[OPEN-ILS-GENERAL] Credit Card - Stripe Vs Paypal & PCI

Bill Erickson berickxx at gmail.com
Tue May 9 17:29:28 EDT 2017


On Tue, May 9, 2017 at 5:14 PM, Jason Stephenson <jason at sigio.com> wrote:

> Josh,
>
> Using PayPal is similar to Stripe, since the transaction is completed
> via PayPal and the CC data is not stored in Evergreen.
>

PayPal (including PayFlowPro) and Authorize.net both require CC data to
pass through the EG server network, before getting relayed to the
PayPal/Authorize.net API server.  The card data may not be stored in
Evergreen's database, but traversing the network alone is enough to require
a hefty amount of PCI compliance work.  Stripe is the only option where the
data never touches the EG server network.

-b



>
> We disabled the staff client credit card interface by commenting out the
> relevant menuitem in Open-ILS/xul/staff_client/server/patron/bill2.xul.
> (IANM, that relevant menuitem is on line 107.) We have not made a
> similar change to the web staff client because we are not using it, yet.
>
> HtH,
> Jason
>
> On 05/09/2017 04:48 PM, Josh Stompro wrote:
> > Hello, we are currently using payflow pro, which I think means that our
> > evergreen server handles the CC data and puts it in PCI scope.  From
> > what I’m reading, if we switched over to using Stripe, which uses a
> > javascript library client side to submit the payment, then it would take
> > our server out of scope.  Does the Paypal code work the same way?
> >
> >
> >
> > It looks like the tpac supports Stripe, but the web based self check
> > does not.  How about the staff client/web staff client payment
> > interface.  Does that support Stripe?
> >
> >
> >
> > Along the same lines, is there a way to disable the staff client credit
> > card interface.  We don’t want staff handling credit cards with that
> > interface, since they have to type in the code and info, which I believe
> > isn’t PCI compliant, but I haven’t found a setting to disable that but
> > allow tpac payments.
> >
> >
> >
> > Thanks
> >
> > Josh
> >
> >
> >
> >
> >
> > Lake Agassiz Regional Library - Moorhead MN larl.org
> >
> > Josh Stompro     | Office 218.233.3757 EXT-139
> >
> > LARL IT Director | Cell 218.790.2110
> >
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-general/attachments/20170509/3c4bf0d0/attachment.html>


More information about the Open-ils-general mailing list