![]() | recipe 33 "Process Recurring Credit Card Payments" vs. PCI DSS |
|
27 Feb 2008, 20:29
Jochen Hayek (6 posts) |
Within the section ‘Discussion’ Cody Fauser writes, Justing referring to ‘the setup’ is a little (pls forgive me) wish-wash. So does that reliably mean, |
|
27 Feb 2008, 19:07
Mike Clark (51 posts) |
Good question, and I’ll ask the author so we can clarify it in the next revisions. Feel free to file any more errata on the errata page. Thanks! |
|
03 Mar 2008, 01:33
Jochen Hayek (6 posts) |
So, on March, 2nd, this was renumbered recipe 35, Just removing the bullet may solve the issue for somebody, |
|
03 Mar 2008, 14:47
Mike Clark (51 posts) |
Using ActiveMerchant doesn’t mean you’re automatically PCI DSS compliant. ActiveMerchant by itself doesn’t do anything that would make you not compliant. However, being PCI DSS compliant is a lot more than just the code. It stipulates things like access control, monitoring the server room, auditing, documentation, etc. |
|
07 Mar 2008, 20:19
Joshua Schairbaum (1 post) |
Jochen, Mike’s correct. There is nothing in Active Merchant that will make you PCI DSS-compliant, but it doesn’t open any gaps that aren’t there anyways. Disclosure time: I work for Braintree href=”http://www.braintreepaymentsolutions”>http://www.braintreepaymentsolutions, so please check on facts, don’t just take my word for it. :) In reality, no solution gives you PCI compliance out-of-the-box, and be wary of companies who claim that. We do have a solution that removes almost all of the 230+ PCI DSS controls from the scope of your environment by ensuring that no customer sensitive credit card data touches your environment, reducing your in-scope controls to ~10. Unlike Paypal, Google Checkout, or Amazon FPS, we do this transparent to your users, so they never see our involvement at all. I don’t want to hijack this thread at all, but if you’re interested in talking further, you can find me on the Braintree Developer Community href=”http://developer.getbraintree.com”>http://developer.getbraintree.com. For anyone else, a great resource for PCI DSS compliance is the PCI Answers Blog href=”http://www.pcianswers.com”>http://www.pcianswers.com, run by The Aegenis Group. |
| You must be logged in to comment |

