Re: FN-FORUM: credit card payments without pages hosted on providers servers

date posted 2nd October 2006 12:04

[EMAIL REMOVED] wrote:
> If we use an 'API' from one of the providers we can do it that way, but that means we have to record all the transaction details and store them on our sever which needs to conform to 'PCIDSS' standards (which = £££), so its not really an option.

Why do you have to store the transaction details in this case? You just
call the merchant API in realtime, so when the user submits the final
checkout page, you pass the credit card details to the API and receive
an immediate response, which you can then relay back to the user in the
same page request - no local storage required. You can of course still
log whatever details of the transaction you will need later, except for
the credit card number and similar info.

Dave