Mobile app version of vmapp.org
Login or Join
Reiling115

: You really don't ever want to be storing CC data on your site, it opens you up to all kinds of liability and as @danlefree mentions, the PCI DSS requirements are quite strict. You can use

@Reiling115

You really don't ever want to be storing CC data on your site, it opens you up to all kinds of liability and as @danlefree mentions, the PCI DSS requirements are quite strict. You can use PayPal Pro or Authorize.net or any number of other payment processing systems that do the payment processing behind the scenes, so the visitors never need to know the processing is being done via a 3rd party. The browsing experience doesn't redirect them to another site, they stay on your site.

For the most seamless experience, you still will need a SSL certificate to collect the CC data, but you are sending it straight through to the payment processor. Even in this case, I wouldn't use a self-signed SSL cert, there are plenty of discount vendors to get a basic certificate that is going to be supported by most browsers if you don't want to spring for a premium one.

Also note that regardless of how you set it up, the level of PCI compliance and other security measures may depend on your merchant account and even the specific cards you support.

Also, note that most CentOS/RHEL stock distros (at least < 6) will not pass PCI scan due to the software versions they come with, at least last time I had to deal with it. This was true even though the older versions had the latest security patches, the scan wasn't sophisticated enough to detect this, so I had to use alternate repos to upgrade the LAMP stack.

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Reiling115

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme