No announcement yet.

Removing verification / captcha on MyAccount page

  • Filter
  • Time
  • Show
Clear All
new posts

  • Removing verification / captcha on MyAccount page

    Is there a option to turn of the verification / captcha on the MyAccount page or do I have to manually edit the templates to take it out? I can't think of any reason I would want to make it harder for customers to login and want to remove it.

  • #2
    I swear there used to be a 'Require captcha' setting before the rollout to 3.0 but I do not see anything like that any more.


    • #3
      Originally posted by View Post
      I swear there used to be a 'Require captcha' setting before the rollout to 3.0 but I do not see anything like that any more.

      I got started with 3dc back in January and was always on V3
      and Im positive I seen require captcha and a checkbox to enable or disable it someplace


      • #4
        Perhaps a Conspiracy ?
        I think ive gone through almost all settings and cant find it now

        BAD 3DC <laughs> Rob or Gonzallo will be in and show us how easy it was and show exactly where to find it I'm sure

        or tell us we have to call in and have it done manually



        • #5
          Hi everyone,
          This was never a setting, the captcha on every form was introduced on version 3. The reason behind it is to make the application more secure. Any time there is a possibility of a robot trying to get information, ie. on a login page, registration page, forgot password page, etc, you need to have this, or something like this, ie. A lockout if multiple attempts are made.

          The lockout option is ok on the back end, because we can assist you to unlock the account should you need to, but on the front end, you don't want your customer to not be able to buy because they can't contact you at 2AM.

          We used a third party security agency to test our software and give us suggestions on how to improve it and make sure it passes all PCI requirements. (They went line by line, on both the front and back end) There are some requirements which we decided not to implement on the front end but did on the back end, ie. long complicated passwords, we don't feel its necessary for clients as they are not storing credit card information, but it is a requirement on the back end.

          The goal is to make the application secure, make sure it addresses all PCI requirements, and still make it usable for the end user. We are trying to balance everything at the same time, we feel the captcha we use is not as complicated as some out there. We'll explore changing this to other methods in the future, but for now, the captcha needs to stay :(
          Gonzalo Gil
          3dCart Support
          800-828-6650 x111


          • #6
            I could have sworn 3dc had it must have been one of those other carts I was doing trials before I decided on 3dc
            even though it is sort of annoying I have yet to have a customer complain about it
            Thank you Gonzalo for answering and explaining the who's whys and all that sorts of stuff
            Even though this is a minor inconvenience I highly doubt it keeps customers from buying or contacting us and or logging in to check the status of orders
            of course they always have the option of live chat or telephone also


            • #7
              I was just doing some tweaking the other day and saw the captcha. I haven't had a customer complain yet either so it is not really a problem.

              As for the setting I think It is probably something I remember from my osCommerce days.


              • #8
                Captcha requirement = lost customers

                We just switched to 3d a couple of weeks ago, and I've had several customer complain. 1. they hate it. 2. The contract is weak and it is hard for some of my visually challenged customers to read it.

                I put in a support ticket about turning it off and was told... Unfortunately, the captcha field is a requirement of PCI Compliance, so this cannot be removed. Please let us know if we can be of any further assistance to you.

                I find that suspicious, since I came from a cart that saved cc numbers, etc, and they don't use it. I have asociates that have other carts who save cc data, and they aren't required to have it and THAT is what my customers are saying is 'Why should I have to go to the trouble of typing in a code each time I try to log into my account, when I can go to XYZ company, who sells the same thing and its much easier to make a purchase?'

                The simple fact is that it IS NOT required to be PCI compliant. If it were, every online banking website would be using it. I don't have to use captcha to get into my bank account. Do you?

                I was also told that the contrast could not be increased because it would be too easy to read. I find that laughable, sine one HAS to read it to be able to enter it.

                I tested version 3 prior to coming on board, and it definitely was not in the demo version. In fact it was not in my live version to begin with because I was constantly loggin in as a test custoemr to get my site setting correct. It wasn't until February 27, 2009 that I noticed it and sent in a ticket on the darn thing and qucikly got the door slammed in my face when I questioned it.

                I have seen several other online stores that DO save customer financials use something MUCH easier. On the login page it asks a simple question that requires logic, and an elimination rule that only a human can figure out. A simple question like. 'Which doesn not belong in this list? Apple, Grape, Dog, Orange. It is simple, easy, and serves the same purpose without losing sale and customers.

                Interesting too is the fact that Security Metrics, the company that supposedly required 3d to implement this doesn't even use it on their own website.



                • #9
                  During the PCI compliancy process, we are audited by a company, Plynt, that makes recommendations and sets forth what we need to do in order to be certified. When dealing with customer logins, we were presented with 2 options in dealing with customer logins:

                  Upon incorrect login credentials, lock the account. or,
                  Require captcha.

                  As you can well imagine, in an e-commerce environment, locking a customer out of the cart is a guaranteed way to lose a sale. This is why we chose a very basic form of captcha. This protects you from malicious robots who would use scripts to login to your customers account and get private information, such as their address. This is not something anyone wants to have happen.

                  On the subject of capturing a credit card #, this is not something we can waiver on. It is simply the worst thing to have happen in an e-commerce environment. Personally, I have been building stores on many platforms for years, and been shopping online for years, and I can tell you that it is not common for everyone to capture credit card information. Typically, only large retailers will capture credit cards.

                  If you'd like to discuss options for the captcha, please drop me a line at 1-800-828-6650 x118


                  • #10
                    I don't mind the Captcha being required - BUT I have had 2 customers complain that it is difficult to read. I THINK both of them said it was too light.

                    I did report it to support - but they indicated no one else was having a problem - so didn't pursue it.

                    I think it would be OK for my customers if there was just more contrast between the background colors and the characters.
                    C Ekman
                    Owner/Designer: Cobweb Corner


                    • #11
                      Originally posted by GonzaloGil View Post
                      :Hi everyone,
                      the captcha on every form was introduced on version 3:(
                      Am I missing something? I don't have Captcha on my CONTACT form - the most important place I wish it was implented - as it would prevent a lot of SPAM.

                      According to GonzaloGil's post it is on 'every form'??? or am I misunderstanding that?

                      I would REALLY like to have it on the Contact Form.
                      C Ekman
                      Owner/Designer: Cobweb Corner


                      • #12
                        PCI compliance is VERY serious business- and V/MC are VERY serious about it.

                        If any of you were with Monstercommerce/NS before this, you know how badly they freaked out and removed key features.

                        I think 3D has been very good about it.


                        • #13
                          Sometimes the contrast is so faint, that you can't complete the letters/word. I think that is the biggest issue with this. I've tried as well and sometimes the letters/words are illegible.


                          • #14
                            Hmmm - have you told support? They told me noone else had mentioned it - so if you are having troubles please submit a ticket so I'm not the only one.
                            C Ekman
                            Owner/Designer: Cobweb Corner


                            • #15
                              there is another thread on this, I think.
                              There's nothing to be done, from what I gathered.