PCI compliance
Hi,
If I use your API to integrate a payment solution into my website, will the overall solution still be PCI compliant? Or is some approval required?
I'm trying to get my arms around this, there's some FUD (fear, uncertainty and doubt) out there about this topic. Please clarify :-)
Best regards,
Stein Gran
Discussions are closed to public comments.
If you need help with Cheddar please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Marc Guyer on 20 Apr, 2012 01:08 PM
Hi Stein -- First of all, we are not PCI DSS experts and you should consult one. Any merchant who accepts credit cards is expected to be certified PCI compliant by the PCI DSS. The level of certification is dictated by several criteria. The most notable is whether or not you have access to customer card numbers. If you use CG's API, card numbers pass through your servers before being sent to the CG API. Due to this fact, the PCI DSS indicates that your level of compliance is slightly elevated.
Dean closed this discussion on 22 Jan, 2013 09:27 PM.