MIDAS Knowledge Base
Is MIDAS PCI compliant?A MIDAS booking system allows your clients to pay for their bookings and invoices online.
PayPal and Stripe are 3rd party payment processors, as such payments themselves are not directly handled by MIDAS.
|In terms of payments through PayPal, the client is transferred to a secure PayPal hosted payment page in order to complete their transaction. Sensitive payment details (such as the client's full card number) and not transmitted back to or stored by MIDAS. If you have correctly configured PayPal integration, MIDAS will simply log the client's name, email address, and unique PayPal Transaction ID. The specific method of payment, card number, expiry date, and security code and not stored in MIDAS. Please refer to PayPal's documentation for details of their own PCI compliance.|
|In terms of payments through Stripe, the client makes their payment on a secure MIDAS generated page. Payment Card details entered on these pages are transmitted over a secure connection directly from the client's browser to Stripes servers. The information does not pass through our servers. Following completion of the payment, sensitive payment details (such as the client's full card number) and not transmitted back to or stored by MIDAS. MIDAS will simply log the client's name and email address. The specific method of payment, card number, expiry date, and security code and not stored in MIDAS. Please refer to Stripe's documentation for details of their own PCI compliance.|
Therefore, each MIDAS system is fully PCI Compliant, as it neither processes nor natively stores sensitive card holder data.
- MIDAS is not meant for storing sensitive payment details, and no native booking/client/invoice fields are available for such storage. However, if a MIDAS user decides to manually input a client's sensitive payment details into user-editable fields within MIDAS (for instance, in a custom booking field, or the client notes field, on an invoice, etc), there are risks associated with this, and the user will then break the PCI Compliance of their MIDAS system. For this reason, as a MIDAS user/administrator you should NEVER store sensitive payment details in MIDAS.
- If a customer is utilizing the optional MIDAS API to integrate MIDAS with an alternative 3rd party card processor/payment provider, it is the customer's responsibility to ensure proper PCI compliance.
← Return to Knowledge Base