https://pci.qualys.com/merchant/scan_list.php
 
user: verixity@SectigoHackerGuardian 
passsword: owaSLu89vE 
---------
 я добавил все 4 сайта которые нужно сканировать на PCI 4.0 версия.

*Scope of Work for PCI Compliance v4.0 Upgrade for Berean Christian Church Websites*
*Project Summary*
Verixity development team is tasked with ensuring PCI DSS v4.0 compliance for Berean Christian Church's four websites, all hosted on a single physical server. This project encompasses 25 essential tasks, covering technical upgrades, policy development, and procedural implementations. It aims to secure cardholder data, minimize vulnerabilities, and align with the latest payment security standards. The websites include Decalb County, Gwinnett County, Henry County, and the Family Life Center. Success requires detailed planning, execution, and collaboration across Verixity's specialized roles.
*Infrastructure / web server* 
Decalb Countty ( https://bccstonemountain.3pm.services/wp-login.php )
 
Gwinnett County ( https://bccgwinett.3pm.services/wp-login.php )
 
Henry County ( https://bcchenrycounty.3pm.services/wp-login.php )
 
Family Life Center ( https://bflc-nov23.3pm.services/wp-login.php )
*Detailed Scope of Work*
The following detailed scope of work not only shows the detailed tasks but also acts as a check list.
# Firewall Configuration Upgrade (System Administrators): Update and configure firewalls to protect the server hosting the church websites.
# Password Policies Enhancement (System Administrators): Strengthen password policies and practices for all system and website accesses.
# Protect Stored Cardholder Data (Web Developers & System Administrators): Implement encryption and other protective measures for stored data.
# Encrypt Data Transmission (Web Developers): Ensure all cardholder data transmissions are encrypted.
# Anti-Virus Solutions (System Administrators): Install, maintain, and update anti-virus software on the server.
# Secure Systems and Applications (Web Developers & System Administrators): Regularly update all systems and applications to close security vulnerabilities.
# Access Restriction (System Administrators): Restrict access to cardholder data by business need-to-know.
# Unique IDs for Access (System Administrators): Assign unique IDs to each person with computer access.
# Physical Access Control (Security Manager): Implement measures to restrict physical access to cardholder data.
# Monitoring and Tracking (System Administrators): Implement logging and tracking for all access to network resources and cardholder data.
# Security Systems Testing (Security Specialists): Regularly test security systems and processes.
# Information Security Policy (Security Manager): Develop, maintain, and disseminate a robust information security policy.
# Risk Assessment Procedures (Security Manager): Conduct regular risk assessments.
# Secure Coding Practices (Web Developers): Implement secure coding practices for all developed applications.
# Penetration Testing (Security Specialists): Conduct penetration testing annually and after significant changes.
# Vendor Management (Procurement Manager/Security Manager): Ensure third-party vendors comply with PCI DSS requirements.
# Two-factor Authentication (System Administrators): Implement two-factor authentication for remote access for administratrs and staff. Two-factor authentication is not required for a end user (website customer).
# Application Firewall (System Administrators): Deploy web application firewalls (WAF).
# Incident Response Plan (Security Manager): Develop and test an incident response plan.
# Data Encryption Policies (System Administrators/Web Developers): Develop and maintain data encryption policies.
# Security Policies Documentation (Security Manager): Document all security policies and operational procedures.
# Physical Security Enhancements (Security Manager): Improve physical security measures for server and data access points.
# Authentication for System Components (System Administrators): Strengthen user authentication mechanisms for system components.
# Protection Against Social Engineering (Security Manager): Implement measures to protect against phishing and social engineering attacks.
# Security Scans and Audits (System Administrator/Security Specialist): Perform a security scans and audits. Provide a report to Berean Christian Church the PCI complinece report.
*2FA/MFA only for Administrators and Staff required.*
PCI DSS v4.0, like its predecessors, focuses on securing cardholder data and ensuring the secure processing, transmission, and storage of such data. The standard mandates the use of Multi-Factor Authentication (MFA) primarily for personnel accessing the cardholder data environment (CDE) or sensitive systems, emphasizing an added layer of security beyond just a username and password.
 
