Wishlist: Upgrade to Stripe v3 (elements)

Bug #1774892 reported by Garry Collum on 2018-06-03
This bug affects 12 people
Affects Status Importance Assigned to Milestone
Jason Stephenson

Bug Description

Evergreen currently uses stripe version 2. Version 3 (https://stripe.com/elements) is now available. Some of the new features, such as real time credit card validation and auto-generated PCI compliance documentation, would be helpful to both our patrons and staff.

Garry Collum (gcollum) on 2018-06-03
tags: added: wishlist
Changed in evergreen:
status: New → Confirmed
Jeanette Lundgren (jlundgren) wrote :

If we don't upgrade to v3 then Stripe Evergreen sites will need to file for annual compliance using the PCI Data Security Standard Self-Assessment Questionnaire A-EP (https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2-SAQ-A_EP.pdf) for partially outsourced e-commerce merchants using a third-party website for payment processing. This places the compliance burden on us not Stripe.

If we do upgrade to v3, the vendor will continue to file for compliance:

Stripe: For some context, the PCI Council has published a series of changes to eligibility requirements for Self-Assessment Questionnaire A (SAQ A). These require that businesses use input fields hosted by a payments provider in order to be eligible for the simplest PCI validation method (SAQ A). We've designed Stripe Elements with these changes in mind so that you can continue to validate using SAQ A without losing much of the flexibility and customization of a form hosted on your website if you migrate to v3.

Terran McCanna (tmccanna) wrote :

Marking this High importance since it directly impacts multiple current Evergreen implementations.

tags: added: billing opac
Changed in evergreen:
importance: Undecided → High
Changed in evergreen:
importance: High → Wishlist
importance: Wishlist → High
Martha Driscoll (mjdriscoll) wrote :

NOBLE chose Stripe as our credit card processor because our exposure to PCI compliance was minimal. We need/want to implement v3 and see this as a high priority.

Jason Stephenson (jstephenson) wrote :

This is also very important for us at CW MARS, so I will start on an implementation.

Here is a Google Doc with my notes on what needs to be done. If anyone has any comments on it, please add them here.


Changed in evergreen:
assignee: nobody → Jason Stephenson (jstephenson)
Changed in evergreen:
milestone: none → 3.next
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers