Yea, we were told earlier this year to be completely PCI compliant "or else". We have the additional issue of we have direct debits coming from our clients in credit card form as well.
There is actually many different kinds of compliancy from A to D, where one end is your servers and EVERYTHING has to be compliant, and the other end is outsourcing everything therefore you are moving the risk offsite, the D end is waaay cheaper, so we have gone with a company called Flo2Cash who are actually very very nice to deal with! You can contact me offlist if you want to chat more! I just went through this with a new CRM implementation and a new website/payment gateway was involved too! Vivian -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Stig Manning Sent: 24 June 2009 4:18 p.m. To: [email protected] Subject: [phpug] [OT] DPS - Payment Express - ASB Hi PHPUG, This is a bit OT, but we have just been told by ASB that we cannot use the PxPOST interface as they are requiring that the form taking credit card details must exist on a server that is PCI compliant. Has anyone else experienced this requirement with ASB? We have a number of other PxPOST implementations with other banks that are all signed up and running. It seems a pretty bizzare requirement, we have Commonwealth Bank (who own ASB) implementations for Australian websites and they don't have this requirement. Obviously ASB have read the PCI spec differently to every other bank. We can use the DPS Hosted Payments page to accept payments, but they are pretty bloody ugly... Cheers, Stig --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
