Cybersource Developer Community Cybersource Developer Community

larrykluger · ‎10-12-2009

Hi,

My site does subscription billing of changing amounts. So my plan is to have my credit card page receive the credit card / PAN info, then store it to CIM. But even though the PAN data will never be stored on my system (including log files, etc) it appears that I'll still need to go through the PCI hoohaw since my site is processing the POST from the credit card form.

As an alternative, anyone know of a service where my site can tell the service (programmatically) to collect the credit card info (PAN), store it in CIM, then give my service the CIM access number for the card's data?

The idea is that the service would deal with the PCI issues. I wouldn't have to since the PAN data would never come near my systems.

Maybe this could be a business idea for Authorize.net?

This would be similar to what Amazon Flexible Payments Service does with their "Co-branded UI Pipeline." See http://docs.amazonwebservices.com/AmazonFPS/2008-09-17/FPSGettingStartedGuide/ (Then click Step 1 on the left side frame)

Thoughts?

Larry

Jason43 · ‎08-26-2022

@hotslots132 wrote:
We've had this discussion elsewhere, and opinions vary. Mine is that as long as you do not store the card information (PAN and especially CVV), and take care to protect the customer data as it is being processed through your system (be aware of the PHP "register_globals" setting, for example), you can use CIM and meet PCI standards. Others seem to feel that the only way to meet PCI is to hand off everything to someone else.

Hi,

Thank you for your kind information, Now i would like you to please let us know what is the most appropriate solution you have found? Thanks

Cybersource Developer Community Cybersource Developer Community

Secure branded form >> CIM service