Hey Stig, > This is a bit OT, but we have just been told by ASB that we cannot use > the PxPOST interface as they are requiring that the form taking credit > card details must exist on a server that is PCI compliant. > > Has anyone else experienced this requirement with ASB?
Yeah, I can confirm ASB are insisting on 3-party for new gateway accounts, as I understand it most/all of the other banks are also moving towards that (others might be able to confirm that - I've only dealt with ASB recently). That policy doesn't seem to affect existing setups. In principle it doesn't seem a bad idea to require independent certification for merchants handling card details - I've seen some pretty shocking systems. Mailto form anyone? But that said I haven't been through the process of getting PCIDSS certification so don't know how onerous it is. Kind regards, James McGlinn __________________________________ CTO Eventfinder Limited Suite 106, Heards Building 2 Ruskin Street, Parnell, Auckland 1052 Phone: +649 365 2342 Mobile: +6421 633 234 [email protected] | www.eventfinder.co.nz --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
