Australian Data Retention Laws – Are you protected?

email-privacyAustralia’s new data retention laws start today, and this means that ISPs are obliged to collect and keep records about your digital activities for 2 years, and to make those records available to various government agencies on demand without the need for any warrants or legal oversight.

The good news is that the email services provided by Spiffy Stores and Domain Hosting Shop are not subject to these data retention laws. In basic terms, the law only applies to carriage service providers, which means anyone who provides the physical connection for your home or office to the Internet or telephone system.

We will keep your Spiffy Stores email safe and secure, and you can send and receive email secure in the knowledge that the messages will not be archived and retained in any way, and will not be available to any government agency.

4 new payment gateways supported by Spiffy Stores

ecommerce payment gatewayDon’t say we don’t spoil you!

We’ve connected up 4 extra payment gateways to give you even more choices for processing credit card payments.

You can now add the following gateways to your online store. Yay!

Pin Payments – Australia’s first all-in-one online payment system. You don’t even need a merchant account to make use of their solution. You’re up and running right away.

Merchant Warrior – An Australian–based payment gateway that caters for all sizes of business from SME to the big end of town.

SwipeHQ Checkout – New Zealand-based SwipeHQ payment gateway also allows you to send invoices with credit card payment links, create ‘buy now’ buttons and run MOTO transactions.

… and already supported, but now available in Australia…

Braintree – An all-in-one platform from the US that provides a merchant account, payment gateway, recurring billing and credit card storage in the one spot.

You can select these providers, and many others, in your store Toolbox, under “Preferences > Checkout & Payment”.

More information about payment gateways compatible with Spiffy Stores can be found in our knowledge base.

Spammers Begone

We recently enabled a small security enhancement to the Spiffy Stores software to prevent a security attack called Cross Site Request Forgery (CSRF).

Basically, now an encrypted token is generated and inserted into every form on the store web pages. This prevents a hacker from copying a form from the site and tricking you into executing the form from a fake site, thus giving the hacker access to your account.

Whilst it was extremely unlikely that this sort of attack would work because of the way in which the Spiffy Stores software is designed, it never hurts to improve security wherever possible.

However, it turns out to have an unintended bonus effect!

Spiffy Stores is one of the few ecommerce solutions that has a “Contact Us” form built into your store. This form is generated for you automatically and you don’t need to use a third-party online form service to get something as essential as a contact form.

Now that we have added the Cross Site Request Forgery code, we are seeing instances of spammers who have “copied” the contact forms from various sites and have built them into scripts to try to spam our store owners with fake contact form submissions. All of these attempts are now failing because they are all detected as forgeries, and this means that your inbox will contain less of the spam generated by these pests.

Making your Orders just a bit more Secure

Here’s a quick update on a small security update that was added to Spiffy Stores this morning.

When payments are made using PayPal, we are given some information about the status of the customer’s PayPal account. In particular, we are told whether the customer is using a PayPal verified account or not to make the purchase.

This account status is now available from the Order History payment link whenever a payment is made.

You will normally see an item in the Order History like,

10:38am The customer successfully paid....

Click on the line and it will take you to the payments detail page. On the Message line you will now see something like
Received payment from gateway - Payer Status verified

If you receive a payment from an unverified account, you may wish to exercise a little more caution in processing the order.