This is our 1st release announcement in 2014 - X-Payments 2.0.1 has been released and became available to everyone who owns X-Payments v2.x license or upgraded their X-Payments v1.x license to v2.x. Users of hosted X-Payments plans can get their accounts upgraded to the latest X-Payments version free of charge, just submit a ticket with an upgrade request and we'll take care of it.
So what’s new?
Bug-fixes and several improvements that can be considered minor if we look at them from the point of view of code changes amount, but visually, for a merchant, these changes can be significant enough. Now let me shed more light on what changed.
X-Payments separate page checkout displays shopper’s billing address and payment total now
This improvement can be really useful for merchants who use X-Payments as a separate checkout page: this info should really increase conversions. We spoke with some of our merchants regarding how we can help them to improve conversions and figured out that quite often shoppers decline orders if they do not see amount they are to pay. Also, displaying billing address can help merchants to avoid unnecessary unfinished orders due to mismatch of a billing address entered by a shopper and a real billing address associated with their credit card.
Timers for checkout forms and admin back-end
According to PA-DSS requirements we must limit unattended admin user session by 15 minutes maximum. For Admin’s convenience X-Payments v2.0.1 displays now a countdown with the time left or a popup if the session expired.
Besides we added a timer for checkout forms in X-Payments - We investigated the reasons why our merchants encountered non-finished or, vice-versa, double charged orders and discovered, that it's not uncommon when the shoppers open X-Payments checkout form, then become inactive for 1-2 hours for some reason, and finally return to the computer to complete this order. And though X-Payments processed the order successfully, by this moment X-Cart session had already expired, the store couldn't handle the order properly. As a result the shoppers saw a failed order warning (with non finished order in admin area) and placed an identical one (actually, the second transaction, i.e. charging the shopper twice).
The timer should prevent such situations by declining a payment attempt without losing shoppers cart contents if a session has already expired at X-Cart side.
We improved payments search in admin back-end of X-Payments
Now admin users can easily find payments using a new quick search form right on the list of payments page. Besides, advanced search has been re-done to provide better user experience for administrators.
This is useful for merchants who actively employ new X-Payments 2.x feature of tokenization for charging saved shoppers’ credit cards.
X-Cart 5 ready
X-Payments 2.0.1 comes with X-Cart 5 checkout template out of the box.
X-Payments admin back-end forbids Google Chrome to index its URLs
Despite of robots.txt file instructions not to index contents of X-Payments and password-protection of X-Payments admin back-end Google Chrome still reports URLs to Google and it is possible to retrieve them from Google cache. This doesn’t mean someone can get in and see what you have inside your X-Payments - neither content is indexed nor this gives access into your X-Payments, but understanding the URL structure of password protected areas can help bad guys sometimes. We are very concerned about the security of our products so we want to close and prevent any possibility for hackers even if it's not a vulnerability at all, but rather some kind of hint about the information they can't even use directly.
Changelog for PA-DSS certified software is called “Vendor Change Analysis Document” and you can see the one for X-Payments 2.0.1 using below link: https://docs.google.com/a/x-cart.com/document/d/12lahqumzPAhRJq-pphU5B9om-iQI3R3OBhHXK94goB4/
Please notice that it is made according to PA-DSS requirements of the PCI Council and doesn’t look like regular changelogs you used to see ;)
X-Payments project manager