Contributors mailing list archives
Re: Backend processing of credit card paymentby
On Fri, Jul 22, 2016 at 4:08 PM, Maxime Chambreuil <email@example.com> wrote:
I think you got me wrong, Raphael. I agree that even if we don't store CC info, we still have to be PCI-compliant, because we would be transmitting the CC info.What about redirecting the user to the Authorize.net form pre-filled with Odoo values to enter the CC info there and generate the payment profile to save it in Odoo? Is this what ActiveMerchant does?
Hello Maxime: what you describes here is the "integration" process by opposition to the "gateway" process. Integration is what Odoo commerce does. As for Shopify they do it with this lib instead:
(here for Authorize for instance https://github.com/activemerchant/offsite_payments/blob/master/lib/offsite_payments/integrations/authorize_net_sim.rb )
(so ActiveMerchant is the" gateway" process by contrast)
Integration is possible of course to avoid to conform to the PCI-DSS compliance.
The annoying thing is that the provider will redirect you to your website (or backend exposed to the Internet) according to the different cases (success, failure, incomplete information etc..) and this makes the abstraction much harder than the gateway logic. Hence reusability is low and this is probably not useful to reuse Shopify libs for such a thing (may be try to reuse what Odoo did instead). Also it looks like token based gateways (like Stripe) are the future, not integration because it's much harder to integrate.
Thanks for keeping us informed about what you decide.