You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to edlean...@googlegroups.com
I'm working on adding payments to my app.
I noticed that a lot of US sites now use javascript to post credit card details directly to the payment provider, so that the details never touch their servers. I haven't looked into it much but I think this is because you need some kind of regulatory compliance certification to be allowed to in the US.
Is there anything similarly applicable to UK companies? Note that I'm not talking about *storing* credit card details, just passing them through my server-side code onto the provider's API. I'd prefer not to have the extra fragility of javascript involved if I can help it.
As you might expect, it's all a bit confusing and a lot of the questions won't seem to apply. It ain't that obvious which one to fill in, but Ryan told us that it was SAQ A.
We are also planning a free webinar based on PCI compliance, you might be able to get a more UK based answer in that – let me know if you are interested and I'll keep you posted on details.