Credit Card PCI-compliance

[Sokolov Vadim]

My question is next.. 

To create\check credit card i need to the following:

# Create a new credit card object
credit_card = ActiveMerchant::Billing::CreditCard.new(
  :number     => '4111111111111111',
  :month      => '8',
  :year       => '2009',
  :first_name => 'Tobias',
  :last_name  => 'Luetke',
  :verification_value  => '123'
)

And to get this info i need to ask customer to fill the form on my site. 

Even if i don't store this info and only transmit it, it's not PCI-compliance, right?

And if so, what to do with it?

[Nathaniel Talbott]

That is correct - even just having credit card data pass through your server without the data ever coming to rest is enough to put your server (and any attached infrastructure) into PCI scope.

Options to avoid PCI compliance difficulties:

* Use a gateway that supports a transparent redirect (for example Braintree).

* Use a gateway that send the customer off of your site (for example PayPal Express).

* Use a gateway that uses Javascript to submit directly (for example Stripe).

* Use a service like Spreedly Core that puts a transparent redirect on top of the gateway of your choice (shameless plug; https://spreedlycore.com).

Finally, I'll caveat all of this by saying that I'm not a PCI QSA, and if you want a definitive ruling on your specific PCI case, you should retain a real QSA and ask them.

Hope this helps,

--
Nathaniel

--
You received this message because you are subscribed to the Google Groups "Active Merchant" group.
To view this discussion on the web visit https://groups.google.com/d/msg/activemerchant/-/V16mUaEr19YJ.
To post to this group, send email to activem...@googlegroups.com.
To unsubscribe from this group, send email to activemerchan...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/activemerchant?hl=en.