libor wrote:
We had a similar problem, we are using now PayPal Direct with version 3.40 for credit card payments. ('Direct' means customers entering their card numbers on our site, not leaving our webshop pages)
Our recent concerns:
- PayPal is going to switch to TLS 1.2 only from July 1st. So we need to change the plugin anyway.
- PayPal is deprecating their Direct API. It is not any more offered to their new customers, although for us (as old customers) it is still available, but who knows how long...
- Touching those credit card numbers (although we don't store them) is a great security risk. In the wake of GDPR and the more-and-more strict PCI DSS requirements (we are required to do a certification that is definitely not meant for small companies) running these data thru our server is a growing problem for us with no apparent benefits.
- PayPal already forwards each new customer with credit card processing needs to their daughter company Braintree. Braintree has developed a solution where the shop operators do not see card data their customers enter in their browser, these are directly uploaded to the card processor. There is a pretty javascript pop-up window appearing for card data entry in the user's browser. Braintree was acquired by PayPal some years ago, so practically this is the official PayPal solution now.
- We would like to upgrade (and keep upgrading) our shop to the most current versions. PayPal Direct is not offered anymore with 4.1 and further version.
So we came to this solution:
We are upgrading to nopcommerce 4.0 (hopefully to 4.1 in some weeks) and will stop using PayPal but will use Braintree (plugins are available for 4.0 and hopefully beyond).
As a backup we are also implementing Stripe payments for credit card payments (I like their API more, they accept multiple currencies straight from the box, and also their user interface for the account management is more clear for me)
Our recent concerns:
- PayPal is going to switch to TLS 1.2 only from July 1st. So we need to change the plugin anyway.
- PayPal is deprecating their Direct API. It is not any more offered to their new customers, although for us (as old customers) it is still available, but who knows how long...
- Touching those credit card numbers (although we don't store them) is a great security risk. In the wake of GDPR and the more-and-more strict PCI DSS requirements (we are required to do a certification that is definitely not meant for small companies) running these data thru our server is a growing problem for us with no apparent benefits.
- PayPal already forwards each new customer with credit card processing needs to their daughter company Braintree. Braintree has developed a solution where the shop operators do not see card data their customers enter in their browser, these are directly uploaded to the card processor. There is a pretty javascript pop-up window appearing for card data entry in the user's browser. Braintree was acquired by PayPal some years ago, so practically this is the official PayPal solution now.
- We would like to upgrade (and keep upgrading) our shop to the most current versions. PayPal Direct is not offered anymore with 4.1 and further version.
So we came to this solution:
We are upgrading to nopcommerce 4.0 (hopefully to 4.1 in some weeks) and will stop using PayPal but will use Braintree (plugins are available for 4.0 and hopefully beyond).
As a backup we are also implementing Stripe payments for credit card payments (I like their API more, they accept multiple currencies straight from the box, and also their user interface for the account management is more clear for me)