Latest news 2024-02-16: Experimental (unstable) datatool v2.49a available for testing. Download from the experimental page if you would like to try it out.

Dickimaw Books Blog RSS feed

Book Shop Closed Indefinitely Due to PayPal Removing Support for Encrypted Website Payments 🔗

The Dickimaw Books store has unfortunately closed until further notice. The reason for this is because PayPal has removed support for encryption with its PayPal Payments Standard option. This is where an online store redirects the customer to PayPal’s site in order to make the payment. PayPal is still providing this payment option, but the store will now only work if I switch off encryption, which I’m not prepared to do.

For those who want more detail, the way that this works is as follows. The customer adds products to the basket and proceeds through the checkout process until they arrive at the final checkout page that confirms the price of each item, any discount applied, postage and packaging, final total, invoice address and shipping address. All this information needs to be sent to PayPal so that the correct amount can be charged. Once the transaction is successfully completed, PayPal then sends a notification back to the store to confirm that the payment has been made.

Without encryption, the transaction data at the checkout page is contained in plain text within the form parameters and is sent as plain text to PayPal when the customer clicks on the continue button.

There are two problems with using plain text. The first is that these private details about the customer and their transaction can be intercepted by a third party eavesdropper.¹ The second is that a dishonest customer can open the developer tools in their web browser and alter the payment details, awarding themselves a hefty discount and defrauding the merchant. Under those circumstances, it’s hard for the merchant to prove that they didn’t have the products temporarily listed at a lower price when the transaction was made.

Encryption helps to protect both the customer’s private details and the merchant. The way that this is done is through public/private key encryption. At the checkout page, all the transaction details are stored within a single form parameter with an encrypted value. This prevents any tampering and also protects the data when it’s transmitted.

There is a two-way communication between the merchant’s site and PayPal. In order for the encryption to work, the merchant’s store needs a copy of PayPal’s public certificate (which the merchant used to be able to download from their PayPal business account). PayPal, in turn, needs the merchant’s public certificate. The encryption and decryption can’t be performed without a valid public/private key pair.

Certificates have an expiry date. This is a precaution in case the private key is stolen. Whilst stolen keys can be revoked, there’s a chance that this may not be noticed. An expiry date at least limits the length of time a stolen key can be used for.

The certificate for the Dickimaw Books store expired last Sunday. I had set myself a reminder to create a new pair and did so the day before, but when I tried to upload the new public certificate to PayPal, I encountered a 404 page not found error. I raised an issue with their merchant technical support and was informed that the encrypted option was no longer available. The checkout will now only work if I disable the encryption from the store’s admin page.

I have no idea why PayPal would intentionally remove a security feature, particularly without giving any prior warning. This will obviously impact all small merchants who use this method, although they may not discover this until their certificate expires and they try to upload a new one. I’m hoping that this issue will turn out to be a miscommunication within PayPal’s technical support department and an inadvertent broken link. Until they restore the ability to use encryption or until I find an alternative payment provider, the store will remain closed.

Meanwhile, if you want to purchase any of my paperback books, you can purchase them from a third party book seller, such as Amazon.


¹Using https instead of http does, of course, add a layer of protection, which helps protect against eavesdropping, but it doesn’t protect against fraudulently altering the information before it’s sent.

Next Post

For some weeks now, the forms on this site, such as the contact page, have been unable to send an email. It seems to be caused by an SSL issue outside of my control. All support channels to the web hosting company used by this site are down, which means I can’t even report the issue, let alone get it fixed.
Nicola Talbot 2022-08-28 (updated 2022-10-08) 📂 Site 🔖 News

Previous Post

image of dickimaw parrot with cookies in cloudsOnce upon a time, a little parrot decided to migrate across the vast ocean to the cloud lands, with nothing more than a handful of cookies. The Dickimaw Books site has migrated to a new web hosting provider and this is the story of its journey.
Nicola Talbot 2019-09-15 📂 Site 🔖 Migration

