PDA

View Full Version : Passwords now hidden



shamieya
01-09-2013, 05:27 PM
Anybody else see this in their user accounts? the passwords are now asterisks.

GGG
01-09-2013, 07:47 PM
Seeing:********* (enter a new password)

?????????

Actually, fine by me as long as a copy/paste of those asterisks is going to work if we need to combine customer accounts.

Anyone have news on this?

Mike R
01-09-2013, 08:29 PM
I just spent 1.5 hours waiting to talk to someone at Volusion about this. What I got was a tech who had no idea what was going on and had to chat with some lead guy who also didn't know much about it. It had to be elevated and I am supposed to get a response in a couple of days. LOL!!!

My guess is that this is another Volusion change that they didn't bother to give any advance notice of. There's no dissemination of crucial information with Volusion. It's bad enough that they don't tell us about it, but they didn't even bother to tell their own techs. I don't know how much more screwed up this company can get. The service level is going downhill fast. No one should have to wait for and hour and a half to get a non-answer. I currently have a ticket that's been open and unaddressed for 40 days. I even made a comment on the ticket about the fact that it had been so long and still nothing. I think when I made my comment it started the clock over, so now I have to wait an additional 40 days. So much for their expansion and ramping up their customer service. I desperately want to move to another cart but just don't have the time to do it now because I already have 10 projects going at once. I keep sitting and hoping Volusion will wake up and get it right.

Anyway, from what the Volusion guy did say, you can no longer export the passwords via Import/Export and you can't copy the password to anything once it's entered. This is going to cause us some real problems.

Mike

GGG
01-09-2013, 08:35 PM
and you can't copy the password to anything once it's entered. This is going to cause us some real problems.

Mike

So what are we supposed to do when a customer accidentally sets up multiple accounts with that stupid email loop problem...or a guest returns and sets up an account, but discovers they can't access the order information unless we combine customer accounts??

arrgghhh!

AWCthreads
01-09-2013, 09:03 PM
Securing customer passwords is long overdue. This is a good thing.

When we started with V six years ago, I was shocked that we could see the password. After submitting requests to hide the passwords, it finally happens six years later.

We need to adjust and promote the security feature to our customers when necessary.

Mike R
01-09-2013, 09:08 PM
So what are we supposed to do when a customer accidentally sets up multiple accounts with that stupid email loop problem...or a guest returns and sets up an account, but discovers they can't access the order information unless we combine customer accounts??

Good question because I am doing that all the time. Now I would have to change the password for them and notify them that I did so or the loop would just continue as they might log-in anonymously when their password didn't work. Or, worse, the customer just gets frustrated and goes to my competition. Like many recent Volusion changes, they have now created more work for us and reduced our ability to service our customers. We are ADMINS and should be able to make these changes as needed to help our customers. Volusion has no Vision and can't see the implications of what they do.

Mike

AWCthreads
01-09-2013, 09:18 PM
Good question because I am doing that all the time. Now I would have to change the password for them and notify them that I did so or the loop would just continue as they might log-in anonymously when their password didn't work. Or, worse, the customer just gets frustrated and goes to my competition. Like many recent Volusion changes, they have now created more work for us and reduced our ability to service our customers. We are ADMINS and should be able to make these changes as needed to help our customers. Volusion has no Vision and can't see the implications of what they do.

Mike

Securing passwords is an appropriate update. Secure passwords is a service to your customers. A

fouled up loop/account problem is a different matter.

gifty
01-09-2013, 10:04 PM
I want to be able to see passwords!!! This makes it more difficult to leave. I am really ticked that we had no notice of this change. Maybe there should be something that hides them from all but the super administrator. I am old school. I hate not having the credit card numbers. The customers think we are beyond stupid when they want to add something and we have to take their credit card number again. They actually trust us less rather than more.

Mike R
01-09-2013, 10:11 PM
Securing passwords is an appropriate update. Secure passwords is a service to your customers. A
fouled up loop/account problem is a different matter.

Then it's a cart before the horse situation. They shouldn't have made the passwords secure until the loop/account problem was fixed. But we all know that won't be happening any time soon. It has been there since day 1 and they haven't done a thing about it. This change will now add to our work and will likely cost us sales. Plus, like I said before, it's just as big of a Volusion blunder that they didn't even notify us PRIOR to doing this. Secure passwords are fine if you have a shopping cart that works like it should.

