• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Purchasing XF is not easy process!

Biker

Well-known member
#21
What consumers fail to realize is accepting credit cards isn't cheap, especially in the software business. Fraud is rampant with software purchases, with scumbags trying to get out of paying by attempting to reverse the charge. Because of this, fees for companies who deal with software are much higher than your typical "brick and mortar" store.

So if you all are fine with paying 20-25% more for your renewals and licensing, I'm sure XF will be happy to look into accepting credit card payments directly.
 

Lee

Well-known member
#22
What consumers fail to realize is accepting credit cards isn't cheap, especially in the software business. Fraud is rampant with software purchases, with scumbags trying to get out of paying by attempting to reverse the charge. Because of this, fees for companies who deal with software are much higher than your typical "brick and mortar" store.

So if you all are fine with paying 20-25% more for your renewals and licensing, I'm sure XF will be happy to look into accepting credit card payments directly.
Although I see where you are coming from, other companies manage fine. IPS offer direct payment, as do many other software companies. It's something that will definitely need to be looked at in the future. I agree, however, now is not the time.
 

Lucas

Well-known member
#23
Although I see where you are coming from, other companies manage fine. IPS offer direct payment, as do many other software companies. It's something that will definitely need to be looked at in the future. I agree, however, now is not the time.
IPS didn't go through a 2 year lawsuit recently though. I'm sure once growth picks up and everything is running stably again they'll offer credit cards.
 

Lee

Well-known member
#24
IPS didn't go through a 2 year lawsuit recently though. I'm sure once growth picks up and everything is running stably again they'll offer credit cards.
They could of been accepting these cards before the trial. Like I said, I agree this isn't the time but this is something that definitely needs addressing.
 

Adam Howard

Well-known member
#25
It is a consideration. However, it is not going to get attention at this time, important as it may be, as we have other matters to attend, like a release...or 2.

It is worth mentioning that PayPal does take credit card payments directly. However, in some countries PayPal has limited use. We work with those who have issues and it is surmountable with patience and understanding.
There is no bank
There is no paypal

There is pre-paid visa / master / discover / amex

Make it work :)
 

Lucas

Well-known member
#27
They could of been accepting these cards before the trial. Like I said, I agree this isn't the time but this is something that definitely needs addressing.
They started with the trial unfortunately, and even then, I think they wouldn't have had the possibility to support it at first, probably.
 

Shamil

Well-known member
#28
The moment they do that they will open themselves up to a world of pain known as PCI compliance (if they take card details directly themselves via any method). You do not want that mess on your hands.
Technically, I am under the impression of, and the last QSA that I spoke to, is that XF may need to be compliant up to L1/ terms of SAQ A.

Gaining compliancy isn't that difficult, depending on what is done.
 

Deebs

Well-known member
#29
Technically, I am under the impression of, and the last QSA that I spoke to, is that XF may need to be compliant up to L1/ terms of SAQ A.

Gaining compliancy isn't that difficult, depending on what is done.
PCI-DSS only comes into effect if someone takes or stores payment card information online or offline. At this moment XF does not so PCI-DSS compliance will not apply to them.

As for compliancy it all depends what is in scope and it not just applies to IT systems but business processes including HR policys.
 

Shamil

Well-known member
#30
PCI-DSS only comes into effect if someone takes or stores payment card information online or offline. At this moment XF does not so PCI-DSS compliance will not apply to them.

As for compliancy it all depends what is in scope and it not just applies to IT systems but business processes including HR policys.
Actually I don't think PayPal would ever release cardholder information at this stage. I will clarify that you meant that DSS comes into effect when, at the lowest lowest level, the merchant maintains cardholder data in non electronic format, and such data is not received electronically.

My experience has shown that compliancy starts at IT but spreads to anyone who could ever come into contact with such data, potentially even cleaners.
 

Deebs

Well-known member
#31
Actually I don't think PayPal would ever release cardholder information at this stage. I will clarify that you meant that DSS comes into effect when, at the lowest lowest level, the merchant maintains cardholder data in non electronic format, and such data is not received electronically.

My experience has shown that compliancy starts at IT but spreads to anyone who could ever come into contact with such data, potentially even cleaners.
I am confused by your response. At this point XenForo Ltd IS NOT exposed to PCI-DSS compliance as they are not taking/storing payment card information. Period. Their merchant (in this case PayPal) is subject to PCI-DSS.

It is not all about who comes into contact with payment card data but also the processes within the business, ie starter leaver policies, penetration tests etc. This is a subject we could bang on for years and I feel that most would get bored of it, I've done it for many years and I am bored of it :)
 

Shamil

Well-known member
#32
I am confused by your response. At this point XenForo Ltd IS NOT exposed to PCI-DSS compliance as they are not taking/storing payment card information. Period. Their merchant (in this case PayPal) is subject to PCI-DSS.

It is not all about who comes into contact with payment card data but also the processes within the business, ie starter leaver policies, penetration tests etc. This is a subject we could bang on for years and I feel that most would get bored of it, I've done it for many years and I am bored of it :)
I'm not disagreeing with you....
We're opting to go down the PCI compliance route, even though we're not storing cardholder data, we may be storing specific bank details.
 

Deebs

Well-known member
#33
I'm not disagreeing with you....
We're opting to go down the PCI compliance route, even though we're not storing cardholder data, we may be storing specific bank details.
That is a good thing as it indicates you take data security seriously and will have business processes in place. I wish you luck on your endeavour.
 

Digital Doctor

Well-known member
#37
Does anyone know if most businesses have Paypal (vs. just a credit card)? I would think they do.
Google Checkout seems like a good idea.
If using Google checkout ... is that just like using your Credit card ?