Credit Card Processing On Website

P

P00HB33R

Senior Member
Joined
Jul 15, 2010
Messages
706
Reaction score
29
Location
Eloff
Jeez feels like i'm abusing the knowledge on this site with all my questions thesedays, but anyway...

Does anyone know what the requirements are when processing credit card payments on your website?

I am currently adding creditcard payments to my website, and I am using PayGate's api.
So the user inputs credit card data, post's to my server, my server then communicates with paygates api service to complete the transaction.

My question is, in terms of compliance, is it enough if my website is ssl encrypted (https) to transmit the credit card info to my server? I know from the server to paygate the onus falls on them to secure comms. But I am worried that from my website to my server I am not compliant.

Any info would be greatly appreciated.
 
If you store credit card data you need to be compliant.
If you are just transmitting the transaction via an API as long as you implement SSL.
Just store the bare minimum.
 
ozziej said:
If you store credit card data you need to be compliant.
If you are just transmitting the transaction via an API as long as you implement SSL.
Just store the bare minimum.
Click to expand...

Great thanks. I wont be storing any card details except for the transaction I recieve from paygate along with the usual order details.
 
P00HB33R said:
Jeez feels like i'm abusing the knowledge on this site with all my questions thesedays, but anyway...

Does anyone know what the requirements are when processing credit card payments on your website?

I am currently adding creditcard payments to my website, and I am using PayGate's api.
So the user inputs credit card data, post's to my server, my server then communicates with paygates api service to complete the transaction.

My question is, in terms of compliance, is it enough if my website is ssl encrypted (https) to transmit the credit card info to my server? I know from the server to paygate the onus falls on them to secure comms. But I am worried that from my website to my server I am not compliant.

Any info would be greatly appreciated.
Click to expand...

So long as you're not storing CC details, HTTPS encryption is sufficient. Nothing else typically required.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X