: What are the PCI compliance and security implications for processing payments through my embeddable widget? I've built a little embeddable Javascript widget that list items for sale for publishers
I've built a little embeddable Javascript widget that list items for sale for publishers to embed on their site. The current use case is that when the user clicks on an item, they are redirected to my site where they can get more information and hopefully purchase the item. Typical workflow here.
What I would like to do is move that entire workflow inside the widget. Specifically, I'd like for the user to purchase the item directly through the widget without ever having to go to my site.
The widget would communicate with my back-end over SSL which would delegate the payment processing to Braintree or some other 3rd party gateway.
Technically, this is very feasible for me to implement. But are there any regulatory or compliance issues that would make this infeasible? What sort of issues do you expect I would encounter if I were to take this approach? What are the security implications?
More posts by @Holmes151
1 Comments
Sorted by latest first Latest Oldest Best
PCI compliance will always be an issue when dealing with credit card payments. Doing it this way only complicates things as now not only does your site have to be PCI compliant but so does the user who uses this widget. PCI compliance dictates that any website that handles credit card payments must be PCI compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. (source)
So by having the payment functionality in a widget you forces your users to be PCI compliant as well.
One issue that may be difficult to overcome is SSL. You can perform the entire transaction over SSL using your widget but the user won't know that because the browser will not show that the page is secure unless the page that the widget is on is using SSL itself. So users may abandon a purchase if they don't see the lock icon in the browser.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.