Issue: Recent changes to the PCI (v3.0) requirements limit the access to the application through embedded browsers such as those used by ConnectWise. This has meant that we have had to block login access to embedded pages to comply with PCI requirements, specifically surrounding XSS Attacks.

This is known as X-Frame adoption, which ensures that pages that contain login information cannot be embedded within iFrames or headless browsers such as the one provided by ConnectWise. If you enjoy a little security reading on the side, you might like to read more about the background of here: OWASP - XSS Site Vulnerabilities and Wikipedia: ClickJacking

As Wise-Sync allows for the entry of Credit Card information for both our application (Account Update > Payment / Card) and also through Wise-Pay, it was a requirement for this change to be made.

Who is affected: Only our public login pages are affected, as we have been able to update the implementation to allow the Q-Link functionality to work, while still remaining PCI compliant. You will however be required to log in to Wise-Sync outside of ConnectWise if you wish to update any of your account information.

If you have your ConnectWise Custom Menu Entry set to use https://secure2.wise-sync.com then you will need to update to use the new QLink entry point.

To create a Q-Link, refer to the following article Creating a Custom Menu Entry in ConnectWise