Jodo's New Payment Gateway

[EminenceAdam]

Do you have any further information you could provide about your new payment gateway we are going to be forced to use for credit card payments. I read the steps to set it up on the control panel so that it bills each month, but there isn't any information about how secure your system is, how our credit card info is stored and whatnot. I don't mean to be annoying, I just like to be careful about where I put my credit card info. )

Thanks in advance.

 

[Atul]

Our customer can use any of three payment methods (1) paypal (2) 2checkout - all credit cards (3) Credit Card using US payment gateway - Visa and MasterCard.

When you make payment using Credit Card, JodoHost do not know your credit card # or bank details. We only get some information for farud check.

Credit Card is a step towards automation in our billing. With full implementation of payment gateway, we will start offering instant account activation to our new customers. Currently when existing customer use Credit Card, payment gets credited to his/her account instantly.

We will keep paypal as payment option. We will keep 2checkout at least for few months.

Shortly we will add new features and enhance our services further. Automation is a key for providing you best services while keeping our costs under control.

 

[Yash]

All credit numbers are stored encrypted in the Control panel database. Our control panel server is an isolated server on which we perform regular security audits and every single login/logout is reviewed.

When the system wants to bill you, the control panel talks to our payment gateway over 128bit RSA encryption (what all ecommerce is encrypted with). That gateway processes the charge and sends back information to the control panel server indicated a success or failure.

The system is very secure, don't worry about that. As Atul said, none of our staff has direct access to the credit card numbers. Only specific information is passed to our billing staff to determine if its fraud or not (information from AVS, phone number, IP location, etc.).

Our reputation matters more to us than anything else here so you shouldn't worry.

 

[gregthegeek]

I just went through that process the other day and I noticed that no SSL connection was made, unless I just happened to miss that. That's great that you have SSL between you and the banks(or whomever they are), but I think you need an SSL connection between the end-user and you. Did I miss that? I dont feel comfortable putting up my info without that SSL connection.

As Adam was saying, I also like to know where my CC#'s are going. Who are your gateways?

 

[Yash]

No. SSL is available and its not recommended any credit card number is transfered over a non-encrypted connection

URLs:
https://cp.m****here.biz:8443
https://cp.jodoshared.com:8443

 

[gregthegeek]

OH!

Very good. I didn't know that.

Perfect, thanks!

)

 

[yorri]

Sorry but as soon as my credit card is being stored somewhere is the day I find another host. I hope others will follow me in expressing the same. I don't do business with anyone who stores my credit card regardless of the security measures. If you have read about any fraud case on the internet it is because they got the information from a database..not while in transit.

So, I guess it is time to look elsewhere.

Sorry but this is non negotiable for me.

 

[Logan]

So, I guess it is time to look elsewhere.

Sorry but this is non negotiable for me.

Did you miss it when they said that paypal will continue to be available?

 

[yorri]

Yes and I also see that they are still going to support 2Checkout for the next few months (probably to give people time to switch over).

If you look in the announcement section they are asking people to move from Paypal. So, it may be true that they are allowing us to use Paypal and 2Checkout for the next few months. So how long before they remove Paypal payments?

I just wanted to make sure that I add my disapproval for a service that stores credit cards.

 

[riley]

Yes and I also see that they are still going to support 2Checkout for the next few months (probably to give people time to switch over).

If you look in the announcement section they are asking people to move from Paypal. So, it may be true that they are allowing us to use Paypal and 2Checkout for the next few months. So how long before they remove Paypal payments?

I just wanted to make sure that I add my disapproval for a service that stores credit cards.

Yorri,

Although they are asking people to switch from PayPal, the announcement does not say that they will discontinue PayPal. Here is the statement: "Although we will continue to support paypal, reoccuring billing will never be available on PayPal."

However, I do agree with you. I would not want to continue hosting here if I could not use PayPal to pay for it.

riley

 

[yorri]

Yes I am aware of what the post states. It is the future intention I am worried about. Many decisions have been made without discussing it with us in the past so sorry if I have trust issues with JH.

As long as Paypal will continue INDEFINITELY, then I have no problem with this. I have been a member of paypal since 2000 and never experienced any problem with them (not that it makes a difference for the future) but they have an excellent track record (even if the did have problems with downtime lately).

 

[Atul]

Paypal and 2Checkout will continue to be the payment options for our customers. Those customers who find it inconvenient to switch to our new payment gateway, may continue to use Paypal or 2checkout.

 

[EminenceAdam]

I would just like to mention that I have switched over to the new payment gateway and it seems to be quite secure and it works very well. Since I started this thread and all I thought I would add that. So yes, I'm very happy with the new service

 

[Yash]

As long as Paypal will continue INDEFINITELY, then I have no problem with this. I have been a member of paypal since 2000 and never experienced any problem with them (not that it makes a difference for the future) but they have an excellent track record (even if the did have problems with downtime lately).

It's clearly stated we won't discontinue PayPal. However, 2Checkout is something we may consider discontinuing once our new system fully takes over

I think you are forgetting Yorri that alot of companies store credit card information. if you signup for webhosting with a company with reoccuring billing, they have to store your CC # to charge you every month.

I'd like to assure all customers using our automated billing system that we are using the highest security standards. That server is designated mission critical to us. All credit card numbers are encrypted. Server activity is monitored 24x7 by our team. Our staff does not have direct access to the numbers. Our credibility matters the most to us.

Also, let me remind you, credit card companies do not put the liability of fraud on the customer. It is always on the service provider.

 

[Logan]

Also, let me remind you, credit card companies do not put the liability of fraud on the customer. It is always on the service provider.

That is true, however as anyone who has been a vicitim in something like this, closing your account and getting a new account and card can be a major pain and it's understandable why anyone would take measures to ensure that they don't need to go through this, including not providing their card number to any service provider.

 

[yorri]

I'd like to assure all customers using our automated billing system that we are using the highest security standards. That server is designated mission critical to us. All credit card numbers are encrypted. Server activity is monitored 24x7 by our team. Our staff does not have direct access to the numbers. Our credibility matters the most to us.

Well I don't even let Amazon store my number even though I am sure they have a great team of people working for them and the greatest intentions of protecting me.

Maybe that is being too cautious but I prefer to be safe rather than sorry and stating that the customer is not liable does not make me feel any better because it is a stressful event if and when something bad does happen (as Logan mentioned). If I can do something to prevent it from happening, then I will.

 

[Yash]

We use a two key encryption system for credit cards stored in the database, the same type used in 128bit SSL encryption

For the credit cards to be unencrypted, a private key is needed. That key is not stored on any hard disk on our work stations or on the servers. It is loaded in the server's memory when billing routines are performed.

That key is safely and securely burned on a CD that is kept under lock and key and to which access is restricted. Even if the CP server is hacked and 100% compromised, there is no way a hacker will get your credit card numbers because that key won't be on the server.

We always keep multiple layers of security. This is just one layer. We have layers of security around accessing our internal network at office and our network at the datacenter as well. Security is monitored 24x7.

I'm not forcing anyone to use the new billing system, but what I am saying is that security is very serious here.