DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
 Posted - 04/12/2022 : 07:12:20
Hello,
We're switching payment providers from Payment Sense to Worldpay
I've read the article here: https://www.ecommercetemplates.com/help/ecommplus/worldpay.asp
My understanding is the account name number should be the installation ID. for example 1444337 This is what it says in the dashboard.
I've noticed that MD5 Secret and Payment response password are now optional. Does this mean that all you need to enter is the Installation ID? because that doesn't seem to work.
Also Worldpay now send "Org Unit ID", "ISS API ID" and "JWT MAC Key API Key"
But none of these are referred to in the installation or help page. Has it all changed?
We're using our own HMTL files with the PHP includes from the dreamweaver version
Any help would be much appreciated
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/13/2022 : 09:21:59
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/19/2022 : 08:55:01
Hi Vince,
We're getting the error: The information sent from the merchant's site is invalid or incomplete. Please send the following information to the merchant:
The transaction cannot be processed:
The MD5 signature could not be verified.
We've got the string version of the MD5 in their business centre and the hashed version in the back end of ecommerce templates.
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/19/2022 : 10:21:57
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/21/2022 : 01:46:16
Hi Vince,
We've tried it with the string version in the cart software and the WorldPay business centre. Still comes up with the same error "The MD5 signature could not be verified."
When we try it without the MD5 it works but I understand that it's important for security.
The payment response password works without issue.
Kind Regards,
Alex
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/21/2022 : 02:25:51
Hi Alex Yes, it really is important for security and it's not recommended at all to not use the MD5 hash checking features. But this is the section in the instructions about the MD5 values... quote:
You are also encouraged to set up a Payment Response password and MD5 secret for transactions. All you do is on this Integration Setup page towards the bottom of that page, enter a value for these 2 settings. It can be anything you like using numbers and letters (up to 16 characters) but make it different for the 2 values. Now go to your Ecommerce Templates admin payment providers page for WorldPay and enter these values you just set where you see “MD5 Secret (Optional)” and “Callback password (Optional)”.
Can you try using a simple value for each of those to test. Make sure it is under 16 characters and no special characters or punctuation for now. Vince Click Here for Shopping Cart SoftwareClick Here to sign up for our newsletterClick Here for the latest updater |
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/21/2022 : 07:26:06
Hi Vince,
When entering the MD5 Secret on the WorldPay business centre it says we must use a string that is between 20 and 30 characters long, includes an uppercase letter and symbol.
We've called their tech support and they've verified this saying minimum 21 characters with uppercase letter and symbol but not a currency symbol or @ sign.
Can you advise?
Kind Regards,
Alex Clarke.
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/21/2022 : 08:27:49
|
1818charlie
ECT Moderator
United Kingdom
1198 Posts |
Posted - 04/21/2022 : 13:29:19
The WorldPay integration I have setup on three ECT sites were for the WorldPay Junior Select, if that throws any light on the issue.
The first two were in 2012 the last one was in summer 2016 & that was before WorldPay were acquired by FIS in 2019 so things could be pretty different now.
-----------------------------------
Steve
Manchester UK
Make it as simple as possible, but not simpler.
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/25/2022 : 07:57:39
Hi Vince & Steve,
Thank you for your replies it's much appreciated.
We're using the same Worldpay Select Junior integration and their tech support has verified this.
I've asked if there are any other integration types and their tech support has said that they only use MD5 secrets that are above the 21 characters and below the 30 including upper & lowercase and without @ or currency symbols.
He's said that is would work using no MD5 but again really advises against this.
Is there anything that could be changed on your end to allow to make it fit the 21-30 characters instead of only below 16?
Kind Regards,
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/25/2022 : 08:28:49
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/26/2022 : 06:33:36
Hi Vince,
Thank you. I've just sent the email.
Kind Regards,
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/28/2022 : 04:26:29
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 04/28/2022 : 06:07:17
Hi Vince,
I've just called World Pay and confirmed that the select junior account is active. We had a call with them last week where I put the site in demo mode and they ran test transaction as well as making sure the SSL was compliant and we displayed all of the necessary card logos. They activated it then.
