On Sep 7, 2014, at 04:39 , John Iliffe <john.iliffe@xxxxxxxxx> wrote: > Someone should also bring to his attention that the web site will have to > comply with the PCIA requirements (all several hundred of them!) if he is > planning on taking credit and debit cards. > > This is NOT a trivial undertaking for those small e-commerce businesses > that run their own servers. > > Good luck though; it can be done and there is a sense of satisfaction in > getting past all the red tape! The easiest way to be PCI compliant is to be out of scope. There are enough solutions for handling online payments where you don't have to touch the credit card data yourself. I'd assume that most even support recurring payments using a token instead of the credit card number. Since the original request apparently comes from someone who doesn't know much about running or securing a webserver, I'd recommend finding a service that runs the whole thing as a service, including payment processing. rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|