Hi, I need some sanity checks on this, using the PHP API.
My current test setup is:
- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.
- The CC info is processed through the authOnlyTransaction function, returns either a transactionID or error code.
- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.
After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time).
Is there a PCI-compliant practice to use PHP and form-submission?
06-05-2017 07:16 PM
Hello @BC2016Genomics
If you wish to use your own form but lower your PCI Scope, you can use Accept.js, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.
Another option would be to use our Accept Hosted but that would require that you use our form instead of yours.
Richard
06-06-2017 07:05 AM