Paul M Foster wrote:
In essence, my customer is not responsible for any confidential/secure
information, which is all handled by the merchant gateway.

For whatever unknown reason, my customer has been convinced they should
go with a different merchant service company. However, this company
doesn't have the same kind of secure payment pages. (Yes, they're
legitimate, but they're simply a payment processor. They don't have the
additional site to accept manual input of payment information and such.)
I've explained to my customer that, in doing this, he will need:

I've done quite many of these... all of which could be questionable as to PCI-compliance... however, first, why you would require an ecommerce app? Most gateweways come with an SDK with examples that you can start from.

For PCI compliance, go through the steps at the link Gary posted and see
where (if any) there become issues.

Very basically, never store the credit card, encrypt it always, and I don't see a reason why this could not be done securely as long as your
shared environment is secured.

If your shared environment is not secure and you require PCI compliance,
tell them they need to go to a VPS or something... about the same pricing.


D Brooke

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to