Mike

GGG
01-10-2013, 04:37 AM
awc, don't you run into the duplicate account problem all the time? Unless V has fixed the loop problem, there's no other way to fix!!! I repeat, I have no desire to 'see' passwords, but unless those little asterisks will give us the ability to copy/paste/fix for our customers, I'm furious. Some notification from V regarding, would be much appreciated.

We don't retain credit card info and I don't want to. Even uncheck the box on a phone order page, so that customers cannot do so. Yes, the customers are shocked that we have the inability to add products to an existing order, but seem pleased by the fact that our security prevents us from doing so.

Marc_NY
01-10-2013, 05:16 AM
I am old school. I hate not having the credit card numbers. The customers think we are beyond stupid when they want to add something and we have to take their credit card number again. They actually trust us less rather than more.

Gifty, you do not need to ask them for there card info. You just need to add the item(s) to the order and do a separate charge for the balance. We do it all the time.

AWCthreads
01-10-2013, 05:38 AM
I've not had a complaint about the loop problem (doesn't mean it doesn't exist though). Having said that, if it existed in our store I would think I would have heard about it by now but who knows.

In six years when we've had the rare occasion of a password problem I have just given them a new password and told them to go into their account and change it.

I don't look like an idiot when a customer hasn't saved their cc info when they ordered. When they sound frustrated about having to give it again, I let them know they did not save the number to their account when they checked out.

AWCthreads
01-10-2013, 06:03 AM
Gifty, you do not need to ask them for there card info. You just need to add the item(s) to the order and do a separate charge for the balance. We do it all the time.

Marc, if you give them the option of checking out anonymously (which we do) how do you capture the funds?

shamieya
01-10-2013, 06:53 AM
Securing customer passwords is long overdue. This is a good thing.

When we started with V six years ago, I was shocked that we could see the password. After submitting requests to hide the passwords, it finally happens six years later.

We need to adjust and promote the security feature to our customers when necessary.

The orders situation can be fixed with an export/import. You can change the customer number associated with the order. Although, pasting a password and un-checking a box were much quicker...

I also agree having access to people's passwords was unusual even though it was extremely convenient. In school, we were always taught to stay as far away from people's passwords as possible.

shamieya
01-10-2013, 07:02 AM
Marc, if you give them the option of checking out anonymously (which we do) how do you capture the funds?

With PayPal CC processing I know you can initiate and authorize additional transactions after the fact. I'm not sure if it's the "virtual terminal" functionality or not. I believe authorize.net has this as well and it's integrated in Volusion. I've only used it if I need to charge people for something after the fact. I think there's a time limit on it too.

Lightning2000
01-10-2013, 07:02 AM
So, by hiding the password, how am I supposed to manually enter an order for a customer that places an order by phone, email, etc.? Also, how are you supposed to respond to a customer that forgot their password or cant be bothered to check their email if they request the password be sent to them online?

Does anyone at Volusion think through an issue from a merchant's standpoint before its implemented to see if there might be problems?

Lightning2000
01-10-2013, 07:43 AM
Just got off with tech support at V after being placed on hold for 15 minutes. I escalated the problem by speaking with their floor manager and he had no response other than to say we will open a ticket and contact the powers that be to get clarification regarding this change.

Simply amazing. One workaround he suggested would be to contact our customers and ask them for their password, that is if you can reach them. Imagine how ridiculous that sounds from a merchant's standpoint to ask the customer for their password. I guess as a response, I'm going to have to hide my credit card information from Volusion and ask them to contact me each and every month for the revised three digit security code.

I'm just livid...

AWCthreads
01-10-2013, 08:18 AM
So, by hiding the password, how am I supposed to manually enter an order for a customer that places an order by phone, email, etc.? Also, how are you supposed to respond to a customer that forgot their password or cant be bothered to check their email if they request the password be sent to them online?

Does anyone at Volusion think through an issue from a merchant's standpoint before its implemented to see if there might be problems?

Did you test this Lightning? I just opened a test order for an existing customer and it worked as usual. No request for password and all the billing, shipping and card info was present.

If someone forgets their password, go into their account delete the old one and give them a temporary one so they can go in and change it.

Does anyone here shop online?

Cherish
01-10-2013, 08:26 AM
I needed to add my two cents because I am livid about this as well.

I understand the need for password security. Not everybody should be able to see a customers password because they work in the back end, but I was under the impression that was why we had security settings in the first place. As a super admin I should be able to view the password for no other reason that I have to deal with at least a customer every day whom has forgotten their password.

