Miva Merchant 9.6 Bug Fix 8 Release Notes

Bugs Fixed

25144: Module: mvusps: USPS First class parcel has been renamed “First-Class Package Service – Retail”

HTTPS has always been a core part of any ecommerce website. If you’re accepting personal information online, including credit cards, you must have an SSL Certificate to encrypt the data. Typically, a website was only served over securely (HTTPS) on Account and Checkout Pages. General shopping and browsing was done over unencrypted HTTP. Over the past couple of years, that is starting to change. Google now prefers the entire site to be served over HTTPS to protect the visitor. They are even giving sites that are all https a small ranking boost. 

While serving every page over HTTPS adds some additional server overhead and can cause the page to load slightly slower, the additional time should be unnoticeable to the visitor.

This tutorial will walk you through step by step how to convert your Miva store to be entirely served over HTTPS. While the actual implementation and changes are relatively simple, making sure everything is done correctly is extremely important. If done improperly there are negative customer experiences which can occur, such as getting insecure warnings on pages and negative SEO consequences which can damage your rankings – both of which you want to avoid.

Click here to read more

As Miva has evolved, we’ve built a unique, hybrid Software-as-a-Service (SaaS) platform that allows our customers to retain the control and independence of distributed software, while having the easy upgrades we’ve all come to expect from SaaS platforms. It’s time we refine and formalize our policies on when software is officially EOL (End of Life), and update our Non-Compliance Fee (NCF) policies accordingly.

Most Software-as-a-Service platforms don’t give you a choice when it comes to upgrades – you simply login one day and your platform has been upgraded for you, whether you like it or not, and whether it negatively impacts your business or not.

Miva has chosen a different path. While providing the type of seamless upgrades and updates people have come to expect from Software-as-a-Service, we don’t force you to upgrade before you’re ready. The downside to this path is that, often times, people will choose to run out-of-date software; and in this day and age, it’s simply not a wise, safe or prudent choice to run out-of-date software. 

We specifically created and use the Non-Compliance Fee program as an economic incentive program to encourage people to update their stores regularly.

For example, in my opinion, it is simply not safe to run any version of Miva Merchant prior to 5.5 Production Release 8 Update 7 (which was released on October 16, 2012, over two and a half years ago), yet we still have many customers who choose to run Miva Merchant 5.5 PR8 Update 6 or older (including people still running 2.x stores, which was released way back in 1999).

Going forward, Miva Merchant software will be considered EOL (End of Life) when either of these 2 circumstances are met:

1. Software has been officially Non-Compliant due to normal software releases, from the perspective of PCI software updates, for more than 12 Months. In other words, 15 months after the release of a new update, software will officially become EOL.

or 

2. Software that is Non-Compliant due to a security release, from the perspective of PCI software updates, for more than 3 months. In other words, if we mark an update as a security-focused update, per the terms of PCI compliance, older software will be considered EOL 4 months after the security update is released.

What impact does Miva marking a product as End of Life have on you, the merchant?

First and foremost, it means we will not, under any circumstances, release a patch, update or upgrade for that version. The most common use cases would be either an API change by a provider (say for example USPS changes its rating API, we will not be releasing an updated USPS module to work on any EOL version of Miva Merchant).

Second, when there are system-level security changes (such as POODLE in 2014), we will not be releasing a patch or engine upgrade to keep EOL software fully operational on modern Operating Systems.

Non-Compliance Fee program changes:

Currently, we have a varied Non-Compliance Fee program that means you pay a different fee depending on if you’re hosted by a third party or directly with us; and, if you’re hosted with us, your fee varies based on the plan you have.

Going forward, we’re standardizing our Non-Compliance Fee program to a flat rate program. Your NCF will be $50 per month, if you’re running Non-Compliant but non-EOL’d software; or, it will be $100 per month, if you’re running Non-Compliant and EOL’d software.

Click here for the original blog post.

For anyone looking to build ReadyThemes (or you just want to learn more about how the new ReadyThemes works) We just released 5 new developer videos which walk through the Base Developer Framework as well as a overview of the main ReadyTheme features and functionality

http://www.miva.com/videos/category/readythemes


We'll be continuing to add new ReadyTheme videos however, if you have any areas you would like to see more video content (or written documentation) on let me know and I can add it to our queue.

Some other helpful links:

ReadyTheme Documentation - http://www.miva.com/videos/articles/...-documentation

Base ReadyTheme Framework - http://www.miva.com/videos/articles/...ase-readytheme

Credit Card Security Code ( CVV2 ) explained

What is the CVV2?

The CVV2, Credit Card Security Code is the number found on the back of most cards. It's usually a three digit code, and it's purpose is to ensure that the person using the card for a purchase actually has that card IN THEIR HAND.

Why ask for the CVV2?

There are LOTS of ways that criminals can get their hands on lists of stolen credit card numbers. Getting hold of matching CVV2 numbers is much more difficult. Because of that, if your store verifies the CVV2 at checkout then it is much more likely that the purchase is genuine.

How can I accept CVV2?

Miva Merchant has modified many of its CURRENT payment gateways to include the CVV2 feature in the LATEST releases. Some CVV2 supported gateways are:
# AuthorizeNet

# Innovative Gateway
# First Data Global Gateway
# Payflow Link
# Payflow Pro
# CHASE Paymentech Orbital Gateway

# CyberSource

What if you process your orders through a terminal and it NEEDS CVV2

This is another frequently asked questions. The simple answer is... Tough Luck!.

There is a REASON why your terminal wants this CVV2. It's probably because your merchant account provider is giving you a good rate for NON-INTERNET sales. They give you this rate because if you are processing a card through a terminal, and have the card in hand then this is low risk. If on the other hand you are trying to process internet sales, then your merchant account providor wants to charge you Mid or Low qualifying rates.

What do you do? Well one thing you cannot do is find some way to store your customers CVV2 at checkout. This is absolutely forbidden by Visa, Mastercard etc. Think about it... what value is the CVV2 standard if people start storing this number with the credit card!!!

Bottom line, if you use simple credit card validation then your only options are:

# 1. Call customers and ask for the CVV2 when processing the transaction
# 2. Upgrade your payment gateway to one of the options above.