[LRUG] Sagepay

[Richard Taylor]

The form posts to spreedly secure (and PCI compliant) servers so the data never 'travels through' your servers so you have limited PCI scope.

However, as has been mentioned, you will still have to fill out the basic PCI self-assessment questionnaire (which is basically a declaration that the card holder data isn't transferred through or ever stored on your servers).

You should however run the page that contains the form on your server over HTTPS for customer confidence.

Richard

On 22 Mar 2012, at 11:16, Riccardo Tacconi <rtacconi at gmail.com> wrote:

> So I am using Spreedly Core with Sage Pay as gateway. With Spreedly I have created a form where the user enters the card details and then he is sent to Spreedly to store the data and he is sent back to my app with token so I can do the transaction. Two stakeholders raise an issue because the users will enter their card details in a form, and by only doing that it binds us to deal with PCI. Spreedly web site says the opposite. I am wondering who is right.
> 
> On 21 March 2012 23:29, Graham Ashton <graham at effectif.com> wrote:
> On 21 Mar 2012, at 22:11, Adrian Sevitz wrote:
> 
> > Most of our customers are non UK based so we just absorb the cost there. It's not ideal.
> 
> Okay, thanks Adrian. That does seem to be the most pragmatic approach...
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
> 
> 
> 
> -- 
> Riccardo Tacconi
> Ruby on Rails and PHP development - System Administration
> VIRTUELOGIC LIMITED
> 
> http://github.com/rtacconi
> http://riccardotacconi.blogspot.com
> http://twitter.com/rtacconi
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120322/eaa294c0/attachment-0003.html>