cancel
Showing results for 
Search instead for 
Did you mean: 

CC Data, PHP & PRG, and PCI Compliance

Hi, I need some sanity checks on this, using the PHP API.

 

My current test setup is:

- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.

- The CC info is processed through the authOnlyTransaction function, returns either a transactionID or error code. 
- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.

 

After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time). 

 

Is there a PCI-compliant practice to use PHP and form-submission? 

1 REPLY 1

Hello @BC2016Genomics

 

If you wish to use your own form but lower your PCI Scope, you can use Accept.js, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.

 

Another option would be to use our Accept Hosted but that would require that you use our form instead of yours.

 

Richard

RichardH
Administrator Administrator
Administrator