Announcement

Collapse
No announcement yet.

Amazon Pay / reCaptcha (not checked) Redirect fix

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Amazon Pay / reCaptcha (not checked) Redirect fix

    We've been having people not check the reCaptcha checkbox during checkout, even though its right above our submit button.

    If they don't check it, click submit, and they are checking out with Amazon Pay, it reloads the OPAY screen instead of AMAZONPAY_OPAY.

    This can be a bit confusing for the user if they don't know (most probably don't) to go back to the BASK screen and click the Amazon Pay button again and start over.

    So, I have come up with this idea:

    On OPAY (within the head tag):

    Code:
    <mvt:if expr="('One or more required fields were not filled out correctly' CIN g.Error_Messages) AND ('amazonpay' CIN g.PaymentMethod)">
    <meta http-equiv="refresh" content="15;url=&mvte:urls:AMAZONPAY_OSEL:auto;" />
</mvt:if>

    Then in the Error and Information Messages Content section (right after the default error/info messages iterators):

    Code:
    <mvt:comment><!-- AMAZON PAY MESSAGE ON OPAY BEFORE 15 SECOND META REFRESH TO AMAZONPAY_OSEL --></mvt:comment>
<mvt:if expr="l.settings:page:code EQ 'OPAY'">
    <mvt:if expr="('One or more required fields were not filled out correctly' CIN g.Error_Messages) AND ('amazonpay' CIN g.PaymentMethod)">
        <div class="column whole">
            <p class="message message-error">
                You forgot to Check the "I'm not a robot" box.<br /><br /><br />The page will redirect to Shipping Selection in 15 seconds.<br /><br />Please try again after the page reloads.
            </p>
        </div>
    </mvt:if>
</mvt:if>


    Just wanted to double check and see if there is anything bad about doing this?

    Is that a reliable conditional to use on OPAY that won't effect other payment method errors for the meta refresh?

    Are there any other factors on AMAZONPAY_OPAY that might trigger the 'One or more required fields were not filled out correctly' error other than not checking the reCaptcha checkbox?

    Thanks in advance.
    Nick Harkins
    www.loveisarose.com
    Tags: amazon pay, checkout, checkout pages, opay
    #2
    SidFeyDesigns, a while back Cloudflare was moving away from reCAPTCHA (post: "The end of the road for Cloudflare CAPTCHAs") for a host of reasons. I have been meaning to look into it, but I just have not been able to get around to it yet. But I think its worth looking into it.

    Thank you, Bill Davis

    Comment

      #3
      Originally posted by William Davis View Post
      SidFeyDesigns, a while back Cloudflare was moving away from reCAPTCHA (post: "The end of the road for Cloudflare CAPTCHAs") for a host of reasons. I have been meaning to look into it, but I just have not been able to get around to it yet. But I think its worth looking into it.
      William Davis That is a slightly unrelated to the topic, although I'm pretty sure Cloudflare now uses hCaptcha when presenting a challenge to the user.

      We used to have hundreds of Carding Attacks (Regular Miva Checkout, not Amazon Pay) occur within 30 mins to an hour, multiple times a day.

      I have tried a few different approaches using Cloudflare's firewall settings that would only apply to OPAY and it proved to be more troublesome for real users than reCaptcha.

      Not only that but it still did not stop the attacks.

      Since we set up reCaptcha in Miva the carding attacks stopped entirely.

      Still not the best user experience but we had to do it.

      Now, when you have reCaptcha set up for the standard Miva Checkout, that also means you have to set it up for Amazon Pay.

      The code in question is to create a better user experience for Amazon Pay. Specifically when using reCaptcha in your store.
      Nick Harkins
      www.loveisarose.com

      Comment

        #4
        Thanks, that makes sense.
        Thank you, Bill Davis

        Comment

          #5
          Nick, are you showing the reCAPTCHA to all of your customers? Are you aware that you can set it up to only activate the reCAPTCHA after a certain number of failed attempts within a specified time period? (Number and time period specified by you.) These settings are controlled under System Extension Settings, and setting a reasonable limit for card attempts before forcing the reCAPTCHA might benefit all of your customers.

          Comment

            #6
            Hi Leanne , yes we were showing reCaptcha to all customers and I am aware of the velocity setting, but thank you for checking.

            We have some custom messaging/error messages to help guide our older customer base and I needed to figure out how to conditionally display the messaging before turning the velocity setting on.

            After digging through the token list on OPAY and testing the different reCaptcha settings I think I figured it out.

