Quote:
Originally Posted by canuck
I'm concerned and frankly stunned that the CTO of Qualiteam feels that most merchants are OK with having customers leave the site to make their payment
|
By taking PCI-DSS into effect in July 2010 VISA is giving merchants only 2 options:
1) configure their stores so that they wouldn't store, process or transmit cardholder data, by using web-based payment gateways.
or (if a merchant wants to be responsible for the safety of credit card data):
2) become PCI-DSS certified.
I do believe the first option, being many times easier and cheaper, should be considered by the most of merchants. That's a typical practice anyway.
By choosing the second option a merchant is obliged to comply with strict PCI-DSS standard requiring him to set up a quite complicated environment where cardholder data could be stored or processed safely (i.e.
http://help.qtmsoft.com/index.php?title=File:Xpayments_dataflow.png), and then go through the certification process.
By delivering X-Payments, PA-DSS certified solution, we'll be happy to serve merchants who would select the second option.