 |
Jason Garber |
at Feb 15, 2013 at 2:13 pm
|
⇧ | 
| |
Ryan, I'm pretty sure you must be PCI compliant even if you process or
transmit credit card information. I would think that having the CC
information pass through your server, even if you don't store it, would put
you in PCI territory.
http://goo.gl/o4NPiI've done PCI compliance for a customer before and it's a big, expensive,
ongoing headache!
Jason
On Wednesday, February 13, 2013 4:27:37 PM UTC-5, Ryan Bigg wrote:I believe the one in question is the StripeGateway within spree_gateway.
That uses a Ruby API. It doesn't *store* the CC information on the server
at all, and so (as far as I know) that means you're safe regarding PCI
compliance.
On Tue, Feb 12, 2013 at 6:35 PM, Peter Leonhardt <
[email protected]<javascript:>
wrote:
Hi,
I'm wondering if the Stripe implementation in Spree uses the Stripe.js
file (sends CC info straight to Stripe servers), or if uses a Ruby API. The
difference being the level of PCI Compliance for having the CC information
have to pass through my server or not.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Spree" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to
[email protected] <javascript:>.
For more options, visit
https://groups.google.com/groups/opt_out. --
You received this message because you are subscribed to the Google Groups "Spree" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
[email protected].
For more options, visit
https://groups.google.com/groups/opt_out.
