Open Joys-ileaf opened 3 years ago
Not recommended.
If we implement this design in the application. Customers need to enter the details on thE new custom page and from there it will pass to the 3rd party application. So the credit card details( number, date, and CVV) will be first stored in Magento's Admin Dashboard and then will get passed to My fatoorah services. There is a huge risk and security factor involved in this.
We can store it in myfatoorah and they will provide a token for us. So for next time payment, we will use that token. So there will be no interface for the credit card session in the future for that particular user.
As per the request from Bandar, the ILeaf team needs to change the design of the credit card animation. As of now, it is a separate page where customers can enter the details. It needs to be changed to a "slide from bottom" popup.
The main challenge in this system is once a customer clicks on the credit card section, as of now - it is passing to the MyFatoorah page and then all the processes are taken from the MyFatoorah APIs. Once ILeaf team implements this feature - there will be a new page in between where the customer enters the details and it will be saved in the Current Magento backend. and then only it will get uploaded to the MyFatoorah page. If there is hacking or any type of malpractice occurs - all the customer data can be manipulated or stolen from the system.
For this we need assistance from MyFatoorah team to analyse and say whether they have any secure APIs for this processes.
Hi Bandar,
We had a discussion with MyFatoorah technical team for checking the new flow for the Credit Card of the Fairyhub Application.
We have 2 Options
Discussed this with the Ileaf technical team and my suggestion is to go with the 2nd Option (without any redirections). As per the MyFatoorah technical team, tokens are just an alphanumeric string that is generated from the Fatoorah team, and if someone hacks the system, the token will have no information about the credit card details.
Please let me know your thoughts on this too.
Dear Joys
For 1st Option, we’d like to see the scenario in a visual presentation; to understand it better, because the 2nd option bypasses the Security OTP, and we are considering both scenarios, taking factors of ease of use and security in mind.
Thanks and Regards Khaled Mohammad Product Manager
Currently, we are using a 3rd party application from My fatoorah. Need to make the design similar to the below video https://user-images.githubusercontent.com/86234979/128185764-a4998040-b6d6-4327-88dd-2aaf921999c0.mp4