That does not even take into account all of the other people who call in with some sort of account difficulty which ends up revolving around their password. As a matter of fact, just yesterday I had a customer who couldn't log in. At all. We had to change their password 3 times, twice to a temporary, and once back to the original. When we contacted Volusion about it they said that a) they couldn't duplicate our issue, and b) password rules had been changed so that you needed an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal, and a hieroglyphic. (I might be exaggerating there a bit, but the first two are true, and you can't have consecutive numbers) None of which helped the customer, and none of which we knew about before yesterday. I'm now inclined to believe that my customers problem was caused by Volusion's messing around with the password system.

And now, if I wanted to help a customer even as much as I did yesterday, I would have to ASK the customer for their password.

OHC
01-10-2013, 08:27 AM
So what are we supposed to do when a customer accidentally sets up multiple accounts with that stupid email loop problem...or a guest returns and sets up an account, but discovers they can't access the order information unless we combine customer accounts??

Why do you need the customer password to combine accounts?

Lightning2000
01-10-2013, 08:31 AM
AWC,
That's not the point. The point is that nothing was broken, so nothing needed to be addressed. Our customers tend to be older and a bit more stodgy than most. For us to tinker with their password is another reason for them to simply forego our site in favor of someone else's that sells similar products and isn't as finicky as we are when it comes to assigning temporary passwords. I also don't need to learn a work around for a process that already works for us.

And yes I do shop online and never ran into a situation where I was asked to constantly change my password each time I wanted to enter an order, which is where this situation now stands. Why not just hide the entire customer profile from the admin while we're at it and make them work in the dark.

AWCthreads
01-10-2013, 08:34 AM
Why didn't the temporary password work? It always has for us.

AWCthreads
01-10-2013, 08:37 AM
AWC,
That's not the point. The point is that nothing was broken.

A visible password is broken. It's a hole in security. You can't claim to be secure on the front end but compromised on the backend and call it a secure solution.

Also, what you're referencing doesn't appear to need a workaround. The phone order works fine for me.

Delete the password and provide a temporary one.

demitrius
01-10-2013, 08:41 AM
Visible passwords on either end are a huge no-no, there's no argument. End of story. Even if you have direct access to a database, you should still not be able to directly see a user's password. Run your own message board like this one, and you still wouldn't be able to see our passwords. It's all salted/hashed for security.

However, Volusion's method of dealing with certain merchant situations is a huge blunder. That is a whole different argument.

tandt
01-10-2013, 08:53 AM
Cherish
Just been in Chat with V. Said that customer passwords can be up to 20 characters and can contain letters, numbers and special characters. There's no minimum length and no requirement to have a combo of letters and numbers, nor upper/lower case rules.

AWCthreads
01-10-2013, 08:56 AM
I don't recall anyone ever telling me my password when I forgot it. Talk about llivid. I might be livid if a e-tailer quoted me my password.

demitrius
01-10-2013, 09:04 AM
FWIW, this is how social engineering hacks work. I could be a prick customer/friend/jilted lover with a vendetta against someone, and simply call your store and say my account doesn't work, password doesn't work, etc.

Rick H.
01-10-2013, 09:10 AM
This password fix is technically correct. Nobody should be able to see passwords.

However, Volusion fails again because they do not test their stuff in multiple browsers.

The "no password set" and "******** (enter a new password)" text does not display in IE.

FAIL

Lightning2000
01-10-2013, 09:10 AM
Quick question: Can V see our merchant passwords? I'll bet dollars to donuts they can. I've been with them for seven years now, and all of a sudden this is an issue, and merchants aren't even told about the change until they wake up one morning and discover the change without advance notification? PR nightmare aside, this is ridiculous, and we shouldn't have to use temporary passwords as a solution when everything was fine all along.

If a customer wants to be shady, there are countless ways to screw the merchant. I don't see this as one of them once you feel confident you know who you are speaking with and ask for their other pertinent information.

demitrius
01-10-2013, 09:16 AM
V was never one to be trustworthy in the first place ;)

demitrius
01-10-2013, 09:18 AM
This password fix is technically correct. Nobody should be able to see passwords.

However, Volusion fails again because they do not test their stuff in multiple browsers.

The "no password set" and "******** (enter a new password)" text does not display in IE.

FAIL

lol, sure enough they decide to use an HTML5 tag that is not supported whatsoever in IE. I guess V has yet to discover conditional statements.

http://www.w3schools.com/html5/att_input_placeholder.asp

Cherish
01-10-2013, 09:21 AM
Cherish
Just been in Chat with V. Said that customer passwords can be up to 20 characters and can contain letters, numbers and special characters. There's no minimum length and no requirement to have a combo of letters and numbers, nor upper/lower case rules.
Very strange, I will see if I can get the chat transcript the should have sent.