It's just when it's in production mode and uses the MD5 we still get the same error "The MD5 signature could not be verified." even when they're the same sting on their dashboard and our ecommerce templates back end. Presumably because the 16 character vs the 21-30 characters issue?
Kind Regards,
Alex Clarke.
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 04/28/2022 : 08:05:42
|
1818charlie
ECT Moderator
United Kingdom
1198 Posts |
Posted - 04/28/2022 : 08:11:25
Good afternoon Alex Regarding the MD5 for the three ECT sites I have setup using WorldPay. The MD5 was not something supplied by WorldPay, it was something the merchants themselves chose. As I stated previously things may have changed since I setup the last one in 2016. One of the clients has two sites operational & using WorldPay & both have MD5s which I recall setting up as both are things WorldPay wouldn't know about. I recall the client setting a MD5 using only alphanumerics & the MD5 was, or had to be, 30 characters long, not upto. That was then entered into your WorldPay Junior Select dashboard & then also in the ECT admin under MD5 secret (optional). quote:
"The MD5 signature could not be verified."
If the MD5s are 100% correct then make sure there are no spaces before or after the MD5. That's happened with the very first one I setup in 2012 & the client was using copy & paste. When I looked at it & used copy & paste into Notepad++ that's when I noticed the space after the MD5, cleared to no space & Voila - worth a check Hope this helps PS - Just an afterthought, you are not getting the payment response password confused with the MD5 are you? ----------------------------------- Steve Manchester UK Make it as simple as possible, but not simpler.
Edited by - 1818charlie on 04/28/2022 08:25:28
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 05/03/2022 : 02:06:59
Hi Vince & Steve,
We've tried the MD5 with alphanumerics only and their dashboard still doesn't like it saying it needs a special character.
We've also tried it exactly 30 characters long which was accepted.
We've also made sure they were 100% correct making sure to type out meticulously rather than copy and paste the MD5.
We're definitely entering the MD5 in the right fields both on the WorldPay junior select dashboard and the Ecommerce Templates dashboard as we've already got a payment response password set and is working fine.
I'm thinking it's looking like the hang up is the special character. Maybe they've changed it recently to be more secure?
Thank you for both of your help thus far.
Kind Regards,
Alex J Clarke
|
Vince
Administrator
42850 Posts |
Posted - 05/03/2022 : 09:57:43
|
DIY Marquees
Starting Member
United Kingdom
31 Posts Pre-sales questions only (More Details...)
|
Posted - 05/09/2022 : 02:47:26
Hi Vince,
They're not really of much help to be honest. They've got their requirements for what the MD5 should include and that's it. They make the security rules.
I'm reading though the WorldPay set up here: https://www.ecommercetemplates.com/help/ecommplus/worldpay.asp
Specifically regarding the MD5 Hash "It can be anything you like using numbers and letters (up to 16 characters) but make it different for the 2 values"
This conflicts with the WorldPay requirements of 21-30 characters must include numbers, uppercase and lowercase letters and special characters but not @ or a currency symbol.
When entering it into the ecommerce templates back-end there's no problem or error for when entering for example an md5 "VekXZmh5FhhVdKv923jFhJZssj2Fy!" seems to be accepted but conflicts with what's written on the World Pay set up page above.
Can you see how there might be an issue with using one similar to that?
Does this mean that ecommerce templates is no longer compatible with WorldPay's new security rules?
The error show is still as follows on checkout:
"
Secure Payment Page
Sorry, there was a problem processing your payment:
The information sent from the merchant's site is invalid or incomplete. Please send the following information to the merchant:
The transaction cannot be processed:
The MD5 signature could not be verified.
Server information 09/May/2022 09:43:03 (a8336a1f5f844051)"
Again MD5's are definitely the same on both their dashboard and the ecommerce templates back end.
Kind Regards
Alex J Clarke
 |
Vince
Administrator
42850 Posts |
Posted - 05/09/2022 : 09:52:12
|
| |
|
World Pay Setup