[LRUG] Sagepay

Alan Buxton alanbuxton at gmail.com
Thu Mar 22 04:34:46 PDT 2012 

I asked the same question to the PCI guys a while ago. The answer from PCI
was:

 

If the form is on your site and you are accepting a credit card number on
your server but not storing it anywhere then you need to complete
self-assessment questionnaire C (SAQ-C in the jargon). 

https://www.pcisecuritystandards.org/merchants/self_assessment_form.php

 

We found SAQ-C to be not too onerous to fill out though we had to sign up to
a quarterly "penetration test". I put it in quotes because by the looks of
it this was just paying someone on their approved list to run nmap for you.
SAQ-D was the hardcore one that we wanted to avoid.

 

We were taking a fair chunk of money daily at the time (tens of k) so there
may be a threshold level below which PCI is not really interested in you. 

 

Best

a

 

From: chat-bounces at lists.lrug.org [mailto:chat-bounces at lists.lrug.org] On
Behalf Of Riccardo Tacconi
Sent: 22 March 2012 11:17
To: London Ruby Users Group
Subject: Re: [LRUG] Sagepay

 

So I am using Spreedly Core with Sage Pay as gateway. With Spreedly I have
created a form where the user enters the card details and then he is sent to
Spreedly to store the data and he is sent back to my app with token so I can
do the transaction. Two stakeholders raise an issue because the users will
enter their card details in a form, and by only doing that it binds us to
deal with PCI. Spreedly web site says the opposite. I am wondering who is
right.

 

On 21 March 2012 23:29, Graham Ashton <graham at effectif.com> wrote:

On 21 Mar 2012, at 22:11, Adrian Sevitz wrote:

> Most of our customers are non UK based so we just absorb the cost there.
It's not ideal.

Okay, thanks Adrian. That does seem to be the most pragmatic approach...

_______________________________________________
Chat mailing list
Chat at lists.lrug.org
http://lists.lrug.org/listinfo.cgi/chat-lrug.org





 

-- 
Riccardo Tacconi
Ruby on Rails and PHP development - System Administration
VIRTUELOGIC LIMITED

http://github.com/rtacconi
http://riccardotacconi.blogspot.com
http://twitter.com/rtacconi

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120322/81361277/attachment.html>

More information about the Chat mailing list