If you are accepting credit cards at your store then you need to think about security. The most commonly-recognised method of securing your site is called 'SSL' ('Secure Sockets Layer'). SSL protects your online store by ensuring that any information travelling between the web site and the customer is encrypted whilst in transit. You can tell if you are using an SSL connection, because a 'golden padlock' (or 'golden key') will appear in the browser window.
Obviously, the most important thing to secure is when your customers enter their credit/debit card information. If you are using a Payment Service Provider, then the PSP will automatically provide security for this (see What Is A Payment Service Provider? for more information). If you are using Actinic to capture credit/debit card information, then you need to organise your own security.
Select 'Credit card details captured for later processing' in the grid in 'Business Settings | Payment and Security'. Then click the 'Configure Method' button. In the 'Capture Method' area, there are three options:
· Standard SSL or unencrypted - If you have access to your own Secure SSL (https) server then select this option.
· Shared SSL: Several companies (including Actinic Software) will rent you space on their secure server on a monthly or annual basis for you to use to secure your customers' payment details.
· Actinic In-Built Encryption (Java Applet): Actinic also offers you the option of using a Java Applet for securing customers' credit card details. This method does not require SSL.
These options are discussed below.
This will configure all (or part) of your online store to start working under SSL. This will make some of your links in the store use https instead of http.
If you want to use this method for securing your site, you will need to ensure that SSL is set to 'On' in the main 'Payment and Security' tab. Otherwise, there will be no security used on the site for taking payments.
The options for SSL in the 'Payment and Security' tab are detailed below:
|
Field |
Meaning |
|
SSL On |
Select this option to start your online store working with SSL. |
|
Checkout pages and Customer Login only Actinic Business/Designer only |
Puts only the checkout pages and customer account login/verification pages in under SSL. |
|
Whole Site |
Puts all your on line shop pages on a site under SSL. The downside to this option is that all your product pages will be transferred to the buyer's PC using SSL. This will slow down the browsing speed. |
Note: Once you enable SSL, you will be able to click the 'Configure SSL Settings' button, which will take you to 'Web | Network Setup' where you can enter your settings. For more details, Editing Your Network Settings.
With this method, at the point the customer has to enter their credit card details they are transferred to a secure server (belonging either to Actinic or a third-party) where their credit cards details are captured securely. These details are then encrypted and finally transferred back to the server that has your online store on. You can then download the credit card details with the rest of the order details.
To register with the shared SSL provider of your choice you need to select the 'Shared SSL' capture method.
The settings in the 'Installed Providers' tab are described below:
|
Field |
Meaning |
|
Provider |
Select your Shared SSL provider. |
|
Click Here for Provider Registration and Information |
Click this link to sign up and get more information about the provider. |
|
Test Mode |
Leave this box selected whilst you place some test orders on the store to check it is working. You can de-select the box when you are ready to move into full production mode. |
|
User ID |
Once you move out of 'Test Mode, you can enter the user ID that the provider has assigned to you in this field. |
To register with a new provider that isn't in the list supplied with Actinic you need to 'Unlisted Provider' from the 'Provider' drop-down. You will then be shown the 'Unlisted Provider' tab. The settings within this tab are:
|
Field |
Meaning |
|
Test Mode |
Leave this box selected whilst you place some test orders on the store to check it is working. You can de-select the box when you are ready to move into full production mode. |
|
URL |
This will be the URL of the scripts that will operate the Shared SSL functionality. Enter the value given to you by your provider. |
|
User ID |
Once you move out of 'Test Mode, you can enter the user ID that the provider has assigned to you in this field. |
|
Script ID |
This will a number. Enter the value given to you by your provider. |
|
Script Extension |
This can normally be left as '.pl', but if necessary enter the value given to you by your provider. |
Note: While you are operating in test mode, your trial transactions are processed, but the credit card number is thrown out and replaced with zeros before the order is recorded.
Note: The look and feel of the Shared SSL credit card entry page is controlled by the Shared SSL provider, but you can maintain all the text on this via 'Design | Text (see Using 'Design | Text').
Note: The template for the redirect page (that takes customers to the Shared SSL site) is called 'Act_SharedSSLBouncePage.html'. This redirect page will automatically forward the customer to the secure site if JavaScript is enabled on their browser. If it is not, the customer can manually submit the redirect page by clicking a button on the page.
This method will provide a small Java applet in the checkout pages, which credit card details can be entered into. This applet encrypts the credit card details with bank-approved security levels.
You can use the applet without SSL, but this may put customers off buying at your store as most customers look for an SSL connection before they will believe a store is secure. You can, however, run the applet under SSL by selecting 'SSL On' in the 'Payment and Security' tab.