Miva Payment Encryption

Merchants using Miva Merchant 4.14 or higher have the ability to encrypt their customers’ payment data before it is stored on the their server. Order Manager versions 2 and above have the ability to decrypt the payment information before downloading the orders.

 

Turning on the encryption in Miva Merchant

 

  1. Log in to your Miva Merchant Admin site.

  2. Using Advanced Administration, expand your store list.

  1. Expand the store that will be encrypted.

  2. Expand the Order Processing Option.

  3. Click on the Encryption link.

  1. Check the "Activate Encryption" option.

  2. Enter the prompt you want to appear when the Decryption Key is requested.

  3. Enter the key used to encrypt the payment data in the Encryption Pass Phrase field and again in the Verify Encryption Pass Phrase field. Remember the pass phrase! You will need it to decrypt your payment data!

  4. Click Update to turn the encryption feature on. Any orders currently in the system will NOT be affected by this. New orders will now have their payment data encrypted as it is received.

 

 

Installing the Miva Module for Order Manager

 

The module for the compiled version of Miva Merchant is included with Order Manager. It is called "ordmanexport.mvc". This file will be found in the directory where the Order Manager was installed. See Setting Up a Miva Merchant Shopping Cart for more information. You must have version 1.310 or higher of the ordmanexport.mvc file to use the decryption feature.

 

 

Configuring the Order Manager to Decrypt Payment Data

 

Current Version of the Order Manager:

 

  1. Go to the Maintenance Menu>Create Edit Shopping Carts>Go. Select the Miva shopping cart definition from the Current Carts List.

  2. Click the Edit Cart button at the top of the form.

  3. Check the box labeled Website uses payment encryption.

  4. Enter the Decryption Key created earlier at the shopping cart in the field of the same name.

  5. Re-enter the decryption key in the field labeled Reenter Key.

  6. Click the Save button.

 

Legacy Versions of the Order Manager:

 

Two system parameters must be set to decrypt your payment data as it is imported. Go to the Set System Parameters dialog box and select the Miva parameter group. Click on UseMivaEncryption. Set to True and click Save.

 

Click on MivaDecryptionKey. Enter the "Encryption Pass Phrase" used in your Miva store to encrypt the payment data in the Parameter Text field. Click Save.. If you do not want to store your pass phrase in the Order Manager for security reasons you may leave this parameter blank. Each time you download orders from Miva, the program will ask for the Miva Decryption Key (i.e. Encryption Pass Phrase). If you do not enter the decryption key at that time, the program will store  "**SECURED**" in each field that contains payment data.

 

 

Special Considerations

 

The Encryption Pass Phrase can be changed at any time in Miva Merchant. If you feel that someone has access to your encryption key, feel free to change the encryption pass phrase immediately. Keep in mind that as you change your encryption pass phrase, the new phrase will be used to encrypt any new orders entering the system. Orders that were already in the system and encrypted using the old pass phrase still require the old pass phrase to be decrypted. The Order Manager can only pass a single Encryption Pass Phrase (Decryption Key) for each batch of orders downloaded. You may wish to change the encryption pass phrase after downloading all the new orders in your store so the next batch of orders will have the same decryption key.

 

Updated 10/30/09