[FX.php List] Anyone done a PHP integration w/ Paypal?

John May jmaymailing at pointinspace.com
Thu Dec 5 10:02:21 MST 2013

Watch out, this is changing quickly!

We had to change things here by no longer storing credit cards locally 
to move from a SAQ D to a SAQ C questionnaire.  If we didn't do this, we 
would have had to hire a QSA auditing company to do a manual audit of 
our systems and compliance.

This is the first year this applied, and took us by surprise.  Just like 
HIPPA requirements, PCI is getting more and more stringent by the day. 
The ironic thing is it's all the big companies getting the databases of 
credit cards stolen...

	- John

On 12/5/13 11:55 AM, Glyn Devine wrote:
> Yeah, getting PCI certified is a piece of cake, all you need to do is
> fill out a questionnaire on the web. In my experience most businesses
> that do this lie on 90% of the questions. Getting certified is easy,
> actually being compliant isn’t quite as simple.
> Glyn
> On 12/5/13 11:53 AM, "Bob Patin" <bob at patin.com> wrote:
>     I secured a set of web apps for another client, hired an outside
>     consultant to get me PCI-compliant, but what I realized is that ALL
>     he did was to wrap my POST variables like this:
>     $name = htmlspecialchars($_POST[’name']);
>     This particular company runs a PCI-compliance test every month and
>     we always pass, so getting PCI-compliant is a snap…
>     I may tell this client though that I recommend using a hosted order
>     page (using Paypal’s card-input page)…
>     BP
>     Bob Patin
>     Longterm Solutions
>     bob at longtermsolutions.com
>     615-333-6858
>     FileMaker 9, 10, 11 & 12 Certified Developer
>     http://www.longtermsolutions.com
>     -
>     iChat: bobpatin at me.com
>     Twitter: bobpatin
>>     FileMaker Consulting
>     FileMaker Hosting for all versions of FileMaker
>     PHP • Full email services • Free DNS hosting • Colocation • Consulting
>     On Dec 5, 2013, at 10:18 AM, BEVERLY VOTH <beverlyvoth at gmail.com> wrote:
>         I have used iframes/frames to "spoof" not leaving the site, but
>         I don't like to do that anymore. I just tell the clients to be
>         secure, use the secure payment gateway as it's intended - they
>         have the responsibility.
>         Beverly


John May : President                   http://www.pointinspace.com/
Point In Space Internet Solutions         800.664.8610 919.338.8198

         Professional FileMaker Pro, MySQL, PHP & Lasso Hosting
           on shared, virtual and hardware dedicated servers

More information about the FX.php_List mailing list