Reply
Highlighted
Member
Posts: 4
Registered: ‎01-11-2017

CC Data, PHP & PRG, and PCI Compliance

Hi, I need some sanity checks on this, using the PHP API.

 

My current test setup is:

- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.

- The CC info is processed through the authOnlyTransaction function, returns either a transactionID or error code. 
- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.

 

After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time). 

 

Is there a PCI-compliant practice to use PHP and form-submission? 

Highlighted
Posts: 2,765
Topics: 57
Kudos: 247
Blog Posts: 67
Registered: ‎12-05-2011

Re: CC Data, PHP & PRG, and PCI Compliance

Hello @BC2016Genomics

 

If you wish to use your own form but lower your PCI Scope, you can use Accept.js, a JavaScript library that allows you to accept payments without any sensitive card data going through your servers.

 

Another option would be to use our Accept Hosted but that would require that you use our form instead of yours.

 

Richard