|Credit Card PCI-compliance||Sokolov Vadim||12/28/12 3:27 AM|
My question is next..
To create\check credit card i need to the following:
# Create a new credit card object credit_card = ActiveMerchant::Billing::CreditCard.new( :number => '4111111111111111', :month => '8', :year => '2009', :first_name => 'Tobias', :last_name => 'Luetke', :verification_value => '123' )
And to get this info i need to ask customer to fill the form on my site.
Even if i don't store this info and only transmit it, it's not PCI-compliance, right?
And if so, what to do with it?
|Re: [Active Merchant] Credit Card PCI-compliance||Nathaniel||12/28/12 7:03 AM|
That is correct - even just having credit card data pass through your server without the data ever coming to rest is enough to put your server (and any attached infrastructure) into PCI scope.
Options to avoid PCI compliance difficulties:
* Use a gateway that supports a transparent redirect (for example Braintree).
* Use a gateway that send the customer off of your site (for example PayPal Express).
* Use a service like Spreedly Core that puts a transparent redirect on top of the gateway of your choice (shameless plug; https://spreedlycore.com).
Finally, I'll caveat all of this by saying that I'm not a PCI QSA, and if you want a definitive ruling on your specific PCI case, you should retain a real QSA and ask them.
Hope this helps,