CyberSource gateway
Posted: Wed Oct 24, 2012 12:45 pm
Currenly, we use the Cybersource gateway from Able Commerce. We've been getting the customer's credit card information back in an encrypted data field.
After our last audit, we are going through the process of tightening our security. We have been consulting with Cybersource and they have suggested that to keep PCI compliant that our e-commerce should leave our site and have the last page to be filled out in the Cybersource domain where they will collect the credit card and use tokenization instead of the credit card. They (Cybersource) tell us that we will create a page on their site with our look and feel and this will help us with PCI compliance and instead of an encrypted credit card, they will send a token.
Cybersource said that they can guarantee on their side that they are certified compliant, but Cybersource cannot speak for our payment gateway.
I need to know how your payment gateway works especially when you pass the credit card to CyberSource.
For example, Cybersource tells me that Able Commerce should be passing control over to CyberSource when the customer starts to enter their credit card number – this screen should be in the CyberSource domain and not at our e-commerce box.
Can you help me document how Able Commerce has written the payment gateway interface to CyberSource? Also, if you don't follow what Cybersource does, can you verify PCI compliancy?
I would appreciate your help.
After our last audit, we are going through the process of tightening our security. We have been consulting with Cybersource and they have suggested that to keep PCI compliant that our e-commerce should leave our site and have the last page to be filled out in the Cybersource domain where they will collect the credit card and use tokenization instead of the credit card. They (Cybersource) tell us that we will create a page on their site with our look and feel and this will help us with PCI compliance and instead of an encrypted credit card, they will send a token.
Cybersource said that they can guarantee on their side that they are certified compliant, but Cybersource cannot speak for our payment gateway.
I need to know how your payment gateway works especially when you pass the credit card to CyberSource.
For example, Cybersource tells me that Able Commerce should be passing control over to CyberSource when the customer starts to enter their credit card number – this screen should be in the CyberSource domain and not at our e-commerce box.
Can you help me document how Able Commerce has written the payment gateway interface to CyberSource? Also, if you don't follow what Cybersource does, can you verify PCI compliancy?
I would appreciate your help.