[LRUG] Sagepay
Alan Buxton
alanbuxton at gmail.com
Thu Mar 22 04:34:46 PDT 2012
I asked the same question to the PCI guys a while ago. The answer from PCI
was:
If the form is on your site and you are accepting a credit card number on
your server but not storing it anywhere then you need to complete
self-assessment questionnaire C (SAQ-C in the jargon).
https://www.pcisecuritystandards.org/merchants/self_assessment_form.php
We found SAQ-C to be not too onerous to fill out though we had to sign up to
a quarterly "penetration test". I put it in quotes because by the looks of
it this was just paying someone on their approved list to run nmap for you.
SAQ-D was the hardcore one that we wanted to avoid.
We were taking a fair chunk of money daily at the time (tens of k) so there
may be a threshold level below which PCI is not really interested in you.
Best
a
From: chat-bounces at lists.lrug.org [mailto:chat-bounces at lists.lrug.org] On
Behalf Of Riccardo Tacconi
Sent: 22 March 2012 11:17
To: London Ruby Users Group
Subject: Re: [LRUG] Sagepay
So I am using Spreedly Core with Sage Pay as gateway. With Spreedly I have
created a form where the user enters the card details and then he is sent to
Spreedly to store the data and he is sent back to my app with token so I can
do the transaction. Two stakeholders raise an issue because the users will
enter their card details in a form, and by only doing that it binds us to
deal with PCI. Spreedly web site says the opposite. I am wondering who is
right.
On 21 March 2012 23:29, Graham Ashton <graham at effectif.com> wrote:
On 21 Mar 2012, at 22:11, Adrian Sevitz wrote:
> Most of our customers are non UK based so we just absorb the cost there.
It's not ideal.
Okay, thanks Adrian. That does seem to be the most pragmatic approach...
_______________________________________________
Chat mailing list
Chat at lists.lrug.org
http://lists.lrug.org/listinfo.cgi/chat-lrug.org
--
Riccardo Tacconi
Ruby on Rails and PHP development - System Administration
VIRTUELOGIC LIMITED
http://github.com/rtacconi
http://riccardotacconi.blogspot.com
http://twitter.com/rtacconi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20120322/81361277/attachment-0003.html>
More information about the Chat
mailing list