" name="PBX_ANNULE"/>
</ Form>
Paybox recommend strongly not to do this (on page 13 of their manual startup ). In fact you spend all your data in clear identification, and payments in your html page. A malicious person could then modify the data to place a trade or intercept the data sent to the server Paybox. It would suffice such as changing the amount for an amount much lower. The server will validate the transaction, and you accept an order with an amount lower than it should have. With this kind of practice if ever, you do not check out each of your orders, you deliver your customer, for an amount different from what it should be.
Also in the installer provided by Paybox there are a number of functions to use when returning information Paybox to your shop, but this is not the case in the module.
Functionality module Paybox Prestashop:
For those unfamiliar with the usefulness of a module Paybox: Paybox Install a module for your PrestaShop store, you can accept transactions from your customers by credit card on your PrestaShop store. You benefit from a TPE to secure the interface between your store and your bank. Signing a contract with Paybox will not relieve you of the obligation to have a contract merchant account with your bank.
What are the advantages of using Paybox:
- The contract TPE Paybox is more easily accessible, even for small shops, as your bank (you are required under warranty and seniority).
- You can switch from one bank to another for free (after signing a contract with the correspondent bank VAD).
- The interface for entering the coordinates in banking Paybox is highly customizable (colors, logos, font, buttons).
- Ability to accept beyond the bank card (VISA & MASTERCARD), more than 15 methods of payment (Amex, Diners, JCB, E-CB, Cofinoga Sofinco Finaref, Aurora, 1Euro.com, PayPal, Gift Card Payment in "n" times, Quasi Cash Card CUP ...).
Pricing module Paybox Prestashop:
To get an idea of what you will listen to the implementation of this module on your shop Paybox PrestaShop, we have listed the prices of basics:
- Startup costs: 390 € HT
- Monthly (with 100 transactions included): € 23.74 HT
- Additional transaction: 0,069 € HT
- Access to proprietary cards or payment in 3 installments: 8,96 € each Ht
These rates are for the year 2009, we must add to those you ask your bank in your contract VAD.
Conclusion
We are not here to criticize a module using these methods, much less their authors. This article aims to inform our readers, users of this type of module must be quickly replaced by a module Paybox Prestashop more secure. It is essential when using modules of payment for your shop, check carefully the security level thereof.
In this context we developed a module that meets the Paybox remarks we made along this section (module currently in production at some of our customers). We offer it for your PrestaShop store price of 85 €, with updates and free support. We can also offer installation on your shop for 15 € extra. You just have to contact by mail or order directly at our shop .
- Free module, to sell items from your shop Prestashop on your Facebook account Feel free to subscribe to RSS feed to never miss any article.Noà 's approach, the team Magavenue is proud to offer: a module to view the catalog for your PrestaShop store on your Facebook account. Your friends ...
- PrestaShop: Configure and install the PayPal module Feel free to subscribe to RSS feed to never miss any article.Même though today the majority of consumers use the net credit card, some customers are timid when to seizure of bank, especially ...
- PrestaShop: Beware, your templates can be easily copied Feel free to subscribe to the RSS feed to never miss any article.Pour Prestashop customize your store, you need to purchase or create a theme. These themes are more commonly called "templates". To address the code of these themes, ...
Articles on the same subject:
Keywords:
CB , payment , Paybox , PrestaShop , regulation
I do not know what they say, but it is indeed not our style
yes this is the module that I posted on the forum
seen what he is and especially what he said I'd have actually bothered to see the module that I posted a free subscription version.
Otherwise thank you for the information on the recommendations Paybox.
Hello Vincent,
I do not know if this is your module. We have seen in one of our customers who told us he had found on the forum.
Even if the payment error is mentioned, these are problems in addition to the manager. Word of one against the other, how to prove that the customer to modify ...
And hey, if Paybox not recommend this method is that problems have been or may happen.
On the module that we propose is a module developed completely from scratch with our hands, validated by Paybox and used in many clients.
Do not worry, we do not make money on your module
Hello
A forum member pointed out to me prestashop your article mentioned indirectly module that I put online for free on the forum.
In principle, there are no worries on that note I wish to state that if you change the amount, the order is in error so that payment and the merchant will appreciate the attempt.
After regarding payment information, I do not all need ways that they have confidential (it's like a RIB).
On the module you are proposing, is it a trend that I posted a module or starting from scratch?
Vincent.