- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CC Data, PHP & PRG, and PCI Compliance
Hi, I need some sanity checks on this, using the PHP API.
My current test setup is:
- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.
- The CC info is processed through the authOnlyTransaction function, returns either a transactionID or error code.
- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.
After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time).
Is there a PCI-compliant practice to use PHP and form-submission?
โ06-05-2017 07:16 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @BC2016Genomics
If you wish to use your own form but lower your PCI Scope, you can use Accept.js, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.
Another option would be to use our Accept Hosted but that would require that you use our form instead of yours.
Richard
โ06-06-2017 07:05 AM