Jump to content

Welcome, Guest!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

Mark

Customer password when Admin Created

Recommended Posts

If I create a customer account in the backend, I have to do so with a password. There's no system generation of passwords, so I make it something simple, like "password", very silly, but Im not creating an individual one every time. But no matter what it is, I know their password and I should not.

Then the customer gets notified of the new account, but doesn't know the password. I tell them the password outside the system, not cool. They will invariably think this a bit dodgy.

This is a bit marginal in terms of professionalism and data security.

The process should probably be that if an account is admin created, that the customer receives an email including an encrypted system generated password that they are encouraged to change and that only they know what it is from the email.

I realise sending the password via email isnt perfect for security either but it has to be given to them somehow, this is the best way I see

 

 

Share this post


Link to post
Share on other sites

I too have pondered on this exact same question..But I only do it for customers maybe once  a year .But would still be nice to have a solution if possible

Share this post


Link to post
Share on other sites

Normally when a customer orders by phone we use a firstname.lastname@our-domain.com. So just a fake email. If the customer really wants his email, to be stored, we use a manual password. Same as you, but we tell the customer that he should use the "Forget password" to set a new one...

  • Like 1

Share this post


Link to post
Share on other sites

I'm curious, when you create order from back office, how do you handle payments? 

Share this post


Link to post
Share on other sites

We tend to create the order on the front, not back office. Our welcome email says "if this account has been created for you please use the forgot password link to re-set the password"

For payment we have an "office use only" payment. We take the card details over the phone and use Paypal virtual terminal for this situation. 

Share this post


Link to post
Share on other sites

How does PayPay virtual terminal works together with 3D secure cards? Or with upcoming SCA?

Share this post


Link to post
Share on other sites
8 hours ago, datakick said:

I'm curious, when you create order from back office, how do you handle payments? 

We dont have any payments then. Its basically bank transfer.

Share this post


Link to post
Share on other sites
5 hours ago, datakick said:

How does PayPay virtual terminal works together with 3D secure cards? Or with upcoming SCA?

Hmm, good question I will ask them. Is SCA not just for online sales though? Perhaps if someone is talking to us directly on the phone / in person then it is not the same system

Share this post


Link to post
Share on other sites
9 hours ago, datakick said:

I'm curious, when you create order from back office, how do you handle payments? 

I too use the front end and just sign up for them.When it comes to payments I just do it though the checkout like a customer

Share this post


Link to post
Share on other sites
1 minute ago, AndyC said:

I too use the front end and just sign up for them.When it comes to payments I just do it though the checkout like a customer

You type in their card details onto your checkout? What if 3D kicks in and asks or their password details (Visa / mastercard) We were warned not to do that. Apart from anything you need to be fully PCI compliant. Even so, you will not be able to do that after Semptember as that extra check will be much more widespread

Share this post


Link to post
Share on other sites

If it does happen , I will stop. I wouldn't go that far as asking for passwords .. I only do it for people that really really need to ..Even then I have warned them against it and said I am not PCI compliant etc and they were happy for me to carry on.. I think in the 8 years I've been selling I've only done it about 4 or 5 times 

Share this post


Link to post
Share on other sites

It is really funny that people are often happier to phone and give card details to someone they do not know rather then enter them into a secure wesbite :)

  • Like 1

Share this post


Link to post
Share on other sites

I know... I do try and get them to do it themselves.I know I shouldn't but a sale to me is a sale, especially now as not had a sale in weeks due to changing websites :classic_blush:

Share this post


Link to post
Share on other sites
Posted (edited)

@datakick
If the order is with a customer with an unknown email I will create the order etc by fake email as @wakabayashi suggests but any payment gets handled outside the system then the order updated manually.

 

Also slightly related to this topic, but possibly deserving of its own topic is customer addresses.

 

Having a default customer address would work well, save time establishing admin created customer accounts.

It might sound odd having no address data for customers.... I deal with the details they give me outside the system, usually private messaged on social media.Until fairly recently I've just been using the site as just an inventory keeping thing plus a public display of stock.

 

People actually can't be bothered signing up and just want what they want. As good as the site is, people just want to flick money into a bank account or pay cash because this way it takes just a 20 seconds to pay direct credit

 

People are lazy, but forcing them to do things they think are unnecessary can lose sales.

 

Edited by Mark

Share this post


Link to post
Share on other sites

That's why I have stripped out everything non essential .Mr and Mrs , Date of Birth  have no place any more ,even telephone number is optional

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

Yep I agree Andy. Date of birth is a shocker because giving the right info can lead to privacy issues and I'd rather never know that info then noone can get suspicious. Unless we are selling age restricted items... But let's face it people would just make up dob if they weren't the right age anyway, who are we kidding?

Mr and Mrs is not all the options

Telephone is still good though as an option should we need to discuss the order.

 

We are only selling stuff here, and we want to sell as much as possible with minimal hassle for them. Need to remove all unnecessary things that prevent sign up or order.

 

Having a Google api to auto add addresses would be a nice to have but probably a bit of an unnecessary luxury against all the other higher priority things.

 

 

Edited by Mark

Share this post


Link to post
Share on other sites

having knowbands checkout module has auto add address ....Butttttttt I can never figure out google idiotic way of getting settings..I may try some day

Share this post


Link to post
Share on other sites

Can’t you just send them an invoice or a paypal link asking for payment. It’s at the bottom on my order screen. We only take prepayment so nothing ships if they don’t pay  

Talking on the phone is so 1990.  Don’t you just text your customers...

I am kidding btw. Humor to get the weekend going...

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/30/2019 at 9:25 PM, Mark said:

There's no system generation of passwords

This is the main issue.  If you create an account manually the system should generate a working password and send it to the customer OR generate a link to send to them to create their password.  All other billing systems do this.  It should not be left to the Shop person to create one.  Reset should be treated the same way if the customer call for a password reset they should be directed to the link online.

Edited by Factor

Share this post


Link to post
Share on other sites
Posted (edited)

Yeah.
 

Anytime admin manually creates a password for someone, then admin has to tell them what it is, it screams arrrggghh at the customer.

 

All my sales seem to be to admin created accounts and there's lots wrong with the process when it's done that way.

Those things include:

Address: everything time I have to create the same dummy address

Two unecessary and very slow js screens of address management

Having to create false emails is understandable but not really right.

 

 

 

 

 

 

Edited by Mark

Share this post


Link to post
Share on other sites
Posted (edited)

I am in a hurry but I think the following information might be relevant. It is about the way how passwords are sent via email. Might be that Thirtybees handles this now different than Presta did once but I do not know. I use this Module form Saxtec :

"https://www.youtube.com/watch?v=FiDsiwDQzLM

https://addons.prestashop.com/de/sicherheit-brechtigungen/31295-rechtssicheres-kundenkennwort.html

Edited by Pedalman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...