Acceptance of private data on the site

N

n0ip2012-11-16 09:37:08

Payment systems

n0ip, 2012-11-16 09:37:08

Hey habr! :-)
This is the first time I've encountered this task, so forgive me for some incompetence in the question.
The question is the following: due to some circumstances, you need to accept the user's private data (credit card number, cvv) on your side and then send it to the payer. Tell me how to implement it correctly so that there are no problems with the law. Is an ssl certificate enough, or do I need to go through PCI DSS. If yes, then how?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

victorraine, 2012-11-16
@victorraine

In general, a very strange scheme, we work with several EPS: Chronopay, Intellect Money, PayOnline, however, all of them are strictly forbidden by the rules on our side to collect card data and require them from the user, usually choice 2:
- redirect to the payment system page for data entry
- embedding in an iframe page from eps
Collecting on your side and making a white label (without a payment system brand) in Russia is possible only if you are very large, with a huge turnover (from 5 million rubles per month), otherwise even the collected credit card numbers are for you anyway, no one will let them process and withdraw money from them.
Therefore, I think start signing an agreement on card processing, and there it will turn out in the process, maybe you don’t need to store and collect anything on your side at all