Post by rambo1337 » Sat Apr 17, 2010 4:57 pm

HI

I'm looking at Paypal Payments Pro and trying to get my head around what I actually need with this. I know I need the usual policies on the site but am I right in saying:

I need an SSL certificate
I need the shipping, returns, terms etc..
I need to complete an annual questionnaire
I need a quarterly network scan - what does this involve?

Do I need to do anything else to be compliant?

Are the card details actually taken on my server and then sent to PayPal or is the user entering them on PayPal's website?

Thanks

Newbie

Posts

Joined
Sat Apr 10, 2010 4:29 am

Post by peteVA » Sun Apr 18, 2010 10:49 pm

You should not need an SSL cert.

You will be sending them to PayPal's gateway, which is secure. Payments Pro is similar to most gateway / virtual terminal setups. Everything is done on their secured server.

A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!


User avatar
Active Member

Posts

Joined
Mon Jul 20, 2009 8:25 am

Post by rambo1337 » Mon Apr 19, 2010 1:22 am

But it seems that the user puts the details in on opencart then clicks submit... http://forum.opencart.com/viewtopic.php?f=20&t=10229

Or is it some sort of iframe>?

Newbie

Posts

Joined
Sat Apr 10, 2010 4:29 am

Post by okstated » Mon Apr 19, 2010 1:43 am

If you are planning to use PayPal Payments Pro to process payments from your website then you will absolutely need an SSL certificate because payment information will be sent online from your website to paypal for processing.

https://www.paypal-community.com/t5/How ... D983222EFC

New member

Posts

Joined
Fri Jan 29, 2010 11:22 am

Post by Daniel » Mon Apr 19, 2010 2:01 am

you only need to be PCI compliant if you are store creadit card information. which you are not!

OpenCart®
Project Owner & Developer.


User avatar
Administrator

Posts

Joined
Fri Nov 03, 2006 6:57 pm

Post by peteVA » Mon Apr 19, 2010 5:39 am

You collect no payment data on your site with any PayPal method, which is what made it so popular from the start.

You collect no payment data on your site with any of the payment processors / gateways.

Unless you are actually collecting the payment info on your server, you need no SSL cert. This does not mean that the "seals" provided by the SSL cert providers cannot be a sales factor for your cart, but that is all they are, since all card info is collected elsewhere.

Simply do a transaction with no SSL and you will still see the "secure padlock" down in the right corner.

A Trusted Wholesale Dropshipper
Web Hosting Under $ 5.00 Month! FREE Shopping Carts!
25,000+ Real Wholesale & Dropship Sources!


User avatar
Active Member

Posts

Joined
Mon Jul 20, 2009 8:25 am

Post by okstated » Mon Apr 19, 2010 8:02 am

peteVA wrote:You collect no payment data on your site with any PayPal method, which is what made it so popular from the start.

You collect no payment data on your site with any of the payment processors / gateways.

Unless you are actually collecting the payment info on your server, you need no SSL cert. This does not mean that the "seals" provided by the SSL cert providers cannot be a sales factor for your cart, but that is all they are, since all card info is collected elsewhere.

Simply do a transaction with no SSL and you will still see the "secure padlock" down in the right corner.

This is not correct. PayPal states that PayPal Payments Pro requires you to manage credit card data security. You need your own SSL certificate if you use this service. PayPal standard does not require an SSL certificate but the Pro version does because you ARE accepting credit card information on YOUR website.
https://merchant.paypal.com/us/cgi-bin/ ... secondpage
See the last line in the full comparison between Website Payments Standard and Website Payments Pro.

New member

Posts

Joined
Fri Jan 29, 2010 11:22 am

Post by Qphoria » Mon Apr 19, 2010 8:20 am

peteVA wrote:You should not need an SSL cert.

You will be sending them to PayPal's gateway, which is secure. Payments Pro is similar to most gateway / virtual terminal setups. Everything is done on their secured server.
Incorrect. Paypal Pro is designed to collect credit card details on your site so the customer never leaves. In this case you DO need an SSL certificate and a Paypal Pro account. Paypal Pro will give you the required info like Authorization API and Signature and you simply enter that into the Paypal Pro config area in the admin panel.