For regular users or customers of a website that accepts payments, PCI DSS v4.0 *does not specifically mandate* the use of Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) for their interactions, such as making a payment or accessing their account information. The requirements around MFA are more focused on the administrative, access control side to secure the systems and environments handling cardholder data from unauthorized access, particularly for those with the capability to impact the security of the CDE.
*Password Lengh update only for Administrators and Staff required.*
As of my last update in April 2023, *PCI DSS v4.0 does not specifically mandate an increase in password length from 8 to 12 characters for regular users (e.g., customers) of websites that accept payments*. The detailed requirements around password strength primarily focus on those individuals who have access to the cardholder data environment (CDE) or are otherwise involved in the management, processing, or transmission of cardholder data.
 
PCI DSS v4.0 continues to emphasize strong access control measures, including the use of robust authentication methods to secure system components within the CDE. For users within the scope of the CDE, including administrators and anyone with access to sensitive areas, the guidance has indeed become more stringent over time, advocating for stronger authentication methods, which may include more complex password requirements, among other controls.
 
h3. *Pre-Upgrade Backup and Server Transition Strategy*
The Verixity development team will initiate the PCI compliance upgrade process by creating a comprehensive backup of the entire system. This precaution ensures that all data and configurations are securely stored before any compliance-related modifications commence. Additionally, a dedicated backup server is prepared to take over as the primary server once the PCI compliance enhancements have been fully implemented on the current primary server. Presently, this primary server hosts the four websites for Berean Christian Church, underlining the importance of a seamless transition to maintain uninterrupted services during and after the upgrade.
h3. *Project Timeline and Collaboration*
Verixity is scheduled to commence work on April 1, 2024, with an anticipated completion timeframe of two business weeks for the task list outlined above. The Verixity development team will maintain close coordination with the administrative staff at Berean Christian Church throughout this period to guarantee the project's timely delivery.

Under the radio buttons Partner/ Player and before PROCEED to Payment button to place a text field , which will be storing information of the name of the other person. 
*Partner's/ Players' Full Name*
 
!Screenshot 2023-11-22 at 16.40.10.png|width=492,height=312!
 
 
------///// OLD
1) Once user already chose an event and filling up the form, we would need to remove the block at the bottom of the page with an additional event.
 
2) The price line in the shopping cart for an additional player is not needed. Only one player at a time can register and pay for the one or two day Pickleball event.
 
He or she can designate a partner. However, the partner will have to register and pay separately.
 
 

*Мероприятие  “Pickleball” будет проходить 2 дня (декабрь 2 и 3). Стоимость регистрации - $50 за один день, а если за 2 дня - то $75.*
(A person can register for one date/event for $50.  If the person would like to register for the two days then it will cost $75. )
 
 
 
Add an additional event registration called *“Pickleball”*
 
The registration information that they are seeking to *capture* are:
Participant
Full Name________________________
Address__________________________
Email____________________________
Cell Phone ________________________
Age__________
Saturday, DECEMBER 2, Gender Doubles
* Novice/Beginners:              2.5 (все эти цифры означают уровень участника - The numbers indicate “skill level”)
* Intermediate                     3.0
* Intermediate                       3.5
* Advance:                              4.0
Event:
Sunday, DECEMBER 3, Mixed Doubles
* Novice/Beginners:              2.5
* Intermediate                     3.0
* Intermediate                     3.5
* Advance:                              4.0
 
Текстовое поле Name of Partner/ Player _____________________, где регистрирующийся юзверг может указать имя своего партнера. Партнер должен будет так же заплатить за мероприятие (цена такая же как для регистранта).
Have League choose my Partner (if a player is available)
Yes_      ___No____
 
 
The cost of the event is:
1 Event $50.00 Per Player
2 Event additional $25 per player

Access credentials:
https://kb.verixity.com/x/TwCV
 
 
 
|Server/smart host|smtp.office365.com|
|Port|Port 587 (recommended) or port 25|
|TLS/StartTLS|Enabled|
|Username/email address and password|Enter the sign in credentials of the hosted mailbox being used|
 
Here are the credentials for the email box that we need to use for Berean FLC.
 
flcfinance@bereanchristianchurch.org
P/W: !Finance@2023!
Office 365 email client
SMTP Port 587
TLS enabled
 
!image001-1.png|thumbnail!  
 
