stackoom
  简体   繁体   中英

Paypal payments pro and pci compliance

 原文  2012-09-09 21:14:30       php/ paypal

Question

I've tried sifting through all the discussions online about PCI compliance when using PayPal payments pro, but there's no clear answer. Other than having SSL, since I'm not storing cardholder information (I'm only transmitting it), what do I need to do to be pci compliant? I've implemented direct payment, express checkout, and recurring billing.

2 answers

solution1
 6 ACCPTED  2012-09-09 21:34:57

PCI compliance is determined by passing a PCI audit. A service can advertise itself as PCI compliant only if it's passed the initial audit and any periodic audits.

Any service can adhere to the PCI guidelines - and should - but adherence and compliance are two different things.

A more direct answer to the question:

PayPal stores and manages all customer payment information so they shoulder the majority of the burden that comes with adhering to the PCI guidelines. In your case, at a minimum you should:

  1. Make sure that no financial data is stored on your server (not even in a session cookie).
  2. Collect customer data and transmit it to PayPal in a secure manner. This usually means using SSL for all customer financial data transmitted to your server, and when re-transmitting this data to PayPal's API.
  3. Keep your software/infrastructure up to date to protect against zero-day exploits and other vulnerabilities.

solution2
 2  2012-09-26 23:28:04

There are a variety of modes you can run Paypal Payments Pro in. If you're using their Hosted Pages or Transparent Redirect or Express Checkout features, you should have an easy time passing any PCI compliance requirements that PayPal imposes on you.

If you're using their direct payment options (where your site has the credit card numbers themselves), you will have to go through an extensive process which I highly recommend. If you are collecting credit card #s directly, you might consider using Braintree instead of PayPal because their API is much friendlier and has straightforward documentation and they'll do much of the PCI compliance work for you.

If you do need to use a PCI Compliance consulting company, http://www.panopticsecurity.com/paypal/ has a reasonable rate and they are pretty responsive to questions.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Recurring debit/credit card payments via PayPal without PCI compliance Paypal standard or Payments Pro Paypal Payments Pro - randomly fails PayPal Recurring & Single Payments in Canada (PayPal Payments Pro) Magento Card Payments with Paypal Pro Giving Error Paypal Website Payments Pro - Get AVS/CVV Paypal Website Payments Pro - Current Exchange Rates? Paypal Website Payments Pro Iframe - pay with paypal button is redirecting to paypal How to test Recurring Billing (Paypal Payments Pro) paypal payments pro direct payment check if successful
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM