Is it compliant if software gets cc before sending to payment processor?

Started by Рупорт, Jun 19, 2022, 12:08 PM

Previous topic - Next topic

РупортTopic starter

If a piece of membership software asks for the customer's credit card information in memory, before passing processing to the payment processor, is it DSS compliant if the software never writes the customer's credit card info to disk?


If you at any point process, store, or transmit credit card data you need to be PCI compliant as there is no need for any software to even know about the credit card information without being PCI compliant.


The Issuer Transaction Processor is a core component of the authorization subsystem, intended for use in the authorization processing
enter of the issuer.
The issuer's transaction processor precisely handles the authorization process card transactions and performing the following functions:

Checking transaction safety parameters (PIN, CVC\CVV codes); Control checks according to the conditions set for the cards. For instance, the limit is controlled cardholder authorizations (Open-To-Buy Limit), card activity limits by amount, by type of operation and frequency of use, CVC \ CVV codes and other parameters, used to check the solvency of the holder, restrictions on the use cards and countering possible fraud;
Recording in the DB the results of transaction processing by the issuer and formation of a response message.