Stripe.com - AwareIM Plugin Development

RLJB

This thread is a continuation of this topic (but with the correct subject):
Anyone interested in Paypal REST Base Inteface from Aware?>

Mark - pro-rata charges should be calc'd in Aware (much easier).

Ben - the previous plugin we got developed from Aware came with a sample BSV and was very easy to use, shouldn't be a problem.

BenHayat

Well, as an official thread for this plugin, I put my name down as an interested party. I suggest others do the same, so Rod will have an official count to go by. I assume the more people up front, the less money each person has to pay. So, let's get the counts up. 🙂

Ben Hayat

tford

Can someone please clarify whether the proposal is for the AwareIM process to collect a CC number to transmit to Stripes? I THINK that's what I read in the prior thread.

The one advantage I see to the PayPal process is zero responsibility & liability for handling a customer's CC number. With the high visibility in the U.S. when there is a security failure which leads to disclosure of CC info, I have no interest in being exposed to that liability. There may be legal ramifications to handling CC numbers electronically that I would have no way of staying up to date with.

BenHayat

tford wrote
Can someone please clarify whether the proposal is for the AwareIM process to collect a CC number to transmit to Stripes? I THINK that's what I read in the prior thread.

The one advantage I see to the PayPal process is zero responsibility & liability for handling a customer's CC number. With the high visibility in the U.S. when there is a security failure which leads to disclosure of CC info, I have no interest in being exposed to that liability. There may be legal ramifications to handling CC numbers electronically that I would have no way of staying up to date with.

Tom, that's why I brought up the SSL certificate issue to help this matter. YES, the fact that we (developers) have to collect CC info. and pass it electronically to a Payment processing center, puts the liability on our shoulder.
Back in 2010, as I was doing a project for a client in ASP.net, at first we did everything with PP "Express Checkout" which used SOAP protocol to communicate with PP server. At the very last moment before going live, the owner decided to change it to the classical way, which basically re-directs a consumer to pp site and cleared himself from the liability of having anything to do with CC info.
Having said, keep in mind that we are NOT storing CC in our database, Stripe is. So, it removes a great deal of liability from us. And by using SSL and HTTPS, we can securely transfer the CC info on the first charge.

I was also reading an article, that said, it's almost impossible to pinpoint at what point or from where a CC info was stolen. A CC info. might be stolen today but won't be used for a while to make it hard at what point it was stolen.

But yes, that is # 1 concern too.

tford

Thanks for the clarification, Ben. Collecting CC info is a deal breaker for me. Can't afford the responsibility of staying up on CC laws and regulations.

BenHayat

tford wrote
Thanks for the clarification, Ben. Collecting CC info is a deal breaker for me. Can't afford the responsibility of staying up on CC laws and regulations.

But Tom, before giving up, you should checkout Stripe site and check their FAQ. I'm sure they offer solution. Stripe is the # 1 growing Payment processing center now. They must be doing something right.
Lots of companies who offer Business shopping cart, are now using Stripe.
If you get into volume, and monthly subscription, the classic PP becomes the deal breaker. But for low volume, classic is ok.

tford

But Tom, before giving up, you should checkout Stripe site and check their FAQ. I'm sure they offer solution. Stripe is the # 1 growing Payment processing center now. They must be doing something right.

It's not that I don't think Stripe is a fine company doing great things ... our organization just has a policy about not collecting credit card info electronically. Our policy is to have a 3rd party system collect CC info & take any related risk. So, I need to stick with solutions that conform with that approach.

BenHayat

tford wrote
But Tom, before giving up, you should checkout Stripe site and check their FAQ. I'm sure they offer solution. Stripe is the # 1 growing Payment processing center now. They must be doing something right.

It's not that I don't think Stripe is a fine company doing great things ... our organization just has a policy about not collecting credit card info electronically. Our policy is to have a 3rd party system collect CC info & take any related risk. So, I need to stick with solutions that conform with that approach.

I understand your limitation due to organization's policy. As part of my reply [to you], I was also sharing other thoughts with other readers as well, even though I was replying directly to you.
The classic should do very well for you, as it did in 2010 for our client when he switched to classic.

BenHayat

RLJB wrote
Ben - the previous plugin we got developed from Aware came with a sample BSV and was very easy to use, shouldn't be a problem.

