[ic] Transparent Redirect for IC

Dan Bergan dan at berganconsulting.com
Fri Mar 15 15:52:06 UTC 2013


On Fri, Mar 15, 2013 at 8:49 AM, Paul Jordan <paul at gishnetwork.com> wrote:

> > Is anyone interested in helping put together a generic or Braintree
> > Transparent Redirect payment module for IC?  The basic idea with
> > Transparent Redirect is to post your credit card form directly to the
> payment
> > processor who then transparently redirects the user back to your site.
> This
> > means you don't have to deal with PCI Compliance at all.  I don't know of
> any
> > downside to this.
>
> If the customer is typing their sensitive info on your page that is on your
> server and under your control, you still need to be PCI compliant. Imagine
> if a hacker gets into your system and tinkers with your "credit card form"
> to sleuth the info for themselves *and also* post it to your processor so
> that no one is the wiser.
>
> If anything, it makes PCI compliance simpler - because you need to worry
> about fewer critical code points.
>
> Even forwarding to a payment page on a gateway does not eliminate PCI
> compliance - the assumption being that your users are in fact being
> forwarded in the way you originally prepared things, and is not being
> molested inbetweenst.
>
> If you are a merchant, you need to attest to PCI compliance and scan your
> kit - period.
>
>
So, if I only use PayPal for my payment processing, I would still be
required to show that my site is PCI Compliant?

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20130315/3c13bd9c/attachment.html>


More information about the interchange-users mailing list