I have a html form that contains credit card related fields. If those fields are posted back will I need to be PCI compliant? even though I will not be reading or storing them at server.
Asked
Active
Viewed 195 times
1
-
4Yes, you transferring sensitive data so it must be appropriately secured. – oleksii Sep 20 '13 at 07:44
1 Answers
1
Since you are capturing sensitive data, you are responsible to guarantee its secure processing or you can use a certified payment gateway to avoid this, but it depends of your project's requirements.
You can take look to PCI DSS Overview document, specifically at page 5 where you'll find the next quote:
PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing – including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data.
elvin
- 961
- 1
- 9
- 26