            On Opay:
            Code:
            <div class="row">
    <div class="column whole">
        <mvt:if expr="g.PaymentMethod NE 'paypalcp:paypal'">
            <mvt:if expr="l.settings:paymentsettings:paymentrules:rc_mode EQ 'auto' AND l.settings:paymentsettings:paymentrules:rc_t_end GT '0' OR l.settings:paymentsettings:paymentrules:rc_mode EQ 'on'">
                <p class="form-row bold blue align-center">Check Box Below.</p>
            </mvt:if>
        </mvt:if>
        <mvt:item name="payment" />
    </div>
</div>


<p id="js-submit-message" class="hide column whole bold blue align-center medium-align-right"></p>
<input id="js-submit-order" class="button button-large-font button-block medium-button-revert bg-sky black" type="submit" value="Pay Now" title="Pay Now">
(opening script tag)
    var submitMsg = document.getElementById('js-submit-message');
    var submitBtn = document.getElementById('js-submit-order');

    submitBtn.addEventListener('click', function() {
        submitMsg.innerHTML = 'DO NOT Click Pay Now Again!';
        submitMsg.style.color = '#0074d9';
        submitMsg.style.display = 'block';
        setTimeout(function(){
                submitMsg.style.color = '#dd293a';
                <mvt:if expr="g.PaymentMethod EQ 'paypalcp:paypal'">
                        submitMsg.innerHTML = 'Something went wrong,' + '<br />' + 'Click Pay Now Again.';
                <mvt:else>
                        <mvt:if expr="l.settings:paymentsettings:paymentrules:rc_mode EQ 'auto' AND l.settings:paymentsettings:paymentrules:rc_t_end GT '0' OR l.settings:paymentsettings:paymentrules:rc_mode EQ 'on'">
                                submitMsg.innerHTML = 'Review Payment Fields,' + '<br />' + 'Check the \"I\'m not a robot\" box,' + '<br />' + 'Click Pay Now Again.';
                        <mvt:else>
                                submitMsg.innerHTML = 'Something went wrong,' + '<br />' + 'Review Payment Fields,' + '<br />' + 'Click Pay Now Again.';
                        </mvt:if>
                </mvt:if>
        }, 15000);
    });
(closing script tag)
            In the Error and Information Messages Content Section:
            Code:
            <mvt:comment><!-- Default Informational and Error Messages --></mvt:comment>
<mvt:if expr="l.settings:messages:error_message_count AND g.Action NE 'LOGN'">
    <div class="column whole">
        <p class="message message-error">
            <mvt:foreach iterator="error" array="messages:error_messages">
                <mvt:if expr="('One or more required fields were not filled out correctly' CIN l.settings:error) AND l.settings:page:code EQ 'OPAY'">
                    <mvt:if expr="l.settings:paymentsettings:paymentrules:rc_mode EQ 'auto' AND l.settings:paymentsettings:paymentrules:rc_t_end GT '0' OR l.settings:paymentsettings:paymentrules:rc_mode EQ 'on'">
                        <mvt:if expr="'amazonpay' CIN g.PaymentMethod">
                            <mvt:comment><!-- AMAZON PAY MESSAGE ON OPAY BEFORE 15 SECOND META REFRESH TO AMAZONPAY_OSEL --></mvt:comment>
                            You forgot to Check the "I'm not a robot" box.<br /><br /><br />The page will redirect to Shipping Selection in 15 seconds.<br /><br />Please try again after the page reloads.
                        <mvt:else>
                            One or more required fields were not filled out correctly.<br /><br /><br />Make sure you Check the "I'm not a robot" box.
                        </mvt:if>
                    <mvt:else>
                        One or more required fields were not filled out correctly.
                    </mvt:if>
                <mvt:else>
                    &mvt:error;<br />
                </mvt:if>
            </mvt:foreach>
        </p>
    </div>
</mvt:if>
            Just got this set up this morning so we will see how it goes.

            Thanks.
            Last edited by SidFeyDesigns; 08-15-22, 08:35 AM.
            Nick Harkins
            www.loveisarose.com

            Comment

              #7
              Hey SidFeyDesigns, can you please keep us posted how it goes?
              Thank you, Bill Davis

              Comment

                #8
                I sure can William Davis .

                I did a few test Auth failures using the wrong billing address and the new conditionals are working.

                It does indeed show the proper messaging based off whether or not reCaptcha is being displayed.

                I can let you guys know if the carding attacks stay within a reasonable amount if they do start hitting us again.
                Nick Harkins
                www.loveisarose.com

                Comment

                  #9
                  Originally posted by SidFeyDesigns View Post
                  I sure can William Davis .

                  I did a few test Auth failures using the wrong billing address and the new conditionals are working.

                  It does indeed show the proper messaging based off whether or not reCaptcha is being displayed.

                  I can let you guys know if the carding attacks stay within a reasonable amount if they do start hitting us again.
                  Thanks!
                  Thank you, Bill Davis
                  • 1 like

                  Comment

                    #10
                    William Davis happy to report that over the last 30 days the carding attacks have pretty much come to a halt. We have only had 10 authorization failures from the fraudsters since setting up reCaptcha with the velocity setting turned on.
                    Nick Harkins
                    www.loveisarose.com

                    Comment

                      #11
                      Originally posted by SidFeyDesigns View Post
                      William Davis happy to report that over the last 30 days the carding attacks have pretty much come to a halt. We have only had 10 authorization failures from the fraudsters since setting up reCaptcha with the velocity setting turned on.
                      Thanks, what settings do you recommend?
                      Thank you, Bill Davis

                      Comment

                        #12
                        William Davis that is probably a decision best made by you but our current setting is Mode: Velocity - Activate after 5 failed attempt(s) within 1 hour(s)
                        Nick Harkins
                        www.loveisarose.com

                        Comment

                        Previous template Next
                        Working...
                        X