Drupal

With Drupal+Ubercart, be wary of alternative payment gateways

Learn why using mainstream payment gateways like Authorize.net or Paypal is crucial for secure ecommerce with Drupal's Ubercart. Avoid pitfalls associated with alternative gateways.

If you are using Ubercart to do ecommerce with Drupal, be sure to use one of the mainstream payment gatways: Authorize.net or Paypal.

While Ubercart does support a number of alternative payment gateways, the dangers in going with these alternatives are significant. Here's an example of a single day where two of the less well known Ubercart payment modules were exposed as having flaws that allow people to checkout without needing to pay:

SA-CONTRIB-2010-062 - Ogone | Ubercart payment - Access Bypass

SA-CONTRIB-2010-064 - Ubercart MIGS Payment Gateway - Web Parameter Tampering

This means the cornerstone of your ecommerce - payment - could be completely side-stepped. This is is just one example of why we recommend using one of the mainstream gateways.

I do not mean to disparage the hard work of those individuals – I know both the maintainers and coordinators within the Drupal security team worked hard to get timely fixes published. However if you (or your client) must select an alternative gateway, it's vital that you commit adequate time to testing and Q/A of the payment processor.
Drupal

Similar posts

Get notified on new marketing insights

Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.