Jump to content

Mudgee Host

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by Mudgee Host

    stripe tokenised

    in Pre-Sales Queries

    Posted

    On 2/16/2024 at 8:52 PM, Onur said:

    Additionally, WISECP has all the necessary measures to securely process and send card information to the payment gateway provider. So you can be sure that you already have the necessary security measures on the software side.

    ok, thats reassuring but I need some more clarity

    The error message being thrown in your module, is:

    "Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable raw card data APIs in test mode, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis."

    in the link, stripe states:

     

    Quote

     

    To enable this functionality, please use this link to contact our support team and:

    • Provide a brief written description of the systems and services in your application which handle card data. If you fully outsource this activity to a PCI DSS-compliant third party, please provide the name of that service provider.
    • Attach one of the following documents:
      • A current, complete PCI DSS Self-Assessment Questionnaire (SAQ) D, or
      • If you meet the qualifications of a Level 1 merchant or service provider, a current PCI DSS Attestation of Compliance for on-site assessment, or
      • If you fully outsource the handling of card data to a PCI DSS-compliant third-party service provider, only accept online or mail order/telephone order (MOTO) payments, and otherwise qualify, a Self-Assessment Questionnaire (SAQ) A. This document must list your entity's information and list the third-party service provider in Part 2f.

     

    so to get this working I need to send stripe a SAQ-A because you are fully PCI-DSS compliant or SAQ-D because you are not?

    the module just errors right now, I can't use it until stipe allows raw cc details in the api

     

    (FWIW stipe basic works fine)

     

    On 2/16/2024 at 8:52 PM, Onur said:

    You do not need to define any HOOK on WISECP for "Stripe tokenized".

    thanks, thats very unclear. it reads like "create web hook and if you are using stripe tokenised do not select any events"

     

     

     

    stripe tokenised

    in Pre-Sales Queries

    Posted

    Hi,

    I'm evaluating wisecp for my business. 

    I am particularly interested in supporting automatic subscription renewals.

     

    I'm having trouble setting up stripe (tokenised) 

    a) API error - "Sending credit card numbers directly to the Stripe API is generally unsafe. We suggest you use test tokens that map to the test card you are using, see https://stripe.com/docs/testing. To enable raw card data APIs in test mode, see https://support.stripe.com/questions/enabling-access-to-raw-card-data-apis."

    This error indicates increased responsibility for PCI compliance since raw CC details are being passed around, the strip basic module doesnt do this.

    could I get some clarity in the PCI-DSS status of this module? will I need to do a SAQ-D?

    "If you are working with a third-party platform which is requesting that you enable this feature on your Stripe account, please contact that platform to obtain the necessary documentation."

    do wisecp supply that?

     

     

    b) web hook setup - documentation has no events need to be configured in the web hook, but stripe will not let me save the web hook without at least one event (makes sense)

    https://docs.wisecp.com/en/kb/stripe

    "If you are going to use "Stripe Tokenized" you do not need to make any selection."

    what is the correct setting here?

     

    thanks!

×
×
  • Create New...