All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SCA to be effective as of September 14th - CC/PP to require 2FA
As of September 14th European law dictates 2FA when paying with CC or PayPal online. This means if you are a provider you should be looking to support this soon. Maybe some Blesta module needs an update? Even if the most part is probably on the payment processor to implent this, It must be implemented with payment gateways and often your billing system too. It’s nothing your bank does for years. It’s a new regulation, SCA, and it will change how the authorisation works across the entire payment industry in September. Whoever is not compatible with SCA will see their payments declined (according to Clouvider).
https://150sec.com/new-eu-e-commerce-payment-rules-all-you-need-to-know/11273/
Comments
I guess WHMCS will handle this for us, we're using PayPal, Stripe and GoCardLess, all officially supported by WHMCS.
This new law sucks so much. My bank forces me either to use their shitty app (only android and iOS) or buy a code generator for 30€.
I hear ya. My bank's app (which I didn't use so far) is rated poorly on playstore and is described as buggy and non-functional. Gotta love that.
Its insecure as I can tell, compared to the method used before, which was you get lists of codes send to you and you need to use one and auth the transaction. Instead of using the same PIN everytime.
Damn. My bank doesn’t really use Verified by Visa anymore (it shows the page but automatically redirects without any further prompts) but rather their own ‘system’:
What about automated payments? Do I have to do 2FA every month?
Nobody knows yet.
If it only was for buying goods online with my visa.. but now they will force me into using their app for simple money transfers to other accounts. So no way for me to avoid buying their silly 30€ generator or using their silly app.
How can an app be more secure than the good old paper TAN list.
merchant initiated transactions
and recurring transactions are exempt, somehow. I suppose it must be enforced on the first transaction (otherwise fraudsters would just claim it is a recurring payment)WHMCS is cutting it fine with being ready on time - 7.8 is at release candidate stage still and contains the required upgrade to Stripe elements. Hope they hurry up!
Have no fear, WHMCS charges $1.50/month for account 2FA acccess! I am sure payment 2FA will cost $3.00/month!
Did I just hear CPanel 4.0?, must be a bug.
Hello,
I am pleased to inform you that 2FA for cPanel accounts will cost an additional $0.05 per account.
Seems like most companies figured, that the DLC model prints the most money.
You sure? I remember the first time using said card on Cineplex, it redirected me to Verified by Visa and requested my information. Afterwards, everytime it redirects to Verified by Visa, just redirects and approves the transaction, not that movie tickets were suppose to be expensive to start with.
I gotten those text message things from a different bank for an etransfer before however.. Replying Y didn't work however..
Haha for sure!!! Its just ridiculous. Just another way for them to profit from us.
interesting how this thing will work out if customers are paying by cards through Paypal?
Yeah — I’ve entered my information once before and it just redirects for me now as well.
As for replying “y” to transactions: you need to try the transaction a second time after the SMS message.
I hate per-site apps. We have web browsers, which liberated us from the idea of having a different program to do every single task. The smartphone era where every web site wants to have its own app is Windows 3.1 thinking.
Apps easier for the majority of users. Less work on their part.
How so?
Etc.
@raindog308
Html isn't all rosy. Browsers are extremely fat and bloated (or virtually useless) and highly insecure.
But I'm also not with @Hxxx because I think that for most users "apps" in the browser are the most "natural" and normal way of interaction.
As for 2FA I don't care. It's just security theater like most wide-spread or demanded by law "security" - as plenty ridiculously broken banking apps, anti-virus, etc clearly demonstrate.
For the sake of fairness: with modern societies rapidly walking towards idiocracy good 2FA is hard to do and bad 2FA has already been broken (e.g. sending codes via SMS).
I find it funny btw. that millions of people don't hesitate to spend $30 or even more per year on snakeoil like anti-virus but are unwilling to spend 50$ once for reasonable security (if available. many banking apps suggest that those would be poor too).
So what? Amazon, ebay, etc flourish
P.S. Why is 2FA via SMS broken? Because politicians and large corporations agreed that extremely lousy security was the right thing to do. Why has TLS such a poor track record? Because founding let's encrypt and giving away
security illusion, err, certificates away for free is cheaper than doing PKI properly plus it pleases the large (clueless) majority.TL;DR: We are having problems because either democracy per se doesn't work or because we the people (most of us) are too stupid for democracy, sorry..
Guess again. Especially if you are auto-charging cards on file.
What do you mean?
You need to indicate through API that you intend to use card for recurring payments and that needs to go through 3DS2, otherwise when it's rolled in - your recurring transactions will decline automagically.
And won't WHMCS be able to do that?
I believe this is something that is not solely up to WHMCS to work and be implemented correctly. Could be wrong though.
They don't charge anymore for two factor auth (time-based tokens) in WHMCS 7.8
Source: https://preview.whmcs.com (Free Two-Factor Authentication)
There are other forms of 2FA though - my employer requires it for most logins and we use an authenticator. Previous employer used RSA fobs. I'm not sure why a Google Authenticator, et al is hard to use, though SMS codes are more popular, probably due to familiarity.
I don't know if I'd call AV pure snake oil...it can be helpful, though it's purely reactive and of course, provides the illusion of complete protection when at best it's piecemeal.
Absolutely...democracy is the demented idea that idiots can identify and select good leaders. But then, I've always assumed Sturgeon's Law applies to human intelligence.