Also for what it's worth, I have only ever had my password changed once when I called a merchant, and it was a randomly generated series of numbers and letters. I am pretty sure the rep I talked to never saw or Knew what it was, and I am fine with that. I would love it if along with hiding the password there was an "apply random temporary password and e-mail customer" button.

Oh, and it worked.

Rick H.
01-10-2013, 09:34 AM
...I would love it if along with hiding the password there was an "apply random temporary password and e-mail customer" button.

That is my thought, too. So obvious. But not to the Volusion developers.

demitrius
01-10-2013, 09:38 AM
Don't worry, this will make another bullet point on their next update.

* Fixed our own defect -- sorry, "Minor UI adjustment to Customer Account Page"

Cherish
01-10-2013, 09:45 AM
Just been in Chat with V. Said that customer passwords can be up to 20 characters and can contain letters, numbers and special characters. There's no minimum length and no requirement to have a combo of letters and numbers, nor upper/lower case rules.

Found it, this was the conversation our rep had with Volusion yesterday:



Luis A: Hello! Thank you for contacting Volusion I will be with you in one
moment.
Rebecca: ok
Rebecca: customer ID #'s XXXXXX and XXXXXZ for instance
Rebecca: We also tried to log in as cust # XXXXXX and could not, then when I
tried to place an order for her, once I had everything in the cart then tried
to log in with the ID#, it would not log in and came back with the word help in
the box?
Luis A: Password Criteria ---- no 123 (meaning sequential numbers), cant have
the domain, cant have the username, must have a capital and lowercase, must be
6 characters.
Rebecca: Is this new?
Luis A: somewhat, not really new


I find this fairly odd.

tandt
01-10-2013, 10:15 AM
Cherish
Maybe this refers to admin passwords? Just a thought

Cherish
01-10-2013, 10:20 AM
Maybe, but that would mean the Volusion rep was being particularly obtuse. (Very possible) Considering we were specifically asking about Customer passwords. I am inclined to think that we both got a different response to the same question.

Kitty
01-10-2013, 10:26 AM
Securing passwords is an appropriate update. Secure passwords is a service to your customers. A

fouled up loop/account problem is a different matter.

Totally agree with AWC. This is two seperate areas of problems. The update brings Volusion up to a modern day standard with customer accounts.

The fact that the checkout is buggy, customer account set up is flawed and buggy are seperate issues that need addressing as a matter of priority also.

I agree however that Volusion should warn us before rolling out updates such as this that make a substantial impact on our day to day business administration. The fact that they do not work with their customers and keep them appropriately informed about issues such as this is unacceptable.

Cherish
01-10-2013, 10:31 AM
The fact that the checkout is buggy, customer account set up is flawed and buggy are seperate issues that need addressing as a matter of priority also.


I agree completely with you, and AWC. My main issue is that there are things tied to hiding the passwords that should have been dealt with at the same time, not later. At the very least we need a way to assign a random password when we do phone orders, and have that password be e-mailed to the customer.

Kitty
01-10-2013, 10:48 AM
Unfortunately it appears to be typical V modus operandii ....1 step forward and 3 steps back or more aptly fix one thing that messes up 5 others I suppose one day they might just catch themselves up backwards...

oxx155
01-10-2013, 10:52 AM
I agree that customer passwords should have always been hidden for security.
But, putting forth a change such as this with no prior notice (and without even notifying their own customer service) proves that Volusion still has a lack of management in making proper decisions and a total lack of care for their customers.
I have long thought that no one at Volusion has any experience with E-Commerce at all.
I bet you we could easily run a test of having several different merchants call about the same issue and see how many different answers/resolutions/work-arounds we get. Change the issue and repeat the test and the same thing will happen.
LOL, thankfully I won't have to deal with this much longer.

Cherish
01-10-2013, 11:09 AM
So I have a definitive answer, and looks like you were right tandt. Almost all the restrictions are for Super Admins only. Customers have free reign.