 
 
 
-----///// OLD
 
Perhaps BCDC and Anthony’s emails are being blocked by their email server because it knows that, from its side, “BCDCfinance@bereanchristianchurch.org via echurchgive.net” did not originate from itself.  Also, the extension echurchgive.net doman is no longer in our portfolio.  Could this be possibly the case for the emails not getting through  and if they do seldomley  get through they are directed to “Junk Email”?
 
<<  bcdcfinance=bereanchristianchurch.org@echurchgive.net  >>
 
Is there another approach we can take in sending the email from something other than “@echurchgive.net”
 
(Нужно проверить почему имеется проблема с имейлами BCDCfinance@bereanchristianchurch.org и Anthony.Sewell
а также понять почему они идут через echurchgive.net)

Testing

не приходят имейл при сбросе пароля
 
Max Volkov @m.volkov12:34 PM
когда я меняю в ручную в админке- имейл приходит о том что типо поменяли для тебя пароль
 

*From:* Seabhac McGinty
*Sent:* Friday, March 13, 2020 4:33 PM
*To:* oneil@fosterinnovations.net; IPpay Support <support@ippay.com>
*Subject:* IPpay API documentation
 
Oneil –
 
Good afternoon!
 
Attached are copies of the current API documentation for our gateway. If at any point you decide to accept ACH/eCheck processing, let us know and we’ll get those documents over to you.
 
Please let is know if you have any questions.
 
Thank you and have a great weekend!
 
~Falcon
 
|*Seabhac "Falcon" McGinty*
Sr. Technical Support Specialist|
| |
|2001 Broadway \| Ste. 600 \| Riviera Beach, FL 33404
tel: (561) 513-8778|
|*website* *\|* *email* *\|* *map* *\|*|
|_One of the ConVergence Technologies Family of Companies_|
|*Confidentiality Note:* This email may contain confidential and/or private information. If you received this email in error please delete and notify sender.|

# Instead of Boy and Girls as the gender selection can you make the options “Male” and “Female.” *(вместо Boy and Girls  в селекторе формы поставить “Male” and “Female.” )
*++
# Can you make the “Waiver” pop up box larger for readability purposes. (*сделать поп-ап с “Waiver”  больше по размерам, так как плохо читается юзвергами)*
++++
# Attached is the new graphics for the 2023 basketball flyer and the new waver form which will replace the current outdated ones. *(прикреплена новая графика для 2023 basketball flyer и новая waver form - их нужно заменить, так как прошлые уже устарели)*
++++
# On the receipt, please separate the registered players with a blank line. Thus, when a second and third player are added, a blank line will be separate each additional player on the receipt. *(в чеке receipt всех игроков нужно отделить друг от друга, сделать больше пространства между каждым из них. Таким образом, когда второй и третий игроки добавлены, белое пространство их должно отделять).
*
# Change the button title from “Register for Event” to “Proceed to Payment” and have this button go directly into the “Shopping Cart.”  We seek to stream line the user interaction. *(поменять название кнопки с “Register for Event” на “Proceed to Payment”, при нажатии на которую она должна вести сразу же в “Shopping Cart.”)*
#  The sender of the receipt email says Char Jenning <char.jennings=bereanchristianchurch.org@echurchgive.net> she no longer works at the church!!! Change the sender of the email to BCDCfinance@bereanchristianchurch.org
*(убрать имейл адрес bereanchristianchurch.org@echurchgive.net и заменить на BCDCfinance@bereanchristianchurch.org )*
 
