简体繁体 English

贝宝保险库-合规

[英]Paypal Vault - compliance

原文 2016-09-07 20:09:02 6 2 paypal-rest-sdk/ paypal/ paypal-vault

To do Paypal stored credit card payments, does the app requires to go through any PCI or QSS compliance certification process? 要执行Paypal存储的信用卡付款，该应用程序是否需要经过任何PCI或QSS合规性认证过程？

Note: I am using Paypal vault to store credit card info with paypal. 注意：我正在使用Paypal保管库来存储Paypal的信用卡信息。

2 个解决方案

If you are using PayPal Vault then you're good to go. 如果您使用的是PayPal Vault，那您就很好了。 Just make sure you aren't saving any credit card details in your database, in log files, or anywhere else. 只要确保您没有在数据库，日志文件或其他任何地方保存任何信用卡详细信息即可。

If you follow those procedures and for any reason you do have to apply for some sort of PCI compliance (usually not the case) then you'll be able to pass quickly and easily with their low-price method. 如果您遵循这些程序，并且由于任何原因您确实必须申请某种PCI合规性（通常不是这种情况），那么您将能够以其低价方法快速，轻松地通过。

You shouldn't need to worry about that at all, though, unless you're doing something with hardware maybe or if you're dealing with a particular company that requires it. 但是，您完全不必担心这一点，除非您正在使用硬件做某事，或者正在与需要它的特定公司打交道。

If you are passing details to the PayPal Vault (REST API) via HTTPS, the credit card numbers are in the request. 如果您通过HTTPS将详细信息传递给PayPal保险柜（REST API），则信用卡号在请求中。 Although this is SSL (TLS actually) secured, as the end user is entering credit card details directly on your website before they are passed to PayPal, you would need to go through PCI compliance, SAQ C or even SAQ D I believe. 尽管这是受SSL（实际上是TLS）保护的，但是由于最终用户在将信用卡详细信息传递给PayPal之前直接在您的网站上输入，因此您需要通过PCI认证， SAQ C甚至SAQ D认证。

https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf

Have you considered a Braintree integration for this? 您是否为此考虑过Braintree集成？

Braintree have a fully PCI compliant client side piece (and a very good vault solution.) They are also a PayPal company, and you can also vault PayPal accounts if you need to do that. Braintree有一个完全兼容PCI的客户端部分（以及一个很好的保管库解决方案。）它们也是PayPal公司，如果需要，您也可以对PayPal帐户进行保管。

They have a quick "drop-in" UI solution: https://www.braintreepayments.com/en-ie/products-and-features/drop-in-ui 他们有一个快速的“嵌入式” UI解决方案： https : //www.braintreepayments.com/en-ie/products-and-features/drop-in-ui

or if you need something a bit more custom they have a product called "hosted fields" 或者，如果您需要更多自定义内容，则可以使用一种称为“托管字段”的产品

both are fully PCI compliant to SAQ A so this may be the best solution for you if you want to avoid going through the more difficult PCI compliance audits. 两者都完全符合SAQ A的 PCI标准，因此如果您希望避免进行更困难的PCI合规性审核，这可能是您的最佳解决方案。