PCI - Card Data Transmission
https://stackoverflow.com/questions/12917137
-
07-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I understand that PCI compliance affects not just storage of card details but does it also affect transmission. E.g. if I simply want to collect a card number and transmit it over https does this require PCI compliance steps to be taken?
Solution
PCI does require protection for card data at rest and in transit, so yes, this will require you to take steps to comply.
This is covered in great detail on Security Stack Exchange using the PCI-DSS tag.
OTHER TIPS
Yes, if you transfer card data somewhere (no matter - between user browser and your server, between your scripts, between script, database and back, between your server and PayPal / Authorize.net / whatever) - you must make all this channels secure.
Say, with SSL layer. Do everything using HTTP*S*, not just simple HTTP and make sure your server's SSL certificate is correct, and up to date.