# Can you please change the default email address from felecia.anthony@bereanchristianchurch.org  to BCDCfinance@bereanchristianchurch.org . This is one of the two admin email addresses that receipts are sent to.
*(поменять дефолтный имейл адрес с  felecia.anthony@bereanchristianchurch.org  на BCDCfinance@bereanchristianchurch.org )*
++++
# Lastly, delete all old transactions including testing transactions from the data table. This will prepare us to go live with valid/good data. *(удалить все трансакции, включая тестовые).*
 

1) Waiver link to highlight in +red color and underline it.
+Waiver to be opened in a pop-up (not in a new tab). By placing a ✅  tick mark or by clicking on the Agreement of Waiver, a pop-up with the Waiver content to be shown. A user read all the content and need to click on the “I agree to the terms” button which would return focus to the main form.
!image-2023-09-05-13-03-58-567.png!  +
+
2) To cross-check Transaction ID after order is placed/ paid.
It should say  “Paid” instead of the transaction details.
Access credentials to the client's real account:
Login: admin
Password: VNjkdnjfk&09395409435KNVFLKSDf
 
!image-2023-09-05-12-24-01-713.png|width=751,height=387!
 
3) Change location of Sex/ Gender - each form needs to include Sex.
 
!image-2023-09-05-13-09-07-384.png|width=727,height=489!

Upgrade WP websites:
1) https://bflc.3pm.services/wp-admin/
 
Login: max
Password: %bNB&4BqpzD963X54KmR8qsY
2) https://bccgwinett.3pm.services/wp-admin/
 
Login: max
Password: 3oKjRQI77u7bvrkj7O!zCgX^
 
3) https://bccstonemountain.3pm.services/wp-admin/
 
Login: max
Password: J0v2l$vs#!X2jd(12ezkal18
 
4) https://bcchenrycounty.3pm.services/wp-admin/
 
Login: max
Password: D!NB0p)mDYBuv&R)7$n*6tLR
---
 

When you try to register 2 children, the uniform size information is only collected for the first player. We need a dynamic form that will request that information for each registrant.

1) When you try to register 2nd child, the uniform size information is only collected for the first player. We need a dynamic form that will request that information for each registrant. Top, Bottom and Date of Birth is needed for each child (динамическая форма должна быть показана при регистрации каждого дополнительного ребенка).
2) Что-то можно сделать с processing time после проведения оплаты, чтобы сократить время ожидания? может какой-то поп-ап вывести с надписью Processing... Please wait
The processing time for the transaction is very long!!! A normal user will try to press the back button or close the browser in order to attempt again.++++
3) Вместо актуального terminal ID поставить/ заменить на “Approved”
IPPay does not want us to display the Terminal ID.  This can give a hacker vital information.  In place of the actual terminal ID just say “Approved”
4) Юзверг, который заплатил, должен получить чек по имейлу. Клиент пишет, что не получил имейла.
Lastly, I did not receive an email for the transaction at oneil@fosterinnovagtions.net;  A copy was sent to the flc.kiosk@gmail.com. Which show a copy sent to Anthony and Felecia.  Again, as the paying person, I did not receive a receipt.

1) после проведения оплаты и транзакции не пришел имейл с чеком (receipt email).
Receipt emails are going to three different addresses: (имейл с чеком должен отправляться по 3м адресам + иметь пдф файл waiver)
flc.kiosk@mail.com
Anthony.sewell@bereanchristianchurch.org 
bcdcfinance@bereanchristianchurch.org
as well as the paying user who also receives a copy of the  waiver.
 
 
!image-2023-08-25-11-24-26-431.png|width=568,height=319!
!image-2023-08-25-11-24-39-596.png|width=567,height=318!
 
2) To place in the Admin panel WooComerce tab  the last 4 digits of the  users credit card number 
!image001.png|width=364,height=204,thumbnail!

