MIDAS KnowledgebaseMIDAS Knowledgebase

Is MIDAS PCI compliant?

A MIDAS booking system allows your clients to pay for their bookings and invoices online.

Our software natively integrates with both PayPal and Stripe for processing such payments.

PayPal and Stripe are 3rd party payment processors, as such payments themselves are not directly handled by MIDAS.

In terms of payments through PayPal, the client is transferred to a secure PayPal hosted payment page in order to complete their transaction. Sensitive payment details (such as the client's full card number) and not transmitted back to or stored by MIDAS. If you have correctly configured PayPal integration, MIDAS will simply log the client's name, email address, and unique PayPal Transaction ID. The specific method of payment, card number, expiry date, and security code and not stored in MIDAS. Please refer to PayPal's documentation for details of their own PCI compliance. PayPal PCI Compliance

In terms of payments through Stripe, the client makes their payment on a secure MIDAS generated page. Payment Card details entered on these pages are transmitted over a secure connection directly from the client's browser to Stripes servers. The information does not pass through our servers. Following completion of the payment, sensitive payment details (such as the client's full card number) and not transmitted back to or stored by MIDAS. MIDAS will simply log the client's name and email address. The specific method of payment, card number, expiry date, and security code and not stored in MIDAS. Please refer to Stripe's documentation for details of their own PCI compliance. Stripe PCI Compliance

Therefore, each MIDAS system is fully PCI Compliant, as it neither processes nor natively stores sensitive card holder data.

Important Notes:

  1. MIDAS is not meant for storing sensitive payment details, and no native booking/client/invoice fields are available for such storage. However, if a MIDAS user decides to manually input a client's sensitive payment details into user-editable fields within MIDAS (for instance, in a custom booking field, or the client notes field, on an invoice, etc), there are risks associated with this, and the user will then break the PCI Compliance of their MIDAS system. For this reason, as a MIDAS user/administrator you should NEVER store sensitive payment details in MIDAS.
  2. If a customer is utilizing the optional MIDAS API to integrate MIDAS with an alternative 3rd party card processor/payment provider, it is the customer's responsibility to ensure proper PCI compliance.
You might also be interested in...
MIDAS » KB » Sales » Article 00168

← Return to Knowledgebase