We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

PCI Compliant - The plugin enables PayPal Pro integration | Forum

dave Leader
dave Feb 23 '17
Hi, is this PCI Compliant


1. Is the card information (including name, exp date, CSC/CVV, zipcode) ever stored locally or in domains Database?


If yes then its not compliant and poses a security risk. It needs to be as part of the paypal API in a secured area. So that paypal handles the data not the local browser or server.  


If not read here please


https:///...ieve-pci-compliance/


Thanks 



The Forum post is edited by dave Aug 27 '17
Shaun
Shaun May 28 '17
This is a good question, Is any information stored locally?
Sergey Pryadkin Team
Sergey Pryadkin May 28 '17
Thanks for your question.  Yes it stored locally in browser memory
Shaun
Shaun Jun 16 '17
Thanks for your reply, sorry I forgot to click the subscribe to new post's box and missed it.

OW-Ghost
OW-Ghost Jul 29 '17

<<<Sergey PryadkinMay 28

Thanks for your question.  Yes it stored locally in browser memory<<<


Sergey:


is that legal to store that info locally? for me it sounds very unsafe to save locally?
and dave told it not legal save such info localy?

The Forum post is edited by OW-Ghost Jul 29 '17
Shaun
Shaun Aug 27 '17
PCI SECURITY STANDARDS
Quote from OW-Ghost

<<<Sergey PryadkinMay 28

Thanks for your question.  Yes it stored locally in browser memory<<<


Sergey:


is that legal to store that info locally? for me it sounds very unsafe to save locally?
and dave told it not legal save such info localy?


It is leagal

Have a look here for some information

PCI SECURITY STANDARDS
The Forum post is edited by Shaun Aug 27 '17
Sergey Pryadkin Team
Sergey Pryadkin Sep 5 '17
And you can clear your browser cache after payment operation complete
dave Leader
dave Sep 6 '17
The data should always be stored in an encrypted form regardless where it is stored.  The only possible workaround in this case (not recommended but it is a option) is to integrate the option to clear the browser cache from within the plugin after the sale.  This needs to be integrated in some way because of the user forgets to do so then it is a security risk.  Also what webmaster is going to tell their customers "oh be sure to clear your browser cache after the sale" it sounds fishy and customers are smart enough to know right away that there is an issue if they are told that. 


I dont suppose using a paypal encrypted button is a option is it?  There needs to be a way to do the whole transaction on the paypal secure side rather than store it in the browser.

OW-Ghost
OW-Ghost Sep 17 '17
I agree with dave and it not many times we agree dave but you fully right about this and when it comes to money and credit card details such information should bee encrypted or the best way stored on paypal secure side not in a browser.


this plugin is not safe for handle credit card information....imagine what could happen to you and you business bee reported for use unsafe payments methods that easy a hacker could steel from customers browsers and uncrypted...


there must bee another way to build this plugin for protect credit card details from they who want to steel it....


The Forum post is edited by OW-Ghost Sep 17 '17
Mark
Mark Nov 2 '17
isn't automatically encrypted if running the site on https?  
Sergey Pryadkin Team
Sergey Pryadkin Nov 2 '17
PayPal highly recommended to use https, instead http when using PayPal pro. And it automatically encrypted


You do not have permission to reply this topic