Author Archive

Email Security FAQ

June 25, 2018

Some common questions we have received so far after the update:

1) I am using Outlook or another program to read email do I need to update the server address from mail.storesecured.com to webmail.storesecured.com?

No, the https://webmail.storesecured.com address change is ONLY for those who are using webmail. If you are using Outlook or your phones email etc this does NOT change.

2) Should I enable Secure Password Authentication?

No, Secure password authentication should not be checked, it is only for certain types of servers

3) Should the SMTP port be 25 or 587?

Either one, it does not matter for us, your Internet provider may block one or the other so if one does not work, then try the other

4) Does the outgoing server require authentication?

Yes, the outgoing server requires authentication using the same settings as the incoming server.

5) Can I connect without TLS?

Yes, you can technically connect without TLS but it is then not a secure connection just like using a http vs https webpage. We highly recommend always using a secure connection.

6) My email software only shows a checkbox for SSL and no TLS?

On some email programs we have seen that they do accurately use TLS when you check the SSL box as long as you are connected with the correct port. If your email program does not have TLS selection please try using the SSL selection instead.
If you are using IMAP for incoming, use port 143, if you are using POP3 for incoming use port 110.

7) My email still doesn’t work, can you help?

Yes, if you are running an older version of Windows, ie Windows 7 or 8 it may not support TLS 1.2 by default. To verify this is the case please send your ip address (look it up at www.whatismyip.com) to our support team and we can confirm from the logs.

8) I have Windows 7 and TLS 1.2 is NOT enabled, how do I enable it?

Here is a link to some instructions on how to update Windows 7 to support TLS 1.2
Scroll down in the article about halfway to where it says:
Steps required to switch to TLS 1.2 on Windows 7 and start there.

http://www.teamnetworks.net/blog/4832/enabling-tls-1-2-on-windows-7-complete-instruction/

Follow the steps listed.

Try to connect via email again.

Alternatively here is a article directly from Microsoft describing the same process, I don’t feel it’s quite as easy to follow though you may prefer to go straight to the source.
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

9) I’m still having problems?

If you are still having problems please contact our support team for assistance.

Advertisements

Email Security Changes and Maintenance Period 6/24

June 20, 2018

Effective June 24th there will be several security changes to our email server to comply with PCI rules.

  • Webmail will be moved from mail.storesecured.com to webmail.storesecured.com. (ONLY for Webmail).
  • Webmail must be connected to securely, ie https vs http
  • All connections to read/deliever mail should be done securely, using TLS (NOT SSL) connections
  • TLS 1.0 will be disabled, SSL will be disabled. All connections must use TLS1.2 or higher
  • The mailserver will not accept plaintext credentials. All credentials must be encrypted.
  • SSL access to the email server via ports 993, 995, and 465 via SSL will be disabled in favor of more secure TLS connections on ports 25, 110 and 143

Email Server Maintenance
The email server will be unavailable periodically during the maintenance period from approximately 8:00pm-midnight pacific time on June 24th to make the above changes.

How can I prepare for these changes ahead of time?
When using webmail start going to https://webmail.storesecured.com INSTEAD of http://mail.storesecured.com

If using Outlook or other email program to read your mail make sure it is setup to use TLS connections with the proper ports:
To change this setting in Outlook

  1. With your Outlook client open, select Tools from the main menu. Then select Account Settings… from the drop down menu.
    This will open up the Account Settings window.
  2. If you have more than one email account configured, make sure that your StoreSecured Internet account is selected.
  3. With your StoreSecured email account highlighted, select Change.
  4. This will open another window called “Change E-Mail Account“.
  5. Click More Settings….
  6. This will open another window called Internet E-mail Settings.
  7. Click the Advanced tab.
  8. Look in the section called Server Port Numbers.
  9. In the drop down menu under Incoming server select TLS from the list of options.
  10. If you are using IMAP the port number should be set to 143.
  11. If you are using POP the port number should be set to 110.
  12. Then, in the drop down menu under Outgoing server (SMTP), select TLS from the options.
  13. Your outgoing server port number should be set to 25, in the Outgoing server (SMTP) field or port 587 can be used as an alternate SMTP port if you cannot connect via port 25.

Additional Questions
If you have questions about your particular setup, email program etc, please contact StoreSecured support via our support system for additional assistance.  Also you can read our FAQ about the change here.

 

PCI Compliance and TLS 1.0 Update

June 1, 2018

Effective June 16th, 2018, StoreSecured will be turning off our support for TLS 1.0.    We are doing so to comply with the latest PCI standards which require that support for TLS1.0 is disabled by June 30, 2018 at the latest.

 

Potential Issues

Please note that if you or your clients have very old browsers this may mean that you are no longer able to use the StoreSecured website’s in secure mode unless the browser is upgraded.

How to check your browser

Go to https://www.ssllabs.com/ssltest/viewMyClient.html and look in the very first box labelled Protocol Support.  If it says “Your user agent has good protocol support” then you are good, otherwise you need to upgrade either your browser,  your operating system or both.

Why are we doing this

We are required to turn off TLS 1.0 and lower support in order to comply with PCI regulations and to ensure high security.  PCI regulations are required to be adhered to in order to accept credit cards.  As an ecommerce site provider this is critically important for us and for you our merchants.  We have waited as long as possible to turn this off to give clients time to upgrade and now we must proceed.

