These are chat archives for mirumee/saleor

10th
Jul 2018
maltitco
@maltitco
Jul 10 2018 06:43
Thanks for the explanation.
Pete Dermott
@petedermott
Jul 10 2018 08:30
Hey all, quick question. If I'm using the CreditCardPaymentFormWithName from django-payments then I assume this will mean I am passing card info to my server and as such would have to be PCI compliant?
Pete Dermott
@petedermott
Jul 10 2018 08:36
By which I mean the SAQ D compliant rather than the easier SAQ A / SAQ A-EP
Patryk Zawadzki
@patrys
Jul 10 2018 11:41
if you send it to your backend server then yes, you need to pass PCI compliance
however many gateways offer an API intended for direct JavaScript access
in such cases the script is reponsible for passing the CC details directly to the gateway and in exchange you receive a single-use nonce/token that represents a card without exposing any of its details
your backend only ever receives the nonce/token and then submits back it to the payment gateway for processing along with the amount and other transaction details