tford wroteCan someone please clarify whether the proposal is for the AwareIM process to collect a CC number to transmit to Stripes? I THINK that's what I read in the prior thread.
The one advantage I see to the PayPal process is zero responsibility & liability for handling a customer's CC number. With the high visibility in the U.S. when there is a security failure which leads to disclosure of CC info, I have no interest in being exposed to that liability. There may be legal ramifications to handling CC numbers electronically that I would have no way of staying up to date with.
Tom, that's why I brought up the SSL certificate issue to help this matter. YES, the fact that we (developers) have to collect CC info. and pass it electronically to a Payment processing center, puts the liability on our shoulder.
Back in 2010, as I was doing a project for a client in ASP.net, at first we did everything with PP "Express Checkout" which used SOAP protocol to communicate with PP server. At the very last moment before going live, the owner decided to change it to the classical way, which basically re-directs a consumer to pp site and cleared himself from the liability of having anything to do with CC info.
Having said, keep in mind that we are NOT storing CC in our database, Stripe is. So, it removes a great deal of liability from us. And by using SSL and HTTPS, we can securely transfer the CC info on the first charge.
I was also reading an article, that said, it's almost impossible to pinpoint at what point or from where a CC info was stolen. A CC info. might be stolen today but won't be used for a while to make it hard at what point it was stolen.
But yes, that is # 1 concern too.