PCI compliance on a soap webservice

Question

I have a soap webservice providing/carrying information between a partner and supplier. Basically, WS is a connector as a hub between these two. It carries and converts the data between parner and supplier. It receives an order request from parner which has also payment data then It converts that request in the format of the supplier with payment data and transfer through their system. So that makes the service not PCI Compliant. I would like to have a solution in between which helps me that my service shouldn’t struggle for PCI and takes the responsibility from me. Is there any 3rd party solution can be in between (I am willing to pay for the service) or can I achieve it myself? As I researched, PCI requires many different things and cost is high. So it takes time and money. what can be quick, short term solution and long term solution if needed?

Thanks.

Answer 1

Is there any 3rd party solution that can sit between the two (I am willing to pay for the service), or can I achieve it myself?

If you integrate with a 3rd party, you'll still have to send the payment details. In which case PCI still applies.

PCI requires many different things and cost is high. So it takes time and money. what can be quick, short term solution and long term solution if needed?

If you are not actually storing the details, just transferring them, and you are processing less than 20,000 transactions per year then PCI isn't too onerous.