Recent Posts

End of Year Ebook Sale
Book coversThe DRM-free ebook retailer SmashWords has their end of year sale from 15th December 2023 to 1st January 2024. My crime novel “The Private Enemy” and children’s illustrated story “The Foolish Hedgehog” both have a 50% discount and my crime fiction short story “I’ve Heard the Mermaid Sing” and cybercrime fiction short story “Unsocial Media” both have a 100% discount (i.e. free!) for the duration of the sale. Did you know that you can gift ebooks on SmashWords?
Ebook Sale July 2023
Book coversThe DRM-free ebook retailer SmashWords has a sale from 1st – 31st July 2023. My crime novel “The Private Enemy” and children’s illustrated story “The Foolish Hedgehog” both have a 50% discount and my crime fiction short story “I’ve Heard the Mermaid Sing” and cybercrime fiction short story “Unsocial Media” both have a 100% discount (i.e. free!) for the duration of the sale. Did you know that you can gift ebooks on SmashWords?
Bug Bounty Hunters
Image of magnifying glass over a green bug.I was recently informed that dickimaw-books.com had a medium severity reflected cross-site scripting (XSS) vulnerability in the version of cPanel this website was using at the time. I solved the problem by moving to a new web-hosting provider that didn’t have the issue. The security researcher used a non-invasive probe. No data was compromised.
Nicola Talbot 2023-05-22 (updated 2023-06-17) 📂 Security Site 🔖 Migration News Online Store
Unsocial Media: a cybercrime short story
Unsocial Media book cover.Greg has unwisely accepted a friend request from “Natalie”, a stranger who starts to stalk him after failing to hook him in a scam but, unknown to either of them, Greg’s wife (the narrator) is quietly investigating Natalie, following the trail from online into the real world.
Hello E-Hedgehog
The Foolish Hedgehog Cover Image.The Foolish Hedgehog is back in print as an ebook. If you’re looking for a short illustrated story for young children to keep them entertained over the holiday, have a read of the preview on SmashWords and buy it while it’s half-price!
Ongoing Email Issues on Website
For some weeks now, the forms on this site, such as the contact page, have been unable to send an email. It seems to be caused by an SSL issue outside of my control. All support channels to the web hosting company used by this site are down, which means I can’t even report the issue, let alone get it fixed.
Nicola Talbot 2022-08-28 (updated 2022-10-08) 📂 Site 🔖 News
Search for:
Search Tips

📂 Categories

Autism
Books
Children’s Illustrated Fiction
Illustrated fiction for young children: The Foolish Hedgehog and Quack, Quack, Quack. Give My Hat Back!
Creative Writing
The art of writing fiction, inspiration and themes.
Crime Fiction
The crime fiction category covers the crime novels The Private Enemy and The Fourth Protectorate and also the crime short stories I’ve Heard the Mermaid Sing and I’ve Heard the Mermaid Sing.
Fiction
Fiction books and other stories.
Language
Natural languages including regional dialects.
(La)TeX
The TeX typesetting system in general or the LaTeX format in particular.
Music
Norfolk
This category is about the county of Norfolk in East Anglia (the eastern bulgy bit of England). It’s where The Private Enemy is set and is also where the author lives.
Security
Site
Information about the Dickimaw Books site.
Speculative Fiction
The speculative fiction category includes the novel The Private Enemy (set in the future), the alternative history novel The Fourth Protectorate, and the fantasy novel Muirgealia.

🔖 Tags

Account
Alternative History
Sub-genre of speculative fiction, alternative history is “what if?” fiction.
book samples
Bots
Conservation of Detail
A part of the creative writing process, conservation of detail essentially means that only significant information should be added to a work of fiction.
Cookies
Information about the site cookies.
Dialect
Regional dialects, in particular the Norfolk dialect.
Docker
Education
The education system.
Fantasy
Sub-genre of speculative fiction involving magical elements.
File formats
Hippochette
A pochette (pocket violin) with a hippo headpiece.
I’ve Heard the Mermaid Sing
A crime fiction short story (available as an ebook) set in the late 1920s on the RMS Aquitania. See the story’s main page for further details.
Inspirations
The little things that inspired the author’s stories.
Linux
Migration
Posts about the website migration.
Muirgealia
A fantasy novel. See the book’s main page for further details.
News
Notifications
Online Store
Posts about the Dickimaw Books store.
Quack, Quack, Quack. Give My Hat Back!
Information about the illustrated children’s book. See the book’s main page for further details.
Re-published
Articles that were previously published elsewhere and reproduced on this blog in order to collect them all together in one place.
Sale
Posts about sales that are running or are pending at the time of the post.
Site settings
Information about the site settings.
Story creation
The process of creating stories.
TeX Live
The Foolish Hedgehog
Information about the illustrated children’s book. See the book’s main page for further details.
The Fourth Protectorate
Alternative history novel set in 1980s/90s London. See the book’s main page for further details.
The Private Enemy
A crime/speculative fiction novel set in a future Norfolk run by gangsters. See the book’s main page for further details.
Unsocial Media
A cybercrime fiction short story (available as an ebook). See the story’s main page for further details.
World Book Day
World Book Day (UK and Ireland) is an annual charity event held in the United Kingdom and the Republic of Ireland on the first Thursday in March. It’s a local version of the global UNESCO World Book Day.