[OPEN-ILS-GENERAL] Credit Card - Stripe Vs Paypal & PCI

Josh Stompro stomproj at exchange.larl.org
Thu May 11 15:06:56 EDT 2017 

Jason, that did help, thank you.   I'm going to try commenting out the 'Process Internally' menu item in bill_cc_info.xul, so staff will still have the option to register an externally processed CC payment.  We do use a few tablets with the stripe readers at a few places, so I think this would allow staff to register those payments in EG easily.

http://git.evergreen-ils.org/?p=Evergreen.git;a=blob;f=Open-ILS/xul/staff_client/server/patron/bill_cc_info.xul;h=8cb4804267f0ca8c36c9ffa86f0aea2b62324cac;hb=HEAD#l175

Josh Stompro - LARL IT Director


-----Original Message-----
From: Open-ils-general [mailto:open-ils-general-bounces at list.georgialibraries.org] On Behalf Of Jason Stephenson
Sent: Tuesday, May 09, 2017 4:15 PM
To: Evergreen Discussion Group
Subject: Re: [OPEN-ILS-GENERAL] Credit Card - Stripe Vs Paypal & PCI

Josh,

Using PayPal is similar to Stripe, since the transaction is completed via PayPal and the CC data is not stored in Evergreen.

We disabled the staff client credit card interface by commenting out the relevant menuitem in Open-ILS/xul/staff_client/server/patron/bill2.xul.
(IANM, that relevant menuitem is on line 107.) We have not made a similar change to the web staff client because we are not using it, yet.

HtH,
Jason

On 05/09/2017 04:48 PM, Josh Stompro wrote:
> Hello, we are currently using payflow pro, which I think means that 
> our evergreen server handles the CC data and puts it in PCI scope.  
> From what I'm reading, if we switched over to using Stripe, which uses 
> a javascript library client side to submit the payment, then it would 
> take our server out of scope.  Does the Paypal code work the same way?
> 
>  
> 
> It looks like the tpac supports Stripe, but the web based self check 
> does not.  How about the staff client/web staff client payment 
> interface.  Does that support Stripe?
> 
>  
> 
> Along the same lines, is there a way to disable the staff client 
> credit card interface.  We don't want staff handling credit cards with 
> that interface, since they have to type in the code and info, which I 
> believe isn't PCI compliant, but I haven't found a setting to disable 
> that but allow tpac payments.
> 
>  
> 
> Thanks
> 
> Josh
> 
>  
> 
>  
> 
> Lake Agassiz Regional Library - Moorhead MN larl.org
> 
> Josh Stompro     | Office 218.233.3757 EXT-139
> 
> LARL IT Director | Cell 218.790.2110
> 
>  
>

More information about the Open-ils-general mailing list