Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Which PayPal method is PCI compliant in Australia and doesn’t require a PayPal Account
 
chris r
Jr. Member
 
Total Posts:  1
Joined:  2012-01-09
 

hi

I’m trying to work out the best PayPal payment method to use for sites in Australia. 
The restrictions are:
1. We don’t want to capture credit information on our hosted server - we want payment processing handled by PayPal
2. We don’t want to force the customer to signup for a PayPal account if they don’t already have one.

We are mostly concerned with Magento CE/Enterprise, although we do have a few MagentoGo clients.

When testing a MagentoGo site that only had Website Payments Standard enabled, it would not allow us to pay through PayPal, without creating a PayPal account. This is contrary to the documentation at PayPal, which says it isn’t necessary.

Wallowing through the various naming standards, I’ve pasted the relevant info I came up with.

Q1 - should Payments Standard allow you to pay without creating a PayPal account?
Q2 - I assume the Payflow Gateway actually captures card info on our servers, and would require us to have PCI certified hosting to implement, which is not likely.

Any info?  They really seem to want people to use Express Checkout, but that does force you to have an account.

My PayPal notes

PayPal at https://www.paypal.com/au/cgi-bin/webscr?cmd=_profile-comparison refers to:

1.Paypal express checkout (paypal checkout, needs merchant acct, api or html)
2.Website payments standard (paypal checkout, no merchant acct, no cust acct, html)
3.Payflow pro (website or paypal checkout, includes merchant acct, no cust acct, api)
4.Payflow gateway (website or paypal checkout, needs merchant acct, no cust acct, api or html)
5.Email payments (paypal checkout, no merchant acct, no cust acct, no code)

The Australian business products page is at https://www.paypal.com/au/webapps/mpp/compare-business-products
Strangely it describes PayPal Express as not leaving your website, but that isn’t really true.

Magento at http://www.magentocommerce.com/paypal only refers to:

1.PayPal Express Checkout
2.PayPal Payments Pro (accept payments directly on your website - and doesn’t match anything above)

Magento at http://www.magentocommerce.com/knowledge-base/entry/setting-up-paypal-for-your-magento-store/ refers to:

1. Express Checkout
2. Website Payments Standard
3. Website Payments Pro (says US, UK, Canada)
4. Website Payments Pro Payflow Edition
5. Payflow Pro Gateway (says US, UK, AU, NZ)
6. Express Checkout for Payflow Pro (relies on Payflow Pro Gateway or Website Payments Pro Payflow Edition)

Magento on our sites used so far contains (admin name and description):

1.Express Checkout – Add an Express Checkout button to your existing shopping cart for quick and easy credit card payments. PayPal handles all payment processing.
2.Website Payments Standard – PayPal processes all of your orders, and you get paid.
3.Payflow Pro Gateway – Don’t have a PayPal merchant account? You can still accept credit card payments through the Payflow Pro Gateway.
4.Website Payments Pro Hosted Solution – Payments by cards + seller protection - Contact PayPal before activating

PayPal Product Descriptions

PayPal Express
Add PayPal as a payment option to your checkout page - or use it as a stand-alone solution. You’ll open the door to over 100 million active PayPal users who look for and use this fast, easy, and secure way to pay.

Website/PayPal Payments Standard
Add a PayPal payment button to your site to accept credit cards and PayPal payments securely. When your customers check out, they are redirected to PayPal to pay, then back to your site once they’re finished.

PayPal Payflow Pro
Connect a fully customizable payment gateway with your Internet merchant account to accept credit card and PayPal payments directly on your site. Payflow Pro offers you complete control of your customers’ payment experience and helps ensure every transaction is secure.

Payments Pro Hosted Solution - goes to a PDF at https://cms.paypal.com/cms_content/GB/en_GB/files/developer/HostedSolution.pdf and is available in AU, FR, but not US.

http://www.blueacorn.com/magento-blog/pci-compliance-for-magento/ suggests that Magento CE is only PCI compliant if you use a hosted solution eg paypal express. Visually it’s very clear that you are leaving your website. Apparently SaaS solutions such as CRE Secure deliver semi-seamless PayPal gateways that can be styled, although the URL still changes. Magento Enterprise has a separate Payment Bridge that was PA-DSS certified. But it sounds like the hosting needs to be PCI compliant with separate DB and webservers, which rules it out for webqem.

 
Magento Community Magento Community
Magento Community
Magento Community
 
bkscott
Sr. Member
 
Avatar
Total Posts:  137
Joined:  2009-07-16
Sacramento
 

I’m not sure if this is available to you, but I was using paypal payments advanced for a short while.

This method opens up an iframe that gives the customer the option to pay with a paypal account or with a credit card.

the iframe loads from paypals server so your server never actually sees the data, which makes it pci compliant.

i know for a fact that you can get this with magento CE 1.6.2. Im not sure if paypal limits that service based on country, but I had it available in the USA.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top