CasperVend 2/Gift Cards/V3/Whats New: Difference between revisions
No edit summary |
|||
(One intermediate revision by the same user not shown) | |||
Line 7: | Line 7: | ||
Version 3 of the gift card expansion is a complete re-write, with a heap of new features and fixes. | Version 3 of the gift card expansion is a complete re-write, with a heap of new features and fixes. | ||
== No-copy exploit protection == | == <span id="nocopy">No-copy exploit protection</span> == | ||
When the gift card system was first released, the belief was that the Second Life permissions system is secure, and we depended on the protection afforded to "no-copy" objects. Unfortunately, this was not the case, and despite much correspondence with the lab, active exploits still remain in the wild. | When the gift card system was first released, the belief was that the Second Life permissions system is secure, and we depended on the protection afforded to "no-copy" objects. Unfortunately, this was not the case, and despite much correspondence with the lab, active exploits still remain in the wild. | ||
Line 34: | Line 34: | ||
* For security reasons, it is no longer possible for merchants to "test" cards before they are issued. Instead, pass the card to an alt for testing. | * For security reasons, it is no longer possible for merchants to "test" cards before they are issued. Instead, pass the card to an alt for testing. | ||
* For security reasons, the card will no longer work with old top-up terminals. Please use terminals of at least v2.30. | * For security reasons, the card will no longer work with old top-up terminals. Please use terminals of at least v2.30. | ||
* For security reasons, once your customers purchase their cards they must REZ the card to "activate" it. If they WEAR the card, it will activate, but will not become transferrable until rezzed. | * For security reasons, '''in classic mode''', once your customers purchase their cards they must REZ the card to "activate" it. If they WEAR the card, it will activate, but will not become transferrable until rezzed. This restriction does not apply to '''modern mode'''. | ||
[[CasperVend_2/Gift_Cards/V3|<< Back]] | [[CasperVend_2/Gift_Cards/V3|<< Back]] |
Latest revision as of 16:40, 30 September 2019
Welcome to Version 3
The Gift Card expansion pack for CasperVend allows you to give (or sell) gift certificates for use in your store. They work just like a store card in real life - you can sell them or give them out however you wish, and the recipients can use them to buy things at your store.
Version 3 of the gift card expansion is a complete re-write, with a heap of new features and fixes.
No-copy exploit protection
When the gift card system was first released, the belief was that the Second Life permissions system is secure, and we depended on the protection afforded to "no-copy" objects. Unfortunately, this was not the case, and despite much correspondence with the lab, active exploits still remain in the wild.
For a long time, incidents of these types of exploits being used were relatively rare. Unfortunately, recently such incidents have become much more common. As such, we've had to take steps to protect our merchants from this problem.
One of the exploits happens at inventory transfer time, before the "slam bit" is applied which sets next-owner perms. Once rezzed, this exploit can no longer be performed. To combat this exploit, V3 cards must now be rezzed by the purchaser before they activate. The card will also activate when worn, but must be rezzed to become transferable.
The other known exploit is a method of duplicating no-copy objects which are rezzed. To combat this exploit, we now track balances for each "card instance" on the server. So while it may still be possible to clone the cards, if you spend money with one of them, the balance of the others will also be reduced.
What's new in V3
- Brand new mesh card design
- Card activation to fight no-copy exploits in the grid (see below)
- Server-side balance tracking to fight no-copy exploits in the grid (see below)
- Balance transfers between cards
- Customised instructions notecard delivery for your store landmark and personal messages to your customers
- Easy customisation via a dedicated store logo face on the card
- Refunds - when a transaction fails, the balance is now re-credited onto the card rather than being lost forever
- Verify - to help combat against fake and malicious gift cards, customers can verify that their cards are genuine
- Full tracking for activations, card purchases, top-ups and transfers
Behaviour changes
- Cards must be explicitly "issued" by merchants before they can be passed to customers, with clearer and more secure permissions checks to help merchants avoid mistakes.
- For security reasons, it is no longer possible for merchants to "test" cards before they are issued. Instead, pass the card to an alt for testing.
- For security reasons, the card will no longer work with old top-up terminals. Please use terminals of at least v2.30.
- For security reasons, in classic mode, once your customers purchase their cards they must REZ the card to "activate" it. If they WEAR the card, it will activate, but will not become transferrable until rezzed. This restriction does not apply to modern mode.