-1

This is a different question but what I am trying to do is avoid PCI compliance on my end and transfer that issue over to the customer. This will deal with the transfer of credit card numbers. I am wondering how you can create an application like a website but make is so a customer can download it to their computer to use it.

The application would be connected to a API where the credit card data would be given to a credit card processor. Is this possible to do? Can I avoid using a server of my own? If so what suggestions might you make? Can it be done using react? Node? do I have to use Python? Hope this is enough information to understand.

Timothy Meyer
  • 3
  • 2
  • You can use something like paypals api (https://developer.paypal.com/docs/api/overview/#) and have the customer deal directly with them. You will be given a 'thumbs up' saying the transaction was completed but you won't need to store or transfer credit card data yourself. – Ben Avery Mar 12 '19 at 23:22

1 Answers1

0

Tim,

If I am understanding your question correctly, you goal is to provide credit-card acceptance as a function to your customer and avoid PCI compliance. If your website includes a redirect or iframe to a processor, then your customer would need to complete an SAQ-A or SAQ-A EP for their compliance.

If you are a maintaining these sites, especially if you have remote access, then you are service provider and would need to complete the relevant sections of SAQ-D. If you build the website and leave it up to your customer after that, you have no obligations under the PCI DSS.

I attached a link to the PCI SSC's website for your reference.

Best of luck

Community
  • 1
  • 1
Samuel Clemens
  • 1
  • 1