[Owasp-alabama] PCI question

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Aug 9 18:20:26 EDT 2010

Hey there

I got hit by a question about integration with payment processors like
authorize.net and PCI compliance, and I need another opinion to
(in)validate my response.
The organization in hand does not want to go through PCI compliance
thing, so they are using authorize.net. They are currently consuming a
WS API, to witch they submit the results of a form that they host
themselves. They do not persist the CC data, they just transmit it
through web app code.

My understanding is that even if you are transmitting CC data
(capturing through a form and posting to a service, without
persisting), you still are in scope of PCI.

Am I wrong ? just need some validation from others who deal with this daily.


More information about the Owasp-alabama mailing list