PCH compliance and Credit Cards via Stripe
Recently our leadership decided to no longer allow us to use the Odoo payment link to enter and pay with customer credit cards. This means manually going to the Stripe site and entering the credit card and payment info there. They believe there is a better audit trail in case there is some issue. Looking at the chatter, it seems like there is a fair amount of audit trail there, and I'm pretty dubious about whether or not we are doing anyone any favors by moving in this direction. The obvious issues of data integrity because of human involvement come to mind, but also the lack of efficiency. We have a fairly old, non tech savvy clientele, so getting many of them to enter their own payments is difficult. They put their credit card information right on their FAXES! I'm interested to know what others are doing about this. This will of course move us out of SAQ A compliance levels up to SAQ C-VT. Seems to me this poses a higher risk of audit. Another question also just came up about customers for whom we already have saved CC info through the integration and whether or not using the payment link for those transactions is permissible.