NextERP/documentation
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[IMP] payment_providers: PCI DSS compliance, payment methods on portal

Browse Source 
task-4042449
task-2949379

closes odoo/documentation#10987

X-original-commit: d8b827cda4
Signed-off-by: Audrey Vandromme (auva) <auva@odoo.com>
This commit is contained in:
Audrey (auva) 2024-09-05 13:04:47 +00:00
parent 62490945fd
commit d85b7f212f
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
content/applications/finance/payment_providers.rst
View File

@ -177,8 +177,8 @@ Bank payments
.. _payment_providers/add_new: .. _payment_providers/add_new:
Enable a payment provider Enabling a payment provider
========================= ===========================
To add a new payment provider and make its related payment methods available to your customers, To add a new payment provider and make its related payment methods available to your customers,
proceed as follows: proceed as follows:
@ -284,10 +284,19 @@ In this case, a **payment token** is created in Odoo to be used as a payment met
payments without the customer having to enter their payment method details again. This is payments without the customer having to enter their payment method details again. This is
particularly useful for the eCommerce conversion rate and subscriptions that use recurring payments. particularly useful for the eCommerce conversion rate and subscriptions that use recurring payments.
.. note:: .. tip::
You remain fully PCI-compliant when you enable this feature because Odoo does not store the card To add or delete their saved payment method details, customers can click :guilabel:`Manage
details directly. Instead, it creates a payment token that only references the card details payment methods` in the :ref:`customer portal <users-portal-payment-methods>`.
stored on the payment provider's server.
.. admonition:: PCI DSS and Attestation of Compliance
Odoo is not `PCI <https://www.pcisecuritystandards.org>`_ DSS-certified because it does not
store cardholder data or process payments. Instead, it outsources tokenization and payment to
:ref:`external payment providers <payment_providers/online_providers>`, which means that as an
Odoo customer, you only need to complete the minimal Self-Assessment Questionnaire (SAQ) with
the provider to obtain the Attestation of Compliance (AoC) and achieve PCI compliance. Odoo
should not be mentioned as a payment processor or a third-party service provider in the
:abbr:`SAQ (Self-Assessment Questionnaire)`.
.. _payment_providers/manual_capture: .. _payment_providers/manual_capture:

2
content/applications/general/users/portal.rst
View File

@ -156,6 +156,8 @@ on :guilabel:`Confirm Password`. Next, activate :abbr:`2FA (two-factor authentic
Finally, click :guilabel:`Enable two-factor authentication` to complete the setup. Finally, click :guilabel:`Enable two-factor authentication` to complete the setup.
.. _users-portal-payment-methods:
Change payment info Change payment info
------------------- -------------------