Access Credentials:
https://kb.verixity.com/x/TwCV
 
 
---
 
Мы получили новый запрос касательно христианских сайтов, в частности сайта https://bflc.3pm.services/. Необходимо внести следующие обновления:
# При успешной транзакции должен приходить email.
# В ресите, который получает клиент, должны отображаться последние четыре цифры кредитной карты.
# Необходима форма-договор (вейвер форм): в качестве родителя я должен иметь возможность ее заполнить и передать в эту церковь.
# Уведомления на указанные два email-адреса клиентов следует отправлять только после получения полной оплаты.
# Требуется добавить функцию предоставления скидки: если регистрируется более одного ребенка, предоставляется скидка в 25 долларов. Необходимо проверить, был ли такой функционал ранее и активировать его; если нет – реализовать.
# Нужно добавить возможность выбора получения агрегированного вейвера: при активации этой опции, я должен получить его в мою корзину покупок.
Прошу учесть все указанные моменты при доработке сайта.
 
-------------------
 
Good morning Max and team,
I just performed a $2.75 realtime sample transaction for BFLC Youth Basketball registration.  These are my findings:
# I did not receive an email receipt for the transaction
# On the receipt, the last 4 digits of the credit card number used is supposed to be displayed on-screen and printed.
# The waiver form was not emailed to me.
 
These are the item(s) that need to be added to the existing process:
# Only on payment in full should the registration and payment information be sent to the following address (Anthony.sewell@bereanchristianchurch.org and bcdcfinance@bereanchristianchurch.org)
# A price discount schedule needs to be added that allow for the second and so forth registrant to receive a $25 discount.  For instance, first child $150, second child $125, third child $125; thus a shopping cart automatic total of $400.
# We need to have a required check box “Agreement of Waiver” that the user must check inorder to process the transaction.  The waiver check box should be placed above the “Registration” button for each registrant. Include the URL to allow the user to view the waiver form and return to the transaction.  Upon agreeing to the waiver (by checking the box) the item will be added to the shopping cart.

All PM tasks

Мы получили новый запрос касательно христианских сайтов, в частности сайта https://bflc.3pm.services/. Необходимо внести следующие обновления:
# При успешной транзакции должен приходить email.
# В ресите, который получает клиент, должны отображаться последние четыре цифры кредитной карты.
# Необходима форма-договор (вейвер форм): в качестве родителя я должен иметь возможность ее заполнить и передать в эту церковь.
# Уведомления на указанные два email-адреса клиентов следует отправлять только после получения полной оплаты.
# Требуется добавить функцию предоставления скидки: если регистрируется более одного ребенка, предоставляется скидка в 25 долларов. Необходимо проверить, был ли такой функционал ранее и активировать его; если нет – реализовать.
# Нужно добавить возможность выбора получения агрегированного вейвера: при активации этой опции, я должен получить его в мою корзину покупок.
Прошу учесть все указанные моменты при доработке сайта.
 
-------------------
 
Good morning Max and team,
I just performed a $2.75 realtime sample transaction for BFLC Youth Basketball registration.  These are my findings:
# I did not receive an email receipt for the transaction
# On the receipt, the last 4 digits of the credit card number used is supposed to be displayed on-screen and printed.
# The waiver form was not emailed to me.
 
These are the item(s) that need to be added to the existing process:
# Only on payment in full should the registration and payment information be sent to the following address (Anthony.sewell@bereanchristianchurch.org and bcdcfinance@bereanchristianchurch.org)
# A price discount schedule needs to be added that allow for the second and so forth registrant to receive a $25 discount.  For instance, first child $150, second child $125, third child $125; thus a shopping cart automatic total of $400.
# We need to have a required check box “Agreement of Waiver” that the user must check inorder to process the transaction.  The waiver check box should be placed above the “Registration” button for each registrant. Include the URL to allow the user to view the waiver form and return to the transaction.  Upon agreeing to the waiver (by checking the box) the item will be added to the shopping cart.

When you try to register 2 children, the uniform size information is only collected for the first player. We need a dynamic form that will request that information for each registrant.