gutterboy

Posh area haha my mate Callum is from East Riding Yorkshire haha.

LOL no biggie....... I'll just select North Yorkshire then.

While they may not be federal laws (yet...though they already are in some states), PCI is required by all major credit cards networks (Visa, Master Card, Discover, American Express)...and if you are found in breach of them you can face hefty fines and expulsion from said credit networks.  Not complying with PCI Standards and being caught could easily mean that you'll never be able to accept credit cards or get approved for a merchant (or non-merchant) account again.  If you get blacklisted by the credit networks you are screwed as a business.
 
It's not something that many sole proprietor's or small business think about, but PCI Compliance is a serious issue and should be viewed as such.

For non-merchant redirection gateways such as Paypal standard, where the users sees www.paypal.com in the address bar, instead of your site URL, there is no need for PCI compliance.
That's why non-merchant gateways are a much better option for most businesses.
 
For every gateway that allows payment information to be collected while your own site URL is in the address bar -including Stripe- you need PCI compliance when PCI 3.0 becomes required (2015?)
Do note that Mastercard and VISA do not require compliance VALIDATION by the acquiring bank for smaller merchants.
This means that while you do need to comply, the gateway/bank is not required to check that you actually ticked all the boxes on the SAQ paperwork, and actually did the quarterly external security scans.
It may therefore still be tempting to "forget" to comply. However if there is an incident, they likely do want to see it, and if it turns out you were not in compliance, there will be trouble.
That they didn't check up on you earlier, does not mean the contract clause requiring compliance will not stand.

We use our own template so not a big issue haha

You can do so with the CSS toolkit so you don't need to keep editing it

For those comfortable editing their css I have in the mean time done this with:
.row .col-md-3 .list-group a[href='/billing/client/main/invoicemethod/'] { display: none; } If you want to hide the auto payment box too you can just change it to:
.row .col-md-3 .list-group a[href='/billing/client/main/invoicemethod/'], .row .col-md-3 .list-group a[href='/billing/client/accounts/'] { display: none; } Note: If your Blesta installation is not installed into the billing directory, you will need to change the word "billing" to the name of your installed directory.

For those comfortable editing their css I have in the mean time done this with:
.row .col-md-3 .list-group a[href='/billing/client/main/invoicemethod/'] { display: none; } If you want to hide the auto payment box too you can just change it to:
.row .col-md-3 .list-group a[href='/billing/client/main/invoicemethod/'], .row .col-md-3 .list-group a[href='/billing/client/accounts/'] { display: none; } Note: If your Blesta installation is not installed into the billing directory, you will need to change the word "billing" to the name of your installed directory.

Hmmmmm ok. I thought it was direct as that's what this post indicated: http://www.blesta.com/forums/index.php?/topic/2055-stripe-payment-gateway-pci-compliance/page-4#entry19419

Blesta uses the Checkout method. There are some other threads about Stripe and PCI compliance, you might want to search for them.

the ETA this week will be released with some HOT feature , block admin area by ip , block acces to uninstalled plugins via ,  add/edit/delete custom links in client/admin side .
 
now i'm making a full rewrite to this plugin .
 
if you want to add custom link , you should add it to the Table: plugin_actions .
 
nav_primary_client = client side .
nav_primary_staff = admin side .

wait my new release of "Admin tools" plugin , you can add/remove custom primary/secondary staff links , primary client links .

That's right. With gateways that support tokenization, Blesta stores the last 4 encrypted and the expiry date. The last 4 are stored so the client can identify the card in the payment account, and the expiry so that the client can be notified when their card is expiring and needs to be updated. CVV data is NEVER stored in Blesta.
 
If we implement token storage for eWay, it will then support both local and tokenized storage of card numbers. Some people prefer local storage, because it means they are not "locked" into using a particular gateway. Of course, tokens are much more secure and we recommend using token storage whenever possible.

Yup, every merchant gateway works that way.

.row .col-md-3 .list-group li:first-child {diplay:none;} Should be right. Think you missed the 'li' part

Hmmmmmm...... yeah it's weird. Not sure what happened haha......... I'll update if it happens again.

This has been fully added to my next release of "Admin Tools" plugins , now you can set wich IP to access admin area , if not authorized redirect to 404 error page .
 
also i have implemented a new security way , to block access direct link of uninstalled plugins , now if the plugin is not installed no one can access it , i'm working now in modules too , to forbidden access if not installed .
 
need also block access to  client side by IP
 
i will finish the complete rewrite of this plugin and making some tests  and i will make it available next week .

Yeah, just noticed that haha...... all good!

Good idea, CORE-1467

Yup, CORE-1324. I also suggest setting up 2FA for all staff, if you haven't already.

I decided back in May 2013, I was fed up with constant updates from WHM** and they used to be issued every night at 2am GMT - 4am GMT. They always broke patches and was slow on support. They also wasn't active on their forums and try to hide everything. Stop you from posting on their facebook, they are immature and to think I was a customer with them since 2008. 
 
Anyway yes I had enough of them and though right I need out. Why have a broken billing system. I was thinking about HostBill, ClientExec and Blesta, and thought which one was better... I then found out HostBill was just like WHM** and also based some of their code from it. So why would I move to the same system? So I put that out, I looked at Blesta's demo and looked at ClientExec's. ClientExec was hard to use and wasn't cheap.
 
I went to Blesta's and saw it was $99 owned unbranded license and a free upgrade to 3.x. I then saw they did a 30% off and thought I'd be cheeky and contact the guys at Blesta to see if I could use it to move from WHM** because I didn't have the full amount in my PayPal. I found out that the $99 was already a promotion and cheaper than normal from Paul and I thought yes I need to save up and use Blesta because it's perfect, it's secure and simpler to use.
 
I posted on our Facebook page that we was getting ready to migrate to a new system shortly. My mate Dave from FRH contacted me and asked which one I was considering since they was also thinking about moving from WHM**. Anyway they bought their license before me and I bought ours a few days after. 
Joining the forum and having a nice experience I knew I made the right choice... and when we got the Beta email to join the forum, I was on this new forum faster than you can say good bye. And I've never ever looked back. Best investment I've put into my business. And that's why I support Blesta and help other to move because it's so much better on this side and not the competitors who put themselves first and not their customers.

Yes, by default Apache will add an AND between each condition. You can add [OR] at the end of the condition if you want OR instead.
 
This is regex so you could also add an IP range or whatever you want.

Glad to have ya on board
 
Shh, don't tell that I'm hanging out here.  Can't let that cat out of the bag yet.

Way ahead of y'all
http://www.blesta.com/forums/index.php?/topic/3529-hide-invoice-method-change-box-if-only-one-method-is-available/

It is coming in the future I believe. CORE-1324 But I forgot to mention it as I forgot