Cherish: We have been told conflicting things about passwords. What are the current requirments for passwords. Are they different for customers, and admins?
http://www.strapworks.com
David M: Hello! Thank you for contacting Volusion I will be with you in one moment.
Cherish: Thanks.
David M: Good Afternoon, how are you today?
Cherish: Just Fine, how about yourself.
David M: I am good thank you for asking
David M: The requirement for all accounts
David M: is 8 characters and it can not be one of the previously used passwords
Cherish: We had been told this: Password Criteria ---- no 123 (meaning sequential numbers), cant have the domain, cant have the username, must have a capital and lowercase, must be 6 characters.
Cherish: Are there any resrictions?
David M: The restrictions that you listed above are also correct
Cherish: And we were also told this: passwords can be up to 20 characters and can contain letters, numbers and special characters. There's no minimum length and no requirement to have a combo of letters and numbers, nor upper/lower case rules.
Cherish: And pretty much all of our passwords break a rule in there somewhere.
Cherish: of course, now that I can not see the passwords I can not give you very many examples, but I know for a fact that we have used temppass12345 before, and many times.
David M: I am pulling up some more password infomation, just one min
Cherish: Thanks! You can understand our confusion I hope....
David M: I can
David M: and let me get you the 100% link for the right answer
David M: The password for this customer, which can be up to 20 characters. To change, simply re-enter a new password and save changes.
David M: there is no limitation for the customer accounts
David M: or the normal admins
David M: it is only the super admin - or owner account that has all the restrictions
Cherish: Normal admins cannot reuse a previously used password, I know that is a restriction.
Cherish: But for the rest, that is helpful.
David M: :-)
David M: Is there anything else I can assist you with at this time?
Cherish: That's it. Could you please send me a copy of this chat?
David M: a copy will be sent
David M: Thank you for choosing Volusion and have a great day! :) David M. Support Pages - support.volusion.com

ritchey
01-10-2013, 12:15 PM
Having access to customer passwords was convenient, but it was a security nightmare. Many customers use their passwords for multiple places. Truthfully, I really don't want access to a customers password. Same with a customers credit card. The export of passwords has been disabled for a while.

It would have been nice to have been notified via E-Mail of this huge change. What's so hard about doing an E-Mail when they do a major change? Allow me to subscribe and unsubscribe from various E-Mail lists!

cmjonline
01-10-2013, 12:45 PM
What are merchants who are going to move to a new provider going to do now. I remember some had set the view customers list to 500 and copied an pasted into excel to export/import passwords. What are we going to do now, have 25K customers come to the new site and no longer be able to order. Assign the same password to everyone and then send an email telling them to update. I have shopped online since the beginning and do not remember ever having this issue at any site I have made repeat orders from. Some of them had to have moved platforms.

GentleBath
01-10-2013, 02:30 PM
I agree that customer passwords should have always been hidden for security.
But, putting forth a change such as this with no prior notice

I too was surprised that we had access to PW in V when I came. My very old free Ocs cart even secured them from me. I had a huge problem importing and exporting PW when I tried add my previous customers and when I called support, they told me I could not I/E PW in V back then. I have feeling that they were already working on this then. I could swear that I had I/E the customer table with PW about a week earlier with no problems.

I just don't understand how they can make such a huge change like this without sending out an overview of the changes, at the least an email with a link the KB articles on new PW rules ect would have been helpful.

I just checked and it looks like they have already add some updates to the KB -

This is already in the article Customer Password:

To conform with industry best practices and shopper expectations, Volusion does not allow you to view your customers' unencypted passwords. You can help a customer get logged in to their account by entering a secure temporary password on their account at Customers > Accounts. Then, provide your customer with the temporary password so they can log in from your store's login page. Advise your customer to update their password as soon as they are logged in by clicking Change e-mail address, or password from the My Account page.

This is in the article Admin Password - Is this new or old? I don't remember this from before and I had to change my password for another reason so this has not come up for me?

Payment Card Industry (PCI) security compliance standards and requirements are regularly revised in order to provide best practices for electronic payment processing. According to the PCI Security Consortium's current guidelines, administrator passwords must be changed at least every 90 days for online ecommerce systems.
PCI requirements are mandated by the credit card industry (e.g. Visa, Mastercard), and ultimately, this practice helps ensure your online business remains secure.
You can update your administrator account password by logging in to your Admin Area, going to Customers > Administrators, and choosing the ID number of your administrator account from the list of store administrators. Enter your new password into the the Password field and click Save.

I can't find anything in the KB on Super Admin Password requirements as stated in the above post...

Cherish
01-10-2013, 02:59 PM
Which is one of the reasons we asked Volusion if there were rules, once we started having some issues with our customers' being able to log in. We had been told a couple different things, and I took time to ask for clarification. I can only hope what the rep told me is right.

GGG
01-10-2013, 03:53 PM
I'm out of town, the functionality of my store has changed, I wasn't notified in advance, and I'm pretty po'd.

