From 2f6819e3dec5b98ddde53f0420c2ea72f83e273b Mon Sep 17 00:00:00 2001 From: P. J. McDermott Date: Mon, 16 Mar 2015 23:26:33 -0400 Subject: projects/epirts.js/index.mdwn: New file --- diff --git a/Makefile b/Makefile index 31ffde7..17c9028 100644 --- a/Makefile +++ b/Makefile @@ -34,6 +34,7 @@ srcs = \ talks/software-contracts/index.mdwn \ projects/index.mdwn \ projects/ssic/index.mdwn \ + projects/epirts.js/index.mdwn \ projects/overworld-rpg/index.mdwn \ projects/cgol/index.mdwn \ projects/screen-batt/index.mdwn \ diff --git a/projects/epirts.js/index.mdwn b/projects/epirts.js/index.mdwn new file mode 100644 index 0000000..55378ee --- /dev/null +++ b/projects/epirts.js/index.mdwn @@ -0,0 +1,124 @@ + + + +This is Epirts.js, a free software replacement for Stripe.js implementing a +subset of the Stripe.js API. + +With Epirts.js, a merchant can use Stripe to process payments and ensure that no +non-free JavaScript programs are distributed to customers. + +Downloading +=========== + +Epirts.js is maintained in a [Git repository][repo-http], which can be cloned +from `git://git.pehjota.net/payments/epirts.js`. + +[repo-http]: http://git.pehjota.net/payments/epirts.js.git/ + +API +=== + +Epirts.js is compatible with Stripe.js version 2. Currently Epirts.js only +supports validating and tokenizing payment cards. + +Methods +------- + + * `Epirts.setPublishableKey(key)` + + Sets a test or live publishable key. + + * `Epirts.card.createToken(card, [amount,] callback)` + + Creates a single-use token that represents a payment card. + + Example: + + Epirts.card.createToken({ + number: '4242424242424242', + exp_month: 12, + exp_year: 2016, + cvc: '123' + }, stripeResponseHandler); + + The callback function will be given two arguments, a `status` code and a + `response` object. + + * `Epirts.card.validateCardNumber(number)` + + Checks that the card number appears valid and passes the Luhn check. + + Examples: + + Epirts.card.validate('42424242'); // false + Epirts.card.validate('4242424242424242'); // true + Epirts.card.validate('4242-4242-4242-4242'); // true + Epirts.card.validate('4242 4242 4242 4242'); // true + Epirts.card.validate('4242 424242424242'); // true + Epirts.card.validate('42424242424242r2'); // false + Epirts.card.validate('4242-4242-4242-4240'); // false + + * `Epirts.card.validateEpiry(month, year)` + + Checks that the expiration date is a valid month in the future. + + Examples: + + Epirts.card.validateExpiry('01', '1970'); // false + Epirts.card.validateExpiry('01', '2020'); // true + Epirts.card.validateExpiry(1, 2020); // true + + * `Epirts.card.validateCVC(cvc)` + + Checks that the CVC appears valid. + + Examples: + + Epirts.card.validateCVC('123') // true + Epirts.card.validateCVC('1') // false + + * `Epirts.card.cardType(number)` + + Detects the card type based on the first two digits of the Issuer + Identification Number (the first six digits of the card number). Returns + the card brand name as a string, or "Unknown" if the card's issuer is + unsupported. The supported card brand names are "Visa", "MasterCard", + "American Express", "JCB", "Discover", and "Diners Club". + + Examples: + + Epirts.card.cardType('4242-4242-4242-4242'); // "Visa" + Epirts.card.cardType('378282246310005'); // "American Express" + Epirts.card.cardType('1234'); // "Unknown" + +PCI DSS Compliance +================== + +All merchants who accept payment cards must comply with the Payment Card +Industry Data Security Standards. Merchants classified in Levels 2 through 4 +may complete an annual Self-Assessment Questionnaire. + +E-commerce merchants who "fully outsource" all cardholder data processing to a +PCI DSS compliant third-party payment processor (by redirecting to or loading in +an iframe a payment page served by the payment processor) can file SAQ A. This +applies to merchants who use the non-free Stripe.js program, because it loads a +payment page from Stripe in an iframe. + +E-commerce merchants who "partially outsource" their payment processing (e.g. by +serving their own payment page and sending cardholder data to a payment +processor by JSONP) must file the longer SAQ A-EP and have quarterly +vulnerability scans performed by an Approved Scanning Vendor. This applies to +merchants who use Epirts.js, because it uses JSONP instead of an iframe, to +avoid causing the customer to run non-free JavaScript programs loaded by +Stripe's payment page. + +Therefore, under PCI DSS 3.0, **Epirts.js may not be used to process live +payment cards without first completing PCI SAQ A-EP and having an ASV perform +quarterly vulnerability scans**. Currently, the only way to control your +store's checkout process and ensure that no non-free JavaScript programs are +distributed to your customers is to use a program like Epirts.js (or process +cardholder data directly on your server) and pay for a scanning service. Such +is the state of payment processing. + + diff --git a/projects/index.mdwn b/projects/index.mdwn index 2f5b678..01e3eaf 100644 --- a/projects/index.mdwn +++ b/projects/index.mdwn @@ -41,6 +41,9 @@ Active or Otherwise Interesting local browsing or to generate static HTML documents to be efficiently served by an HTTP server. Documents could even be preprocessed, e.g. by a Markdown processor, before being parsed with ssic. + * [Epirts.js](epirts.js/): + A free software replacement for Stripe.js implementing a subset of the + Stripe.js API. * [overworld-rpg](overworld-rpg/): An untitled experimental overworld role-playing game engine. Written in C and designed to be visually pleasing, lightweight, and portable. -- cgit v0.9.1