PayPal开发 -- REDICT CREDIT CARD PAYMNETS AND PCI compliance

最新推荐文章于 2020-08-06 09:02:59 发布

37_oC

最新推荐文章于 2020-08-06 09:02:59 发布

阅读量1.4k

点赞数

分类专栏： PayPal-开发文章标签： paypal PCI

本文链接：https://blog.csdn.net/milliemeter/article/details/51758757

版权

PayPal-开发专栏收录该内容

3 篇文章 0 订阅

订阅专栏

PREFACE

PayPal REST API 的 /v1/payments/payment 资源，可以创建 payment。
具体见如下链接：
https://developer.paypal.com/docs/api/payments/

Depending on the payment_method and the funding_instrument, you can use the payment resource for direct credit card payments, stored credit card payments, or PayPal account payments.

其中可以使用
direct credit card payments: 信用卡支付
stored credit card payments: 绑定在paypal账号上的信用卡支付
PayPal account payments: PayPal余额支付

看一下direct credit card payments 的请求体：

curl -v https://api.sandbox.paypal.com/v1/payments/payment \
-H "Content-Type:application/json" \
-H "Authorization: Bearer Access-Token" \
-d '{
  "intent":"sale",
  "payer":{
  "payment_method":"credit_card",
  "funding_instruments":[
    {
    "credit_card":{
      "number":"4417119669820331",
      "type":"visa",
      "expire_month":11,
      "expire_year":2018,
      "cvv2":"874",
      "first_name":"Betsy",
      "last_name":"Buyer",
      "billing_address":{
      "line1":"111 First Street",
      "city":"Saratoga",
      "state":"CA",
      "postal_code":"95070",
      "country_code":"US"
      }
    }
    }
  ]
  },
  "transactions":[
  {
    "amount":{
    "total":"7.47",
    "currency":"USD",
    "details":{
      "subtotal":"7.41",
      "tax":"0.03",
      "shipping":"0.03"
    }
    },
    "description":"This is the payment transaction description."
  }
  ]
}

请求体中，包含了信用卡的相关信息。这些信息是我们通过表单从客户那里收集到的；那么这个是非常有风险的。我们必须遵守 PCI。（Payment Card Industry 支付卡行业标准）

PCI

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

PCI compliance

All merchants who accept, store, transmit or process any cardholder data, regardless of size or number of transactions, must comply with the Payment Card Industry Data Security Standards (PCI DSS).

所有商家涉及到处理持卡人的数据时，必须遵守 PCI DSS。

PCI compliance handled by PayPal

With PayPal’s JavaScript buttons or the PayPal iOS SDK, PayPal handles the payment card information on your behalf and so greatly eases the burden of PCI compliance.

使用PayPal的 js buttons 获取 IOS SDK， PayPal 来处理卡信息，这样，我们就不需要和PCI打交道了。

PCI compliance handled by you

If you use the PayPal REST APIs for accepting credit card payments, you handle card data directly and will need to ensure you are PCI compliant.

如果使用 PALPAL REST APIs 中的 credit card payments 接口，商家就需要处理卡信息，商家就必须遵守PCI标准。

SUMMARY

小商家接入PAYPAL 就不要使用 PAYPAL REST API /v1/payments/payment 接口，创建信用卡直接付款。因为使用该接口，需要提供 cardholder data。很麻烦。
最好使用PAYPAL提供的前端JS- SDK 去支付；让PAYLPAL来处理客户的卡信息。

37_oC

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
1
评论
PayPal开发 -- REDICT CREDIT CARD PAYMNETS AND PCI compliance

PREFACEPayPal REST API 的 /v1/payments/payment 资源，可以创建 payment。具体见如下链接： https://developer.paypal.com/docs/api/payments/ Depending on the payment_method and the funding_instrument, you can use the
复制链接

扫一扫

专栏目录