Rod, when I was inquiring about Braintree Plugin, I ask Support if it comes with Doc and/or sample and they said no. And that was the reason I brought up that point of having enough info to use the plug in, so it won't end up needing to purchase additional support ticket.

BTW, have you asked support the possibility of them developing such plugin and their willingness to do so? If yes, any idea how long it would take for us to use it? I need to plan accordingly.
Thanks!

RLJB

Ok, response back from AwareIM, the cost is:

AUD$950 + tax $95 = AUD$1045 - at current xe.com exchange rate this is USD$817

It can be done by the middle of next week (provided there are no issues with their APIs).

At this stage, please provide a show of hands for who wants to contribute to this? Upon reflection I believe the fairest way to do this is we get the total number of interested parties and divide the cost equally between each party. Let's see how many people we have interested first and then we can go from there.

Tom - you don't hold credit card numbers, all these services (Stripe included) are designed to decrease your PCI compliance requirements as much as practicable. You do need a SSL cert though. You can read more here:
https://support.stripe.com/questions/do-i-need-to-be-pci-compliant-what-do-i-have-to-do

BenHayat

Rod, thank you for following through.

I'm in, as long as there is at least 5 in.

BenHayat

If at least Mark, George and Henrik sign up, we got our base 5, the more the better. 🙂

customaware

Of course I am in.

BenHayat

Rod, could you kindly share with us the specs that Support has agreed to perform for the given quote? Also, did you include Debit Card (Vias/Mastercard, etc) and a Sample BSV?

Q: I've not used any Plugins with Aware before. Does it mean, every time we get a new aware Update, we need to re-install the plugin?

Thanks!

customaware

Generally not Ben.

the plugins reside in a folder called C:\AwareIM\CustomJars and is preserved in each update.

The only other thing you need to remember is that you need a make a config change (which is not preserved after an update) to the
AwareIM/bin/awareim.conf file to add the reference to the plugin jars ONLY IF YOU ARE RUNNING AWARE AS A SERVICE.

More on the topic of automatically reconfiguring all your files after an Aware update coming shortly. 😉

RLJB

Ben - scope is:

Create a customer and save credit card details
Undertake a one-off payment transaction
Make a charge against a customer's card
Update card holders details

For Visa/Mastercard (inc. Debit cards)

You will get a sample bsv (you get one as you have to test it, so we will do the testing and provide the final one that works) and if it is tricky we will make a video and post it up to show you how to install. With plugins you don't need to reinstall at every Aware upgrade (you just put them in a folder and refer to it on your BO's within Aware).

customaware

When you say "one off" Rod....

Does that mean will have to seek customer approval every month for the next payment of a subscription fee?

BenHayat

RLJB wrote
Ben - scope is:

Create a customer and save credit card details

Undertake a one-off payment transaction

Make a charge against a customer's card

Update card holders details

For Visa/Mastercard (inc. Debit cards)

You will get a sample bsv (you get one as you have to test it, so we will do the testing and provide the final one that works) and if it is tricky we will make a video and post it up to show you how to install. With plugins you don't need to reinstall at every Aware upgrade (you just put them in a folder and refer to it on your BO's within Aware).

Excellent Sir, I'm in. I just signed up and opened an account and activated with Stripe and it seemed it went through, because I got the final √ ok from them.

Is activating an account (Providing name, Business/product info, Bank account, verify with FB, LinkedIn, Google and address) the only thing we need to do, to get started with testing with sandbox and then go live?
I don't know much about Stripe's system.

Thank you Rod!!!

BenHayat

Just got this from Stripe.

Once you are ready to start accepting live payments, you will just need to use your live API keys instead of your test API keys. Your account can simultaneously be used for both test and live requests, so you can continue testing while accepting live payments

Who provides us with "Live API Keys"? Support or Stripe?

I thought I share this, so we all be aware of Live API Keys.

BenHayat

I was just reading Stripe's docs on API upgrade. It seems like they regularly upgrade the API and some are MAJOR upgrades.
Is this plugin going to get upgraded or is it going to be like the Braintree that wasn't upgraded sine 2013?
Rod, can you put some form of agreement in this quote that Awaresoft maintains periodic updates (every six months for a fee or build it into the quote), since the API is changing.

Just something to note on.
Thanks!