Hello,
I am looking for a payment framework for Plone. Can anyone suggest me some good ones?
...
Depending on your particular requirements it may make sense to integrate a payment provider like Stripe directly by using their own API.
2 Likes
Thank you all.
If your application/shops falls under the EU legislation then you also have to ensure that it is compliant with the PSD2 directive which basically translates to that your service must provide two factor authentication.
1 Like
Similarly (to what Andreas mentioned), in the US and A, you need to be aware of PCI-DSS 3.x requirements to keep your transactions from your app/shop from being considered part of the transaction's network. I included a link to the PCI-DSS consortium.
1 Like
The payment itself is done 'outside of Plone' (?) so 'things about credit cards are not stored in Plone I assume (at least for the shops I used to have, I think).
PS: about Python 3, https://github.com/bluedynamics/bda.plone.shop/blob/master/CHANGES.rst
I should have been clearer, what I was trying to say is that you need to verify what parts of the transaction are definitively within your application's scope to be in compliance.
PCI-DSS is more about business policy decisions that need to be agreed upon (are you storing card #'s or associated customer data for example, is it secure, is it done from a separate machine and so on) and less about the programming. That's not to say that your work isn't important.
We used to have several PloneGetPaid sites and we moved to using ZPT to handle Authorize.net as the PGP transaction was occurring on our network. To be in compliance we had to get those systems off our network and onto a hosted IFrame which brought us into compliance with less work.
1 Like