Own module for accepting card payments on the site?

S

Sergey2020-02-27 16:47:25

Payment systems

Sergey, 2020-02-27 16:47:25

I wrote a module for accepting bank card payments for my website. What will happen if I use this script without pci diss, etc. What will be the consequences? Payments go through the bank's payment gateway and arrive on my card.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

E

Evgeny Koryakin, 2020-02-27
@deepprod

It is not you who accepts the payment, but the same banking gateway. You do not need pci diss, because the banking gateway already has it.

B

boss_lexa, 2020-02-28
@boss_lexa

when connecting to the gateway to send card data via the API, you will be asked for PCI DSS compliance - and if you do not have it, they simply will not connect.
If you want a card entry form on your site - the easiest way is to load the fields for entering the number and CVC card from the payment gateway site via an iframe, then you will need a minimum. According to the standard iframe and redirect equally require the same requirements - filling out the SAQ A sheet
example docs.mandarinbank.com/api_v2.html#hostedpay

O

Onnem, 2020-03-01
@Onnem

If on your side there is data processing and storage, as well as a payment page for entering card data, then the minimum that this article can fly for fraud. In this way, card data is stolen, for their further cashing out without the knowledge of the owners. It will arrive exactly after one of the cards has an unauthorized write-off and the issuing bank starts an investigation.
If there is no storage and processing on your side, the bank's payment page, then forget it, this is not your concern.