Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Avatar

Re: Backend processing of credit card payment

by
Open Source Integrators, Maxime Chambreuil
- 22/07/2016 19:12:57
You bring a good point here Raphael. I double-checked PCI-DSS requirements and not storing CC info is not enough.

Thanks!

Ursa Information Systems Maxime Chambreuil
Project Manager / Consultant

Ursa Information Systems
1450 W Guadalupe Road, Suite 132
Gilbert, Arizona, 85233

Office:     1-855-URSA ERP x 710
                1-855-877 2377 x 710
Mobile:   1-602-427-5632


On Fri, Jul 22, 2016 at 11:37 AM, Raphaël Valyi <rvalyi@akretion.com> wrote:
Hello Maxime and others,

Recently I made a POC to integrate ActiveMerchant from Shopify with Odoo https://github.com/activemerchant/active_merchant
It supports Authorize and dozens of other gateways as you can see in the doc and it's very mature and well maintained.

I mostly copied the decorator design pattern from the Spree ecommerce for that (because ActiveMerchant implements the gateways logic without forcing a persistence technology which is exactly what we want when using it from Odoo). Then I wanted to expose a REST API via Grape and consume it from Odoo backend using a 50 lines json client,

Well the POC was working great but at Akretion we froze the dev effort here because we start thinking it would be hard to enforce the PCI DSS compliance. As except for Stripe, the customer card number would end up transiting on our server which would force us to enforce the PCI-DSS.

So technically this a very elegant solution, but how do you see the PCI-DSS compliance in your use case? PCI-DSS means both technical rules to enforce like not storing customer card details in clear text (easy) but also infrastructure and bureaucratic obligations which seems much more costly to enforce. If you see ways to work around the PCI-DSS here I would be glad to contribute this...

In the meantime, at Akretion we came back to the "integration" logic much like Odoo does that is letting the customer do the payment on the provider website directly (even if may look integrated).

Note: we also were reluctant to use Odoo PaymentTransaction object here and may favor the OCA payment objects instead which we trust more and have their workflow more integrated.,

On Fri, Jul 22, 2016 at 1:08 PM, Maxime Chambreuil <mchambreuil@ursainfosystems.com> wrote:
Hello,

We, at Ursa, received couple requests to provide a way to process credit cards for customer payment using payment acquirer like Authorize.net or Paypal. This is specific to the backend, you may not be using the website and still want to accept CC payment.

First, I wanted to make sure there is nothing already existing out there.

Second, I would like to share with you the functional specification attached and request any comments or feedbacks.

We are thinking of launching a crowdfunding campaign to provide:
  • a first module with the foundation and all the acquirer agnostic stuff for 5,000 $US
  • the authorize.net integration for an additional 5,000 $US
  • the paypal integration for an additional 5,000 $US
Modules would respect OCA standards and include documentation.

Any interest? Can I count on your financial contribution?

Thank you!

Ursa Information Systems Maxime Chambreuil
Project Manager / Consultant

Ursa Information Systems
1450 W Guadalupe Road, Suite 132
Gilbert, Arizona, 85233

Office:     1-855-URSA ERP x 710
                1-855-877 2377 x 710
Mobile:   1-602-427-5632

_______________________________________________
Mailing-List: http://odoo-community.org/groups/accounting-28
Post to: mailto:accounting@odoo-community.org
Unsubscribe: http://odoo-community.org/groups?unsubscribe




--
Raphaël Valyi
Founder and consultant
+55 21 3942-2434


_______________________________________________
Mailing-List: http://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: http://odoo-community.org/groups?unsubscribe


Reference