Storing credit card numbers (and other info) isn't the only concern of the PCI standards. If your form collects a number an passes it on to the processor, you could also be vulnerable.
On Jun 18, 2:09 pm, surtyaar <[email protected]> wrote: > Hi Bobby, > > You might be interested in a django clone of the sample shopping cart > chase paymentech provided (http://store.e-xact.com/). > > You can get the code and setup instructions here > :http://github.com/gitaaron/E-xact-django-clone > > Rgds/ > Aaron > > On Apr 20, 10:34 am, Bobby Roberts <[email protected]> wrote: > > > > > Hey Bill - > > > It is my understanding that as long as you do not store credit card > > information on your servers, PCI compliance is not an issue. Chase, > > Authorize.net, Paypal, ilovechecks.com etc all have API gateways to > > handle the transactions via https protocol which satisfies the > > industry financial standards. I'm just wondering if anyone has infact > > worked with the Chase API before > > > On Apr 20, 10:17 am, Bill Freeman <[email protected]> wrote: > > > > Beware! There are a number of security vulnerabilities you can have when > > > handling credit card numbers. There is something called PCI (Payment Card > > > Industry, if I'm not mistaken) compliance, the intent of which is to > > > try to avoid > > > some of the big credit card number stealing hacks that have been in the > > > news > > > in recent years. > > > > For most sites it is better to deal with someone like Authorize.net: > > > These > > > services let you point your "checkout" link at them, either with a back > > > channel > > > identified by order number (which you add to the url) to pick up the > > > total, and > > > perhaps the item list, or a way to provide that in the get or post > > > with a suitable > > > signature. They host a page that you get to style, so you can have, > > > for example, > > > your color scheme and logo. They accept the credit card information, do > > > the > > > dance with the payment processor (such as Chase Paymentech), and, if > > > payment is successful, send you a packet, email, or provide a webservice > > > where you can check, so that you know to "ship". These services do all > > > the > > > PCI compliance diligence. You are safe because the credit card > > > information > > > never touches your website. > > > > On Mon, Apr 19, 2010 at 10:17 AM, Bobby Roberts <[email protected]> > > > wrote: > > > > Has anyone out there integrated a payment module in django over to > > > > Chase Paymentech to process credit cards? I'm looking for sample code. > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Django users" group. > > > > To post to this group, send email to [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]. > > > > For more options, visit this group > > > > athttp://groups.google.com/group/django-users?hl=en. > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Django users" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group > > > athttp://groups.google.com/group/django-users?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
