RE: Re: FN-FORUM: credit card payments without pages hosted on providers servers

date posted 2nd October 2006 12:19

>
[EMAIL REMOVED] wrote:
>> If we use an 'API' from one of the providers we can do it that way, but =
that=20
>means we have to record all the transaction details and store them on our=
=20
>sever which needs to conform to 'PCIDSS' standards (which =3D =C2=A3=C2=A3=
=C2=A3), so its not=20
>really an option. =20
>
>Why do you have to store the transaction details in this case? You just=20
>call the merchant API in realtime, so when the user submits the final=20
>checkout page, you pass the credit card details to the API and receive=20
>an immediate response, which you can then relay back to the user in the=20
>same page request - no local storage required. You can of course still=20
>log whatever details of the transaction you will need later, except for=20
>the credit card number and similar info.
>
>Dave
>

Logically yes, theres no reason for us to store the information, just 'boun=
ce' it through to their system... but every payment provider I've spoken to=
says that if we go the API route WE become responsible for storing the dat=
a. It seems like its part of the payment providers conditions of using the=
API. Do you know of a company that would allow API use without us capturi=
ng the details?