我正在考虑构建一个支付应用程序,它将从应用程序中捕获信用卡信息并使用 HTTPS POST(第 3 方支付网关)来执行信用卡交易。
由于此应用程序正在捕获信用卡信息,所以我是否需要使该应用程序符合 PCI 标准?如果是,怎么做?
谢谢。
最佳答案
答案是肯定的。
请引用此链接 http://www.pcicomplianceguide.org/pcifaqs.php澄清。
根据网站
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). The Payment Card Industry Security Standards Council (PCI SSC) was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The PCI DSS is administered and managed by the PCI SSC (www.pcisecuritystandards.org), an independent body that was created by the major payment card brands (Visa, MasterCard, American Express, Discover and JCB.). It is important to note, the payment brands and acquirers are responsible for enforcing compliance, not the PCI council.
关于iphone 应用程序的支付网关,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6938333/