Hi All -
I've tried finding an answer to this question, but am coming up short. My client has been and currently is using the SIM method for all transactions on their site. Nothing is stored on the clients server. They're switching payment processors, and the new bank is saying that they aren't PCI Compliant, to which I'm a bit confused about. If the user isn't entering any Credit Card information on my clients site, why do they even need to be PCI Compliant? This seems to me like the bank not really understanding PCI Compliance. Or am I in the wrong? Would love to know, as I may have to switch their hosting since my shared hosting account will not work if it must be PCI Compliant.
Thanks,
Steve
โ08-30-2012 12:02 PM
http://developer.authorize.net/api/compare/
At the bottom "Data Storage" section for SIM
Data stored on Authorize.Net PCI-compliant servers (reduces risk to merchant)
While the data is save and process on authorize.net, it still have to start from your client site. So it still need some PCI Compliance. Did the new bank said what they need to do to be PCI compliant?
โ08-30-2012 12:08 PM
They did and they didn't. They basically did a scan of what they need and sent it over...so gotta work on it...only about 10 items on the list that I have to go through.
โ08-30-2012 03:03 PM