https://community.developer.cybersource.com/t5/Integration-and-Testing/CC-Data-PHP-amp-PRG-and-PCI-Compliance/m-p/58368#M33022 <P>Hello&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/21096">@BC2016Genomics</a></P> <P>&nbsp;</P> <P>If you wish to use your own form but lower your PCI Scope, you can use <A href="https://developer.authorize.net/api/reference/features/acceptjs.html" target="_self">Accept.js</A>, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.</P> <P>&nbsp;</P> <P>Another option would be to use our <A href="https://developer.authorize.net/api/reference/features/accept_hosted.html" target="_self">Accept Hosted</A> but that would require that you use our form instead of yours.</P> <P>&nbsp;</P> <P>Richard</P> Tue, 06 Jun 2017 14:05:21 GMT RichardH 2017-06-06T14:05:21Z https://community.developer.cybersource.com/t5/Integration-and-Testing/CC-Data-PHP-amp-PRG-and-PCI-Compliance/m-p/58365#M33021 <P>Hi, I need some sanity checks on this, using the PHP API.</P><P>&nbsp;</P><P>My current test setup is:</P><P>- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.</P><P>- The CC info is&nbsp;processed through the authOnlyTransaction function, returns either a transactionID&nbsp;or error code.&nbsp;<BR />- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.</P><P>&nbsp;</P><P>After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time).&nbsp;</P><P>&nbsp;</P><P>Is there a PCI-compliant practice to use PHP and form-submission?&nbsp;</P> Tue, 06 Jun 2017 02:16:26 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/CC-Data-PHP-amp-PRG-and-PCI-Compliance/m-p/58365#M33021 BC2016Genomics 2017-06-06T02:16:26Z https://community.developer.cybersource.com/t5/Integration-and-Testing/CC-Data-PHP-amp-PRG-and-PCI-Compliance/m-p/58368#M33022 <P>Hello&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/21096">@BC2016Genomics</a></P> <P>&nbsp;</P> <P>If you wish to use your own form but lower your PCI Scope, you can use <A href="https://developer.authorize.net/api/reference/features/acceptjs.html" target="_self">Accept.js</A>, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.</P> <P>&nbsp;</P> <P>Another option would be to use our <A href="https://developer.authorize.net/api/reference/features/accept_hosted.html" target="_self">Accept Hosted</A> but that would require that you use our form instead of yours.</P> <P>&nbsp;</P> <P>Richard</P> Tue, 06 Jun 2017 14:05:21 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/CC-Data-PHP-amp-PRG-and-PCI-Compliance/m-p/58368#M33022 RichardH 2017-06-06T14:05:21Z