Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Passing credit card details through your servers

7 views
Skip to first unread message

Matt Wynne

unread,
Sep 6, 2012, 6:28:02 AM9/6/12
to edlean...@googlegroups.com
I'm working on adding payments to my app.

I noticed that a lot of US sites now use javascript to post credit card details directly to the payment provider, so that the details never touch their servers. I haven't looked into it much but I think this is because you need some kind of regulatory compliance certification to be allowed to in the US.

Is there anything similarly applicable to UK companies? Note that I'm not talking about *storing* credit card details, just passing them through my server-side code onto the provider's API. I'd prefer not to have the extra fragility of javascript involved if I can help it.


Paul Wilson

unread,
Sep 6, 2012, 6:38:57 AM9/6/12
to edlean...@googlegroups.com
Ryan Stenhouse talked about this at SRC '11

http://confreaks.com/videos/568-scotlandruby2011-these-are-not-the-credit-cards-you-are-looking-for


It's the same thing: PCI compliance. It's a bit of a pain, but I _think_ you only need to self-certify if you're not storing credit card details.

http://www.pcicomplianceguide.org/pcifaqs.php


As you might expect, it's all a bit confusing and a lot of the questions won't seem to apply. It ain't that obvious which one to fill in, but Ryan told us that it was SAQ A.

https://www.pcisecuritystandards.org/documents/pci_saq_a_v2.pdf
> --
> This is an administrative/announcement list for meetings of the Scottish Lean Circle.
>
> For discussion about tools, techniques and other practical advice we recommend that you subscribe to the main Lean Startup Circle list:
> http://groups.google.com/group/lean-startup-circle?pli=1
>
> You received this message because you are subscribed to the Google
> Groups "edleanstartup" group.
> To post to this group, send email to edlean...@googlegroups.com
> To unsubscribe from this group, send email to
> edleanstartu...@googlegroups.com
> For more options, visit this group at
> http://groups.google.co.uk/group/edleanstartup?hl=en?hl=en

Hassan Khajeh-Hosseini

unread,
Sep 6, 2012, 4:28:30 PM9/6/12
to edlean...@googlegroups.com
We did a blog post about PCI compliance in the cloud which you might find useful:

We are also planning a free webinar based on PCI compliance, you might be able to get a more UK based answer in that – let me know if you are interested and I'll keep you posted on details.

Cheers,
Hassan
Reply all
Reply to author
Forward
0 new messages