06-05-2017 07:16 PM
Hi, I need some sanity checks on this, using the PHP API.
My current test setup is:
- On the checkout page, CC info (number, expiration, CCV) is filled in on a form, then POSTed back using Post-Redirect-Get.
- The CC info is processed through the authOnlyTransaction function, returns either a transactionID or error code.
- POSTed data is unset, then either displays an error script or captures the transactionID and redirects to the confirmation page.
After some reading, my understanding is any POSTed CC info is in violation of PCI compliance (the POST data is stored on our server, regardless of length of time).
Is there a PCI-compliant practice to use PHP and form-submission?
06-06-2017 07:05 AM
Another option would be to use our Accept Hosted but that would require that you use our form instead of yours.