: If you're not storing, transmitting, or otherwise processing card data then you don't have to worry about PCI compliance as you're not doing anything connected to what PCI compliance covers.
If you're not storing, transmitting, or otherwise processing card data then you don't have to worry about PCI compliance as you're not doing anything connected to what PCI compliance covers.
If a customer fills out a form and POSTs that data to authnet, the responsibility is on them. If your server is intervening in any way then obviously that's a different story. Unless you're changing the demo API code for SIM/DPM I would bet that you're not intervening.
Authnet will deliver to your server a transaction ID, customer shipping address, etc., along with the card type and last 4 digits, which is all okay for you to store according to PCI documentation.
See this other answer for more links to interesting information on this topic: stackoverflow.com/questions/4495496/what-can-i-store-locally-while-still-being-pci-compliant-using-braintree-in-rail
More posts by @Hamaas447
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.