Does the site store payment data?

F

F1eX2020-10-30 17:54:33

Payment systems

F1eX, 2020-10-30 17:54:33

One of the requirements of the payment systems aggregator is to indicate in the Terms & Conditions information about the storage and security of bank card data on the site.
The form itself is provided by the aggregator and placed in , the user leaves all the card data there, but the site itself stores the token provided by the aggregator, which allows you to charge the amount from the card (the option to "remember" the card so that you do not enter details each time).
Is the site legally the holder of the user's payment data (which automatically obliges it to provide an appropriate level of protection for this information and indicate this in the Rules), or is it only necessary to indicate that all this data is provided to a third party?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

boss_lexa, 2020-10-30
@boss_lexa

Whether the site is legally the holder of the user's payment data depends on the choice of "technology".
In short, the matter is in compliance with PCI DSS - the payment service either gives you this form through an iframe and then there will be no particular questions for you. Either the fields are placed on your site, you have more obligations, and the choice of payment services that provide such a service is small.
What payment service did you use to do this?
for example, if your company is from Russia and you want to make a card data entry form on your website, read
https://developers.cloudpayments.ru/#trebovaniya

D

Dimonchik, 2020-10-30
@dimonchik2013

does not store
you have no idea how much crap if you kept