Collaborate Disseminate
I am considering using Wordpress, WooCommerce, third party payment processor and different plugins for an ecommerce store.
I have trouble figuring out if it is possible to do all that and to be PCI DSS compliant and SAQ A el… Continue reading PCI DSS SAQ A compliance with WooCommerce and 3rd party payment gateways – possible?
I’m implementing an online payment system relying on an external payment processor handling all credit card entry. We only see and store card tokens (not the actual card numbers), which we then use to charge another month’s w… Continue reading When credit card tokens are leaked / stolen, what can the attacker do with them?
According to MPGS integration guide, if merchant wants to display receipt when payment completed successfully, MPGS will redirect to merchant site callback URL with the resultIndicator. Merchant site needs to compare resultIn… Continue reading MPGS (Mastercard) Integration Security
This is happening in Visa/MasterCard/American Express, etc. I tried checking in many payment apps and payment gateways that if I enter the correct debit card number, name, valid date, and wrong CVV number, I am able to receive OTP. however… Continue reading Bypass with wrong cvv of debit card and getting OTP
I’ve been tasked with building an API that interacts with a couple of payment gateways to create payments.
The API has accounts with multiple users and the accounts have payments associated with them.
The issue
I need user… Continue reading Payment gateway API authentication
When doing a payment integration what would be the reasons the payment gateway would require your bank credentials instead of redirecting the client to his or her bank website?
The context of my question can be found on the … Continue reading Online payment integration requires handling my bank credentials. Why?
I am looking for advice on PCI compliance. I am being told that I am not currently PCI compliant although I am not sure if this is accurate.
We outsource the payment management and card storage to a 3rd party service and onl… Continue reading PCI compliance dilemma
Introduction
In payment gateways such as Coinbase or G2A Pay, the typical payment flow goes as follow:
POST to the gateway with the secret API key and metadata (price etc) to generate a payment URL.
Redirect the client to … Continue reading Security implications of exposing payment gateway secret API key
We need to save the credit card number in our database , but not the cvv.
Should we be PCI – DSS compliant for this or some security measures is enough.
After the save we will use that to call stripe for payment.
So should w… Continue reading Is PCI – DSS required to store only card number
I am doing some work a charity company which involves the storage of credit card information. This is how their business works.
1. telephone the public and ask for a regular financial contribution to a charity (eg $20 a mont… Continue reading Storing credit card information temporarily