Re: [Snowdrift-discuss] PCI compliance

2017-07-18 Thread tuxayo
Hi, On 2017-07-11 16:41, Alyssa Rosenzweig wrote: > Side question: can Snowdrift accept non-credit card payments? (crypto > currency, for instance) The same issues about holding funds would appear, wouldn't they? Maybe because cryptocurrencies might be in a grey legal area in the US, we wouldn't

Re: [Snowdrift-discuss] PCI compliance

2017-07-11 Thread Alyssa Rosenzweig
> There's no inherent reason why we can't, but to start with we're minimizing > complexity by handling money exclusively through Stripe, which accepts > credit cards only. More info here: > https://wiki.snowdrift.coop/market-research/payment-services This was interesting, thanks. (Now I'm down a

Re: [Snowdrift-discuss] PCI compliance

2017-07-11 Thread Tufts
On Tue, Jul 11, 2017 at 10:41 AM, Alyssa Rosenzweig wrote: Side question: can Snowdrift accept non-credit card payments? (crypto currency, for instance) Currently, no. There's no inherent reason why we can't, but to start with we're minimizing complexity by handling money exclusively through

Re: [Snowdrift-discuss] PCI compliance

2017-07-11 Thread Alyssa Rosenzweig
Side question: can Snowdrift accept non-credit card payments? (crypto currency, for instance) signature.asc Description: PGP signature ___ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdrift.coop/mailman/listinfo/discuss

Re: [Snowdrift-discuss] PCI compliance

2017-07-11 Thread Stephen Michel
On July 10, 2017 4:53:25 PM EDT, fr33domlover wrote: >I'm bringing this up especially because right now Snowdrift is using >Stripe's >proprietary JS, which will surely raise eyebrows sooner or later, and >regardless of that, I suppose we need this PCI thing. Anyone has >thoughts about >it? It'l

Re: [Snowdrift-discuss] PCI compliance

2017-07-10 Thread Bryan Richter
On Tue, Jul 11, 2017 at 01:42:34AM +0300, fr33domlover wrote: > On Mon, 10 Jul 2017 14:18:53 -0700 Aaron Wolf wrote: > > > The real long-term solution is what CrowdSupply does: They accept > > the financial details on their front-end using only free software > > and then have the server send the in

Re: [Snowdrift-discuss] PCI compliance

2017-07-10 Thread fr33domlover
On Mon, 10 Jul 2017 14:18:53 -0700 Aaron Wolf wrote: > The real long-term solution is what CrowdSupply does: They accept the > financial details on their front-end using only free software and then > have the server send the information to Stripe using Stripe's API and > without *ever* storing th

Re: [Snowdrift-discuss] PCI compliance

2017-07-10 Thread Stephen Paul Weber
In the normal case‎, PCI compliance isn't too bad. You have to use TLS (duh) and make sure you never store credit card info (not even in logs or swap) and that's pretty much it.‎ ___ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdr

Re: [Snowdrift-discuss] PCI compliance

2017-07-10 Thread Curtis Gagliardi
I may be misunderstanding but if it's significant effort it makes a lot of sense to me to go without it until ready to switch off stripes js. On mobile and haven't looked at the guide yet. On Mon, Jul 10, 2017, at 02:18 PM, Aaron Wolf wrote: > On 07/10/2017 01:53 PM, fr33domlover wrote: > > Hello

Re: [Snowdrift-discuss] PCI compliance

2017-07-10 Thread Aaron Wolf
On 07/10/2017 01:53 PM, fr33domlover wrote: > Hello everyone, > > > I found a nice website with human readable info about PCI compliance: > > > > I'm bringing this up especially because right now Snowdrift is using Stripe's > proprietary JS, wh

[Snowdrift-discuss] PCI compliance

2017-07-10 Thread fr33domlover
Hello everyone, I found a nice website with human readable info about PCI compliance: I'm bringing this up especially because right now Snowdrift is using Stripe's proprietary JS, which will surely raise eyebrows sooner or later, and regardless