I think it was OHC who asked why we would copy/paste passwords. Keep in mind that we allow anonymous checkout.

Copy/paste in this scenario:

a) Customer signs up for newsletter/gets lost in the log in loop mess/doesn't understand after guest checkout that they can't view order information...but places order (if eventually able to get through login loop mess). Customer now has multiple customer accounts on file. One with password (no order) one without password (order placed, but can't access.

b) Customer then calls or emails and says they can't access order...because the order placed under account with no password.

c) After confirming customer identity, we will find original customer account, copy password over to the account with the order, duplicate customer requests (newsletter subscription, etc) and then delete the customer account that had no order information.

So my question is will we be able to copy those asterisks and do the same so a customer has access to an order when requested?

oxx155
01-10-2013, 04:48 PM
I am guessing they did this because they failed a PCI checkup.

Lightning2000
01-10-2013, 07:02 PM
Here's V's response to my inqury:

To conform with current industry best practices and shopper expectations, we recently changed the way the Admin Area displays customer passwords to store administrators. Note that all registered customers can automatically retrieve their passwords at http://www.YourVolusionDomain.com/login_sendpass.asp at any time. If you need to assist a customer in password retrieval, you can enter a new password directly on the Admin Area account page at 'Customers' > 'Accounts'. The customer can then edit it as desired at the aforementioned URL.

If you have any other questions or concerns with this or any other issue, don't hesitate to contact us again.
Thanks for choosing Volusion and have a great day!

I'm guessing you are correct Oxx

shamieya
01-11-2013, 08:41 AM
I'm out of town, the functionality of my store has changed, I wasn't notified in advance, and I'm pretty po'd.

I think it was OHC who asked why we would copy/paste passwords. Keep in mind that we allow anonymous checkout.

Copy/paste in this scenario:

a) Customer signs up for newsletter/gets lost in the log in loop mess/doesn't understand after guest checkout that they can't view order information...but places order (if eventually able to get through login loop mess). Customer now has multiple customer accounts on file. One with password (no order) one without password (order placed, but can't access.

b) Customer then calls or emails and says they can't access order...because the order placed under account with no password.

c) After confirming customer identity, we will find original customer account, copy password over to the account with the order, duplicate customer requests (newsletter subscription, etc) and then delete the customer account that had no order information.

So my question is will we be able to copy those asterisks and do the same so a customer has access to an order when requested?

You can still resolve those with an Orders import. I mentioned this earlier, but just thought about making how to make it much faster by making myself a little import file for orders that I can pull up and import very quickly. Then just add the order number, the correct customer number, and import to Orders.

AWCthreads
01-11-2013, 10:10 AM
I am guessing they did this because they failed a PCI checkup.

Probably. After Debacalypse 2012 I sent them a feature request to hide the password and asked them why they would put us through 4 months of hell to become compliant and leave the passwords visible.

dmoore
01-11-2013, 01:57 PM
. Yes, the customers are shocked that we have the inability to add products to an existing order, but seem pleased by the fact that our security prevents us from doing so.

I add items to orders that have already been paid all the time. I just add the item and then send them the payment link.

ritchey
01-11-2013, 02:42 PM
Under products on the order, there is a little link for Add, right next to edit. You do need the exact product code, it's not like the phone order page :-(

gifty
01-11-2013, 04:15 PM
Have I missed something? If there is away around this issue I would love to hear the solution for being able to add additional charges without having to call for the credit card number.

Our experience is if they did not set up an account and check the box to keep their card on file you can not add additional charges after the card has been charged.

GGG
01-11-2013, 04:21 PM
Perhaps who you use/settings? We use authorize.net with authorize at sale, capture at shipping.

ritchey
01-11-2013, 04:47 PM
Two separate issues:

1. Can you add items to an order
Yes!

2. Can you charge the customer for the added items?
With some work :-) If the customer saved their credit card, I believe you need a CVV2 after you enter the amount of charge after you added an item for payment due, if they saved their credit card information.

If they did not save their credit card information, you will need to get that.

GGG
01-11-2013, 04:53 PM
Just one issue to me...nothing gets added to an order unless paid for...:D

AWCthreads
01-11-2013, 05:07 PM
Have I missed something? If there is away around this issue I would love to hear the solution for being able to add additional charges without having to call for the credit card number.

The only way I have found to do it is through auth.net but I don't like offline payments because the transaction amounts are not seen in admin or in reports.

Marc's previous post implied it could be done in admin some way. I asked him about it but no return post from him.