Leaderboard

Yeah Blesta does it the real way haha.

Selling Blesta Owned Branded license for 150 USD 140 USD (edit, see below) via PayPal. + This includes 1 developer license. Ownership of the license can be verified with Blesta staff. Please PM me if interested or just reply here and I will contact you.

To resume, we will build an xmpp to support manager and blesta live chat, but will be integrated in one aplication that we are going to Build for Android, Apple(iPhone/Pad) and Windows 8(Desktop and Mobile), to be able to control all Blesta functions and also to push Support Tickets and Live Chat Requests. (Of course it will check the modular options activated or not ) We will release on Blesta Live Chat Beta 1.1 also with the XMPP option on your request Regards, PV

I know PCI level 1 is more towards those who do 4 mil. + transactions, not sure on the others as I'm not a banker or someone heavily involved in it. I've never been aware of a transaction class for them, though, just more so what you intend to do with the data. What Stripe.js does is send the card data directly from the browser to Stripe's servers, without the server Blesta is installed on ever seeing that. It then returns a token/hash of the data that Blesta can store in the database without ever knowing what the card data is. This is why Stripe created the JS library, so that it's client->server instead of client->server->server. From my previous experience, once any bit of card data (last 4, cvv, etc...) touches the server that Blesta is on, it has to conform to PCI regulations, because its still sensitive information. Blesta still stores some data. IF the data is encrypted, then it helps tremendously, but that requires that the last 4, cvv, address, etc...(whatever it stores) is encrypted. But, with how Blesta works now, that data in its completeness is still passed to Blesta, which means now the user has to at least conform to level 4 or 3. Yes, network scans and such are still required even at level 4, though they are not as intrusive so to speak (takes a lot less to do than say a level 1 scan). The whole argument here, and what has I believe been presented before, is that Blesta sees the card data (full PAN, CVV, etc...). Even if Blesta doesn't store it all, it still stores some and thus needs to comply with PCI. Using something like Stripe.js changes that so Blesta doesn't have to concern itself with meeting PCI and it can just store a token that it can then pass to Stripe and Stripe can map it to card data. Basically any servers that see card data need to comply to PCI. A token isn't card data. You can still retrieve the last 4 and all that via the token. It just takes an API call.

Correct. PCI compliance is nothing more than a set of guidelines describing HOW to store and handle card information securely. Blesta follow those guidelines. So if your server is properly configured you are already PCI compliant. The discussion regarding never touching card data (using stripe.js, etc.) is PCI avoidance, not compliance. If you never touch card details you don't have to worry about PCI compliance.

Hello The current "Blesta Live Chat", alredy support XMPP to connect to third party aplications like gtalk or Jabber, but we have disable untill some new features go into Blesta Core, because we fill like its better to make just one full Blesta Android app (it was supose to be a suprise to integrate everithing, tickets, clients and also live chat in the aplication), than make two separeted aplications to manage blesta an blesta live chat. P.S- The first will be for Android, than we will make for iPhone/iPad and in last for Windows(8 mobile). Regards, PV

You make good points.

I think what he's saying is that most of the PCI requirements are related to infrastructure. We're not saying that you're off the hook from such requirements, you're certainly not if the card data touches the system in any way.

I think what you have offered is great for Blesta! In consideration and appreciation of your making this Mobile Friendly (A must these days!), to have a mobile page open all the time on my device, be it my phone or tablet can ultimately drain the battery over time, or consume data when pulling data from the server. When you connect to a Jabber server, (Which BTW can be installed easily via Softalicious or the like), you are enabling the ability to Push the chat notification(s) and content to the mobile device. This reduces the overall load and data consumed by the mobile device as well. And to be honest - if you did this script with the option for Jabber, I'd probably be willing drop a small donation your way to help show the support.

This is untrue and misleading. Blesta is entirely PCI compliant, regardless of how you choose to store or not store card details. The only compliance requirement which must be followed (and is entirely outside of Blesta's control) is PCI compliance scans to ensure proper server configuration.

100 USD?

I thought we were keeping the thread fresh. Come to think of it, this is in the wrong forum. </closed>

Guys is there a date set for the beta tester version of 3.1.0 coming out, so excited to try it as usual .