HSBC Secure epayments error

[benjo132]

Hi,

Since early yesterday we have been unable to process any payment using HSBC Secure epayments. The problem occurs on the 3DSecure return page which is accessed after a customer enters their 3D secure password (or after this page is skipped if the card is not 3D secure enabled).

The error we are getting on our server is The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

I know for a fact that our SSL certificate is valid and working fine and nothing else has changed on our server at all for months.

I am hoping that this issue is down to HSBC however there is no secure e-payments support available on a weekend. I have spoken to HSBC and they said that all we can do is wait until Monday and also raise the issue of how we are meant to get support on a weekend.

What I am wanting to find out is if anybody else is experiencing problems? If so please let me know as I would be reassured to know that this is an HSBC issue and not down to me!

Any ideas on fault resolution would also be gratefully received.

Thanks,

Ben

 

[victorm]

2nd time this year, a client of ours encountered a similar problem on the last weekend of January. nothing to do - their IT is not 24x7, just hang in there and put out a message on the website advising your customers to use an alternative payment method (this is the right time to revert to Paypal) to avoid bad press. Good luck with it, hope you don't loose much!

 

[drhoo]

We've been also unable to process cards since Saturday. We use HSBC's XML API. I contacted HSBC and they said they don't know what's happening as only some of their merchants are having problem processing cards.

 

[Ash77]

Yes had this effecting a few sites too, lucky for our client we've never been a big fan of hsbc so always had backup payment gateways (sagepay & paypal) in place otherwise they would have lost quite a large amount of money over the weekend.

The problem is down to the CA bundle on the server your using to connect hsbc and you need to update it. The reason this has happened is down to them updating there SSL cert, it's valid but not trusted by a lot of servers.


HSBC epayments response is below and I'll do a blog post howto later so you can see how to do it. If you don;t have root level access to your server you will need to get your hosting company to reslove this for you.




*****



The SSL certificate on API had to be renewed over the weekend due to which merchants having any old certificates on their server are facing a problem.

The old certificates on their server are not able to trust our new certificates.

This issue is only related to those merchants who do not do regular certificate updates.

The issue could be with the root certificate or the intermediate certificate on their server.

If updating the root certificate does not solve the issue please update the intermediate certificate.

Please ensure that it is updated on your API server.

Please find the required links specified below to update the certificate.

"ultimate root"
http://www.verisign.com/support/roots.html

Root 3 - Verisign Class 3 Primary CA - G5 [3rd one down]

Country = US
Organization = VeriSign, Inc.
Organizational Unit = VeriSign Trust Network
Organizational Unit = (c) 2006 VeriSign, Inc. - For authorized use only
Common Name = VeriSign Class 3 Public Primary Certification Authority - G5
Serial Number: 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a
Operational Period: Tue, November 07, 2006 to Wed, July 16, 2036
Certificate SHA1 Fingerprint: 4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5
Key Size: RSA(2048Bits)
Signature Algorithm: sha1RSA

"intermediate certificate"
http://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/

Secondary SSL Intermediate CA Certificate [bottom one]

CN = VeriSign Class 3 Secure Server CA - G3
OU = Terms of use at https://www.verisign.com/rpa (c)10
OU = VeriSign Trust Network
O = "VeriSign, Inc."
C = US
Serial number: 6e cc 7a a5 a7 03 20 09 b8 ce bc f4 e9 52 d4 91
Key Size: RSA(2048Bits)
Signature Algorithm: sha1RSA

 

[TotalWebSolutions]

If anyone is looking to change payment provider due to being unhappy with the existing service they are receiving then please consider Total Web Solutions. We are wholly UK based, offer excellent customer service/support and reliability. We charge no setup fee, offer low monthly charges and unlike some other providers we do not charge for declined transactions. We are PCI Level 1 accredited and operate from our own data centre on 99.9% uptime.

Click the link in my signature to find out more.

 

[jcongerton]

Hi

I am still experiencing the same problems as above with HSBC api, did you manage to post how to update the certificates, as i think i have updated mine, however thet still do not work! Do i need to remove any first? HSBC support is PANTS! Thank god i had paypal as a back up!

Jason

 

[SecureTrading]

If you are considering switching payment providers in light of your recent issues, we'd like the opportunity to discuss your requirements, give us a call on 0800 028 9151 or see http://blog.securetrading.com/2011/03/thinking-of-switching/ for why you should switch to SecureTrading

 

[john4012]

This just goes to show how pathetic the epayments service is.

I completely understand HSBC need to do updates to their server but to carry out an update which potentially could have harmful effect on its merchants on a Saturday morning without prior warning is beyond stupid!!

Many merchants using this system will leave the office on a Friday evening and wont process any orders until Monday morning only to discover Epayments have done an update without telling anyone and no orders have transacted successfully. Well done guys!!

I have used the epayments system for a number of years but after this last disaster im moving away. It took 3 days for the helpdesk team to finally realise there was an isssue with their SSL update and subsequently release a fix! 3 DAYS!!!

For a service that must process Millions of pounds a week i find it very hard to understand the cavalier attitude HSBC takes towards its merchants.

 

[jcongerton]

I am still having an issue updating my certs, you helpdesk couldn't point me in the right direction could they? I'm desperate at the moment! Client is going nuts, my hosting company say the certs are installed correctly but still no payments taken!

Oops should have read your post properly you just applied the fix the hsbc helpdesk told you to do. Was this on a windows server?

 

[jcongerton]

Hi

Glad to say we finally resolved the issue, the problem was not with updating the root certificates in IIS or the certificate store. In our case it was to do with Cold Fusion, i had to install the root certificate (not intermediate) in the Cold Fusion certificate store. See Adobe KB article below

Adobe kb400977


Jason