Yozons, You're running into one of the most common PCI Compliance misconceptions: just because you don't store the card data does not mean you're compliant. If the application touches the card data IN ANY WAY, even just to immediately transmit to the gateway, you must have your application served in a PCI-Compliant data center, be subjected to PCI change control guidelines and have your application undergo PCI- DSS auditing.
Our solution pulls the handling of the actual card data out of the scope of the application. Because the style and functional operation of the module is defined by your application, the secure processing is completely transparent to the user. The customer experience is completely maintained on your site. The card data is handled 100% on the CRE Secure side, giving your application PCI Compliance and still allowing the application to process card data. Thanks! Evan On Nov 16, 12:55 pm, Yozons Support on Gmail <[email protected]> wrote: > Isn't most PCI compliance related to the server? GWT only holds the > information a short time to make a payment and shouldn't normally hold on to > the data after submitting it for processing. How does your GWT help with > PCI compliance since this would also require your server and server code to > be compliant. Furthermore, if using a payment gateway, you shouldn't even > have to store the payment information locally and thus avoid most PCI > compliance issues. -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=.
