|Posted: Friday Apr 26th, 2013 at 8:32 pm #48515|
I was under the impression, based on the explanation in your documentation, that SSL would be sufficient for covering PCI compliance concerns with embeded paypal pro forms. This is apparently not enough, according to
Since Paypal Pro forms allow customers to input credit card info on the site itself, and not just the site of the payment gateway, the site that hosts the Paypal Pro forms needs to be PCI compliant.
I contacted my host and asked about options, and they basically recommended finding a way around the issue by using a payment gateway. Here is what they said:
“In order to integrate your site with a payment gateway, the payment gateway’s API would need to be used. Though many payment gateways provide an API to pass credit card information directly from your site’s code to the payment gateway, such an API could not be used with our hosting platform as this would mean that the credit card information would be captured and processed by our non-DSS compliant shared PHP servers. As an alternative, you can utilize a payment capture page provided by your payment gateway for the customer to enter in payment information such as with Authorize.Net’s Simple Checkout option, or you can have a customer enter data into a form on your site that would post to a payment collection page at the payment gateway then redirect to an order confirmation page as per the Direct Post Method option of Authorize.Net. The Direct Post Method is more seamless to the customer, though would be more difficult to implement. Both methods would result in a postback response being made to your site from the payment gateway with the results of the transaction so that your application can verify that the payment went through.”
Do the paypal pro forms with S2 Member use something like the “Direct Post Method” described here?
Is there a way to integrate S2 Member with a “payment capture page”? It seems that Paypal may offer something like this in their Paypal Advanced service, but I don’t think that is integrated with S2 Member.
I’ve tried every “easy” work around I can think of, including paypal Express, but that checkout process is really messy.
- s2Member® Products