Tuesday, September 16, 2014

Shopify implementation of Paypal Payment Express is broken

The tl;dr version
Just view this video

The whole story
I am helping a friend setup an online store with Shopify.
For the past three/four months we have worked together on the idea for the store, the design and getting content on to the site.
Last week I tested payments on the site as we are getting close to launch. And to my shock - it didn't work!
I had setup Paypal Payments Standard with the shop's Paypal account and enabled this in Shopify but
received this error when trying to process a payment -
Error from gateway:
The merchant country is not supported.
The business is based in Thailand. Paypal supports Paypal Payments Standard for their Thai customers but Shopify does not. Shopify only supports this for their customers in the US, UK and Canada. (At no stage during signup is this mentioned, and I can't find it on the site except in one forum post)
So, as the only option left was to use Paypal Express I set that up and found another problem.
Shopify does not ask a customer for their details at checkout so when they are forwarded to Paypal to enter their payment details they need to enter their address at that stage. This means that shipping is not included on the Paypal payment page. The customer only gets the option to choose a shipping method or enter a discount code when they are sent back to Shopify.
This essentially means that customers are being asked to enter and confirm their details for an amount that they will not ultimately be charged (assuming that shipping is required). Further confusion for customers is caused by the inability to enter a Discount Code until after the payment details have been taken. I'm open to correction but a setup like this goes against web usability and can only result in a large amount of abandoned carts.
I have received a reply and a "workaround"(hack) for this issue. I'll post that in the next article.
I would love to hear people's opinions on this situation. I would especially like to hear from other Shopify users from countries considered "overseas" by Shopify - not US, UK or Canada.
The only other Payment Gateway option available to me in Thailand is 2Checkout. I've set this up and it has helped with finding a resolution to the issue.
Ultimately I am going to continue with Shopify for the short term and will use Paypal Express and the hack Shopify sent to me.
I'll update in my next post.

Wednesday, June 12, 2013

Old but amazing post about encoding email addresses on websites

http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/

Maybe the techniques in this post have already been compromised by spammers but I love the techniques here and the duration of the study. Great work and beautiful ideas.

Friday, March 8, 2013

Strong passwords





The first, and often the last, line of security for your computer accounts is your password. Your login to your home computer, your work network, your email, social network and other websites is protected by the password you have set. Choosing a strong password is essential. But this simple task is complicated by one small thing - the need to remember that password :)
I will give you a couple of tips and strategies that you can use which should help you.
We'll start with an example of a bad password. Let's say you use a word like dog as a password. This is bad because it is a word that is found in a dictionary. It is also very short, and it may even be easy to guess for people that know you if you're a dog lover!
We can see how weak this password is by going to the How Secure is my Password website - http://howsecureismypassword.net/
Your password can be hacked in a variety of ways - guessed, found written down somewhere, stored in your computer's memory, etc... A common way for a password to be hacked is to use a program that iterates through dictionary words, names, combinations of words/letters/characters/numbers, etc... until it finally discovers the password you are using. This is what the How Secure is my Password website works. It tests your password and tells you how long it would take for a password hacking program on a desktop PC to find your password.
If we try the password dog on this website we see that a desktop PC would hack it within 0.000004394 seconds. Fairly fast!
The great thing about this site is it then tells us why it is so easy to hack that password - too short, possibly a word, and it uses just letters. Let's try changing the password slightly. We'll still use the word 'dog' but we'll capitalise the first letter and replace the 'o' with a '0'(zero). So we now have D0g.
Some improvement but still not great at 0.000059582 seconds. Again we're told that the password is very short and it doesn't contain symbols. Let's mix it up further. Instead of the base word being 'dog' we'll change to labrador and we'll change some letters to numbers and symbols. So our new password could be L@br@d0r.
Cool, it now will take our hacker on his desktop PC three days to hack our password. Not too bad but I'd still like to make it harder for people to get access to my personal information. Let's use the full name of our dog's breed as the base - Labrador Retriever. So our new password is L@br@d0r R3tr!v3r. (Note: I've used a space in this password)
39 quadrillion years!
Happy days, I'd rest pretty well knowing I'd be long gone before any hacker got access to my accounts and started posting spam to my Facebook Timeline :)
This site is a good way to get an idea of how secure a password might be when compared to other passwords but I wouldn't rely on the accuracy as there are many many variables that need to be taken into account.
So, in summary, pick a phrase as a base for your password, then use upper and lower case letters and substitute some letters with numbers or characters.
Another nice way to create a password that is easy to remember is to use a line from a song. For example If I use the line - Today I don't feel like doing anything - I am told by this website that it would take a hacker 176 sexdecillion years to discover it. I have no idea how long sexdicillion is but it sounds pretty long and is probably not worth worrying about.... in this lifetime anyway :)

Friday, March 1, 2013

Be aware of spoof email





Spoof Email is email that appears as though it is from a well-known, trusted, company or a friend when it is actually from a spammer or other person/company with malicious intent.
Most email services have excellent detection of this type of email but it is always wise to be vigilant when reading email you have received.
Be aware that the "From:" field of an email can easily be altered so it appears that the email is coming from a reliable or known source.
If you receive an email that appears to be from a known or trusted source but something seems a little unusual to you then you should take a moment to double check where the mail came from and to ask yourself a few simple questions.
Things to ask yourself are:
  • Is this email looking for my personal information?
    If an email is from a trusted company they will not ask you for information like this. This is a general rule of thumb and companies regularly send out messages and notices reminding customers that they do not email you asking for this type of information. 
  • If it appears to be from a friend, are they behaving as you would expect?
    A good indication is if the email has a general greeting like "Hey, how's it going?" and then goes on to ask you to click on a link "Here is something you have got to see - LINK"
    On the other hand if the email is from a friend they might say "Hey, how's it going? Here's some photos from Mary's wedding last week - LINK" 
  • Another tactic is to email you "warning" you that your account with a website/bank/company needs to be updated/checked/etc.... This can be a hoax that directs you to a fake site with the intent of stealing your username and password. If you get an email like this, say from Skype or Facebook, a good tactic is to go directly to the website yourself, not clicking on the link in the email, and performing whatever task has been requested of you. 
Unfortunately there are countless ways spammers, identity thieves, virus and malware producers, etc.... use to trick people into falling for their schemes. Some are ham-fisted and easy to spot whilst others can be very clever and can catch out even the most careful computer users.

Thursday, October 11, 2012

Lanschool software for monitoring IT lab computers

As a teacher running an IT lab with 24 students logged in at the same time can be a bit challenging. Keeping students on task is a challenge in a regular classroom but with the distractions that the web, games and chat provides on a computer this challenge is magnified.

Tuesday, October 9, 2012

Converting from Wordpress to Blogger

In the past I always recommended that clients go with a self hosted rather than hosted solution for everything from email, applications and especially websites. However I have changed my tune in the past few years about email (nightmare to manage -> go to Google Apps) and applications (ditto on Google Apps!). But it has taken me a long time to admit that sometimes a hosted website is a better option than one that you build and host yourself.

Monday, October 8, 2012

Sharing a computer and security

Recently the issue of security on a computer that is being shared has come up. This is not an issue with computers that are on a network where everybody logins in with their own username and password. It is the issue of security on a computer that is being used by several people with only one user account i.e. no login - the computer is turned on and there is no need for each individual to use a different username or password, it logs in automatically or a password is entered once.