Answer the question
In order to leave comments, you need to log in
Acceptance of private data on the site
Hey habr! :-)
This is the first time I've encountered this task, so forgive me for some incompetence in the question.
The question is the following: due to some circumstances, you need to accept the user's private data (credit card number, cvv) on your side and then send it to the payer. Tell me how to implement it correctly so that there are no problems with the law. Is an ssl certificate enough, or do I need to go through PCI DSS. If yes, then how?
Answer the question
In order to leave comments, you need to log in
In general, a very strange scheme, we work with several EPS: Chronopay, Intellect Money, PayOnline, however, all of them are strictly forbidden by the rules on our side to collect card data and require them from the user, usually choice 2:
- redirect to the payment system page for data entry
- embedding in an iframe page from eps
Collecting on your side and making a white label (without a payment system brand) in Russia is possible only if you are very large, with a huge turnover (from 5 million rubles per month), otherwise even the collected credit card numbers are for you anyway, no one will let them process and withdraw money from them.
Therefore, I think start signing an agreement on card processing, and there it will turn out in the process, maybe you don’t need to store and collect anything on your side at all
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question