Questions

If you have any questions or concerns feel free to contact us via support request or via email at support@storesecured.com or you can read further at the link below:

https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf

Payment Page Captcha Added

September 6, 2017

Effective immediately new bot security measures have been added to the payment pages for StoreSecured merchants.  After multiple credit card declines a captcha will be shown to the user for them to prove that they are a human and not a bot.   As the declines continue the captcha will be shown each time and verification required to continue.  If there are several more declines the user will be temporarily blocked from processing a new payment for a period of time.

The captcha was added due to bots who are trying out credit card numbers on a few of our merchants websites resulting in high numbers of declined charges.  The captcha implementation is meant to keep the checkout process easy for real users but tough on bots.

If you are not familiar with what a captcha is you can read more about them at the link below:

https://www.intechnic.com/blog/what-is-captcha-and-how-is-it-used/

If you have any questions about this new feature please submit a support request and we would be happy to help.

Authorize.net Performance Issues 8/15

August 15, 2017

Important note for customers who use Authorize.net as the payment gateway.

Between approximately 9:30am and 12:30pm today 8/15, Authorize.net had several periods of slowness and errors with their API calls which resulted in errors and time outs for customers who tried to process credit cards with Authorize.net.  We urge merchants who use Authorize.net to check your transactions in the Authorize.net portal that occurred during this time for any duplicate orders or orders with payments that StoreSecured did not receive notice of.  Please note that during this time many attempts to charge customer credit cards were met with a timeout message or an error from Authorize.net and thus StoreSecured may not know the final status of those charges.

Google Chrome User Special Alert …Important

August 15, 2017

Special alert to our merchants who use Google Chrome.

Google Chrome has put out an update today which breaks the editor tool that is used inside of StoreSecured. Please note that when using the latest google chrome browser with Storesecured’s editor all of your editor content appears empty and if edited will result in losing your content.

This is a brand new Chrome update and we are investigating to see if the editor tool has an update to stop this problem.

In the meantime we recommend either turning off the editor if you use Google Chrome, use a different browser, OR set your editor to use the old version. This setting is located under General–>Other Settings.

Note that this is a result of an automatic update that Google Chrome is doing today so if you use Google Chrome this applies to you.

As soon as we have further information we will make further updates.

Portal issue 3/21/2017 (Resolved)

March 21, 2017

This morning, 3/21, StoreSecured experienced an issue that affected the successful loading of some of the pages in the application used to manage stores. Note that this issue did not affect actual store loading or any other areas beyond the editing of stores. The error was the result of a problem with a windows security update for new PCI compliance rules and was resolved at approximately 10:30am Pacific time.

We are sorry for any inconvenience that this error caused. The underlying issue has now been found and corrected.

Email Server Failure 2/13 2:00pm PST

February 13, 2017

2:55pm PST
The email server has been restored from the most recent backup file and all email accounts are now operating as normal. There was downtime of approximately 1 hour and any emails sent during that time will still be received.

**IMPORTANT** Please note that the last backup which we restored from was done at 11:00PM PST last night and all email accounts have been reverted to their status as of 11:00PM. Because we are now working off the backup please note that anything done between the last backup and 2pm is NOT visible. Ie emails sent were delivered as that action had already occurred. Emails that you had already opened to read between 11pm and 2pm will be shown again as unread. Most importantly, any email received during that period is no longer available. We are very sorry for the inconvenience that we know that this has caused, unfortunately the backup was about a half a day old. As is always the case, we will be reviewing what happened along with the backup policies and procedures to see if they can be improved for the future. If you have any questions, comments or concerns, please direct them to support@storesecured.com

2:00pm PST
The email server is currently down.  We have experienced a hardware failure for the server where the email is hosted.  All email accounts are currently non-functioning.  While we are researching what has happened we have begun a restore from the most recent backup to create a new server and as soon as the backup is restored we will be restoring email service.  Further information will be posted once it is available.   At this time we expect approximately 1-2 hours restore time.

All other services are operating as normal.

 

New Feature — Rich Cards Support

January 23, 2017

StoreSecured now includes support for Google Rich Cards.  There is nothing that you need to do to receive this change, it will be automatically included on all item detail pages with support for products and reviews.

From Google’s site…

For site owners, this is a new opportunity to stand out in Search results and attract more targeted users to your page. For example, if you have a recipe site, you can build a richer preview of your content with a prominent image for each dish. This visual format helps users find what they want right away, so you’re getting users who specifically want that especially delicious cookie recipe you have.

https://webmasters.googleblog.com/2016/05/introducing-rich-cards.html

New Feature — Export to LinnWorks

January 19, 2017

StoreSecured now supports the ability to export order information in the Linnworks format for easier printing and management of shipping label generation.  This is a beta feature that we hope to gather feedback from merchants

 

To enable this feature please visit

General–>Other Settings

Check the box at the very bottom labelled Enable Linnworks

Hit Save

Once Linnworks exports is enabled a new Export button will be shown on the orders screen.  The button text is Export to Linnworks.

When this button is pressed the searched orders will be exported to a file for import into LinnWorks

Continue here for the full help article