如何使我的站点符合PCI [英] How to make my site PCI compliant

问题描述

假设我决定使用支付网关，而不是使用其托管页面，而是提供自己的信用卡详细信息表格，然后通过xml将数据发送到其后端，如

Assuming I decide to use payment gateway and not to use their hosted page, but rather provide my own credit card details form, and then send data to their backend via xml as explained on this page. Then:

1. 我是否需要担心PCI合规性?如果是这样，应该由我(托管公司)整理出哪些步骤( PCI网站)或支付网关人员
2. 有人告诉我，只要我的表格使用SSL，我的网站就会自动合规.是对的吗?

1. do I need to worry about PCI compliance? If so what steps (PCI website) should be sorted out by me, my hosting company or payment gateway people
2. I was told as long as my form is on SSL my site would be automatically compliant. Is that right?

感谢您的帮助

推荐答案

1)如果您在任何时候都在处理信用卡信息，则需要与PCI兼容.您需要解决编码问题，主机需要处理服务器的任何硬件和软件问题，并且支付网关公司要处理很多问题(在这里列出的列表太长了，但是您没有无论如何都需要担心.)

1) If you're handling credit card information at any time you need to be PCI compliant. You need to sort out coding issues, your host needs to deal with any hardware and software issues with the server, and the payment gateway company has a lot of issues to handle (which is a list too long to list here but you don't need to worry about anyway).

2)否.SSL可以帮助您符合PCI规范，但PCI规范还有其他方面，而不仅仅是如何将数据从用户传输到服务器.您对这些数据的处理方式以及如何处理这些数据也很重要.例如，如果您要存储信用卡信息，则需要使用加密功能，而不要存储PCI禁止存储的值(例如CVV号).将这些信息放在会话中视为存储.

2) No. SSL will help you be PCI compliant but there is more to PCI compliance then how the data is transmitted from the user to the server. What you do with that data and how you do it also come into play. For example, if you are storing credit card information you'll need to be using encryption and not storing values barred from storage by PCI (i.e. CVV numbers). Putting this information in a session counts as storage.

这篇关于如何使我的站点符合PCI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！