[SML] payment methods
Jerry Durand
jdurand at interstellar.com
Thu Sep 25 17:08:25 UTC 2014
On 09/25/2014 06:20 AM, Michael Sauder wrote:
> hat doesn't sound quite right. One of the big benefits to Stripe is
> that you're PCI compliant pretty automatically. Using Stripe, customer
> data is never stored on your personal web server. I don't think it
> even momentarily passes through your server (though it's been a year
> or two since I last played with it). All payment data is stored on
> Stripe's servers, and they are very much PCI compliant.
>
> It could be you have something odd going with your existing shopping
> cart, OpenCart should fix that. Because using Stripe as intended, it
> literally takes 10 minutes to setup a PCI-compliant web site.
>
I've been having an extensive discussion with them. The problem is with
something like PayPal, the popup window where the customer enters credit
card data is sourced from PayPal and your server never sees it. With
Stripe, the popup is sourced from MY server. Once it collects the data
it's all stored on Stripe but has to pass through my PHP code...therefor
I have to have a PCI secure system.
In any case, they've determined that they will not allow transactions
from my system without security upgrades that are simple, just cost money.
I didn't look deeply into this but apparently once someone's purchased
from you, you can charge their card again in the future for renewals,
new sale, etc. You can also remotely download the customer list and do
all sorts of other things, as long as you have the secret password
file. So, all a hacker has to do is get that file and he's got your
entire customer database as well as access to your bank account settings.
In trying to delete my Stripe account I noticed that there doesn't
appear to be any way to change the account from their web site but
there's all sorts of code I can run on my server to change our account.
Not sure I like all this remote control operation of financial data.
--
Jerry Durand, Durand Interstellar, Inc. www.interstellar.com
tel: +1 408 356-3886, USA toll free: 1 866 356-3886
Skype: jerrydurand
More information about the Stagecraft
mailing list