0

I have a soap webservice providing/carrying information between a partner and supplier. Basically, WS is a connector as a hub between these two. It carries and converts the data between parner and supplier. It receives an order request from parner which has also payment data then It converts that request in the format of the supplier with payment data and transfer through their system. So that makes the service not PCI Compliant. I would like to have a solution in between which helps me that my service shouldn’t struggle for PCI and takes the responsibility from me. Is there any 3rd party solution can be in between (I am willing to pay for the service) or can I achieve it myself? As I researched, PCI requires many different things and cost is high. So it takes time and money. what can be quick, short term solution and long term solution if needed?

Thanks.

Emil
  • 6,411
  • 7
  • 62
  • 112

1 Answers1

1

Is there any 3rd party solution that can sit between the two (I am willing to pay for the service), or can I achieve it myself?

If you integrate with a 3rd party, you'll still have to send the payment details. In which case PCI still applies.

PCI requires many different things and cost is high. So it takes time and money. what can be quick, short term solution and long term solution if needed?

If you are not actually storing the details, just transferring them, and you are processing less than 20,000 transactions per year then PCI isn't too onerous.

Joe Ratzer
  • 18,176
  • 3
  • 37
  • 51
  • 1- yes true if I transfer the request myself to PCI but If I let my client partner to communicate PCI for payment, I will never get the payment details. 2- I thought PCI requires education for every person involves in the process. So if we are big company, each developers and others who involves in the process should get trained. this is the most difficult and time consuming part for me. – Emil May 10 '13 at 12:02
  • 1 - if the client communicates directly with the payment gateway and you're not transferring or storing card details you don't need to worry about PCI. Just get them to a gateway like Realex. 2 - Only if you have over 20,000 transactions, in which case yes there is more work to do. – Joe Ratzer May 10 '13 at 14:56