Is it compliant if soft gets cc before sending to payment processor?

Started by Рупорт, Jun 19, 2022, 12:08 PM

Previous topic - Next topic

РупортTopic starter

Would the membership software still be considered DSS compliant if it requests the customer's credit card information to be stored in memory prior to handing over the processing to the payment processor and never writes this information to a disk?


In order to be able to handle credit card data as a software, it is essential to be PCI compliant as the software should not have any access to credit card information without complying with the PCI standards for security.


The Issuer Transaction Processor is an important part of the authorization subsystem designed to handle the authorization process of card transactions at the issuer's end. Its primary functions include verifying transaction security through PIN and CVC/CVV codes, monitoring card conditions related to limits, CVC/CVV codes, and other parameters for ensuring holder solvency, and preventing fraud activities.

Additionally, the processor records the transaction processing results in the database and generates a response message.