PCI Compliance For Cloud Based Point Of Sale Application

Forum Moderators: buckworks

Message Too Old, No Replies

PCI Compliance For Cloud Based Point Of Sale Application

blasto333

3:16 pm on Apr 7, 2011 (gmt 0)

I have created a point of sale application that is web based and will use authroize.net's direct post method for credit card processing (Posts the credit card information directly to Authroize.net). I will not be storing credit cards, just using authroize.net as the processor.

I have about 15 clients that might want to use credit card processing. I have an SSL certificate, but I am just wondering what do I have to do to become PCI complaint? Do I have to become complaint?

ssgumby

4:46 pm on Apr 7, 2011 (gmt 0)

I have created a point of sale application that is web based and will use authroize.net's direct post method for credit card processing (Posts the credit card information directly to Authroize.net). I will not be storing credit cards, just using authroize.net as the processor.

I have about 15 clients that might want to use credit card processing. I have an SSL certificate, but I am just wondering what do I have to do to become PCI complaint? Do I have to become complaint?

Yes, you need to be PCI compliant. It doesnt matter if you physically "store" the data or not, if you take the cc data on your server and send it to authorize.net you need to be PCI compliant.

As an aside, you mentioned "Cloud Based". You cannot be PCI compliant in the cloud.

blasto333

6:08 pm on Apr 7, 2011 (gmt 0)

By cloud based I mean hosted on my server. It is cloud based for my customers as they don't have to install any software and all their information is stored on my servers.

jamesfraser

11:58 am on Apr 11, 2011 (gmt 0)

You can take a look at McAfee Secure to audit your compliance and brag about it with a trust mark on your site. One the server site, you'll need a dedicated server (not shared hosting) and make sure you lock it down tight.

Disclaimer: We are a reseller of McAfee Secure.