01:14:44 PM
3FO1FFVFQ
Going to be hard to find too many places in compliance.
My clients tell me -- and they are probably wrong -- that if the customer never hands them the card and swipes it himself it is different. That does not really make much sense, as what happens if the customer hands the card to a clerk because their hands are full ?
If you hold the physical card you're required to be PCI compliant. It's not just the computer that's at issue. It's the physical access to the card even if you don't store it.
+++ Rick ---
If you do not want your software to "touch" the card when it is swiped, the swiping can go directly from the hardware to PC-Charge. You query the PC-Charge API for results etc, and can claim to never see the card info.
Authorize.net is easier to integrate agreed, but it is far removed from the desktop.
That doesn't really solve the PCI problem - you're still handling the card. Authorize.NET works fine for desktop validation and is a heck of a lot less of a hassle to integrate with then pc-Charge et al. from an application.
+++ Rick ---
I am not sure I understand the situation, but are you using authorize.net for desktop application transactions? if so, why not use something like P.C-Charge
Guys,
I have Been using Merchant Plus and Authorize.net for quite a while. The AIM interface has worked well. Now, I have run into a new situation. As we know, this year, the PCI regulations have expanded.
The challenge is the rule, "A payment application is anything that stores, processes, or *transmits* card data electronically." and "any piece of software that has been designed to touch credit card data is considered a payment application." Source: http://www.pcicomplianceguide.org/pcifaqs.php In other words, I need to process payments without touching the card numbers.
The internet side of my application is fine. We use SIM. The desktop application is giving trouble.
The Authorize.net SIM interface will do what I need. I can start a transaction by sending data in a post. The payment form appears in the browser control. I enter the card number on the Authorize.net website from within my app. The only data I save is what Authorize.net gives back to me. SIM works well. But, SIM does not support swiped data. Card swipes are necessary for efficient POS transactions.
Authorize.net has another interface: VPOS. VPOS does support card swipes. However, VPOS has limitations:
The operator needs to enter the invoice number
The operator needs to enter the amount
The operator needs to enter the customer's name
The operator needs to enter a note for what the customer is purchasing
VPOS does not return data to my application
Overcoming these limitations means manual entry. This slows the sales process to do the work accurately. In a POS environment, this is not possible.
Unless I can find a solution to this problem, my customers will be forced to use a non-compliant application. Or else, my customers will be forced to go to a different payment gateway.
Any ideas? Thanks in advance.