In regards to PCI, you should have nothing to worry about as long as you are using an SSL Cert. You are not storing any information on your site nor is there any outside processing occurring between the final button press and transaction.

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

User avatar
Active Member

Posts

Joined
Mon Jul 20, 2009 8:25 am

Post by rambo1337 » Tue Apr 20, 2010 1:57 am

Will RapidSSL be ok? There's some variation in prices so I dont know.. are they all as secure as each other

Newbie

Posts

Joined
Sat Apr 10, 2010 4:29 am

Post by Qphoria » Tue Apr 20, 2010 2:07 am

Should be fine

Image
Donate!|OpenCart Basics|GeoZones
Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by ghetto_puppy » Sat Apr 28, 2012 8:58 am

Are payments through the OpenCart PayPal Payments Pro module covered by PayPals Seller Protection Policy?
https://cms.paypal.com/us/cgi-bin/?cmd= ... learn_more

I wonder if collecting data on my web host increases my liability with fraudulent orders...

http://hydroharbor.com


Newbie

Posts

Joined
Sat Apr 28, 2012 8:49 am
Location - Tempe, Arizona, USA

Post by Tcalp » Sat Apr 28, 2012 1:37 pm

No, You would not be protected under PayPals Seller Protection Policy, irregardless of weather you use Payments Pro or not any 'business transaction' is not covered under this policy. The policy you are referring to is to protect 'average joe' seller, not businesses.

Increase Page Speed (#1 rated commercial extension on OpenCart Marketplace)
15in1 Essential Extensions Value Pack Premium Customer Testimonials Reward Points Extended Admin Security Lockdown Suite

Image
irc.freenode.net #opencart


User avatar
Active Member

Posts

Joined
Wed Jul 06, 2011 1:49 pm

Post by Nimitz1061 » Sat Apr 28, 2012 7:25 pm

First, SSL is an essential for serious sellers no matter what payment method you use. If nothing else, it helps secure your admin from prying eyes. It does boost buyer confidence and I regularly see it increase conversion rates. Its also dirt cheap.

Second, whether Paypal provides formal seller protection or not, they will assist in fighting chargebacks, and if you follow the other rules for their seller protection program you have a reasonable chance of winning those disputes.

If you'd like more clarity about the process, and (more often than not) lower fees, I'd suggest a merchant account. The PCI requirements are not all that onerous, and are not much more than what you'd do on your own if you're serious about not having your sales stolen from you every three months or so by any cracker who happens to wander by...

Specializing in secure Hosting 4 OpenCart based eCommerce websites.


New member

Posts

Joined
Sat Mar 24, 2012 7:49 pm
Location - United States

Post by Avvici » Sat Apr 28, 2012 8:19 pm

Nimitz1061 wrote:First, SSL is an essential for serious sellers no matter what payment method you use. If nothing else, it helps secure your admin from prying eyes. It does boost buyer confidence and I regularly see it increase conversion rates. Its also dirt cheap.

Second, whether Paypal provides formal seller protection or not, they will assist in fighting chargebacks, and if you follow the other rules for their seller protection program you have a reasonable chance of winning those disputes.

If you'd like more clarity about the process, and (more often than not) lower fees, I'd suggest a merchant account. The PCI requirements are not all that onerous, and are not much more than what you'd do on your own if you're serious about not having your sales stolen from you every three months or so by any cracker who happens to wander by...
Well spoken. I agree 100%. Customers needs a sense of security even if they are using Pay Pal Standard, or even if they are entering their email somewhere.

I also liked what Daniel said about PCI. General rule of thumb is that you "never" store that kind of sensitive data in your database unless you feel like losing years of sleep from liability stress. Leave it to the big dogs that are already set up for it :)

User avatar
Expert Member

Posts

Joined
Tue Apr 05, 2011 12:09 pm
Location - Asheville, NC
Who is online

Users browsing this forum: No registered users and 42 guests