IMPORTANT: YOUR ACTION MAY BE REQUIRED.

We have some exciting and important information about an upcoming security upgrade on our system. This update may require your action.

In order to address the increasing frequency of fake user account registrations and spam / scam contact form submissions, as well as to maintain modern standards of security, we are going to upgrade the version of recaptcha that is used to reduce bot submissions.

For more information about recaptcha, see the “What is recaptcha?” section at the bottom of this message.

This update MAY REQUIRE YOUR ACTION:

Some, but not all, members may need to update or create recaptcha keys:

Who needs to take action?

** Only members who have a custom / vanity domain name for their store (e.g. joescards.com) need to take immediate action. **  You do NOT need to take immediate action if you ONLY use the .crystalcommerce.com subdomain for your store (e.g. joescards.crystalcommerce.com) and do NOT have a custom domain (e.g. joescards.com). However, we would recommend that those members consider getting their own custom domain name for the many benefits they offer.

When is this change happening?

We will be deploying this update on February 2nd, 2021 at 5PM PST, at which time any existing recaptchas on custom domains will stop functioning. We will send a reminder about this.

What do I need to do, and when do I need to do it?

If you have a custom domain for your store:

1. As soon as possible, get your new v3 recaptcha keys so you’ll be prepared to add them into your admin per step two below.
2. AFTER February 2nd, 2021 at 5PM PST, you’ll need to re-enable the recaptcha option in your admin (see instructions below)
3. Then you’ll add new recaptcha v3 keys into the fields that appear, or replace the existing keys. (see instructions below)

How do I get the keys?

1. Register for / sign in to a Google account which you own
2. Go the recaptcha page on Google: https://www.google.com/recaptcha/admin/create
3. Select v3 for reCaptcha type
4. Add your store domain into the Domains area (e.g. joescards.com). You should not / do not need to enter a crystalcommerce subdomain.
5. Adjust any other settings as needed
6. Click the “Submit” button
7. Copy the keys that are generated for you

How do I add or update the keys in my admin?

1. Go to: Admin > Account > Preferences > Frontend.
2. Toward the bottom, there is an option that says “Enable Recaptcha on my custom website domain (for user signup, and contact form)
3. Check the box to enable the feature
4. Then add your v3 keys into the fields that appear. If there are already keys in the fields, you’ll need to replace them with the new v3 keys.
5. Save your preferences.

What is recaptcha?

Recaptcha is a tool made by Google which evaluates user behavior in the browser and then tries to determine if they are a legitimate user, or if they may be a bot (hacker, scammer, etc). If the evaluation results in a potential bot, the recaptcha will block the form from being submitted. This tool should help reduce fake / bot submissions, but it’s not 100% effective, because hackers are always learning, and advancing their techniques. The v3 that we’re upgrading to should be more effective than the v2 on our system currently.

I have questions that weren’t answered here. Who do I talk to?

Chat our support department from your admin and they’ll route your question to the relevant person.