PCI Compliance and Paypal Button Question

SunnyT
Contributor
Contributor
Posted on
‎May-20-2010 08:32 AM

If the code for the Paypal Buttons are altered to remove the <form> tags, and pass the information in the link instead, are they still PCI compliant?

 

Thank you in advance for your assistance.

Login to Me Too
0 Kudos
Login to Reply or Kudo
2 REPLIES 2

JonathonBWB
Member
Member
‎May-25-2010 03:40 PM

What information are you planning on passing through the URL?  If it's PII (U.S.: Credit Card Data or Canada: Name, Addy, Phone) then it needs to be encrypted via SSL.  While that may not specifically address the PCI DSS rules, it does offer compensating controls.

 

Though, if it's PII without encryption, then you'll have a finding if an audit occurs.

Login to Me Too
0 Kudos
Login to Reply or Kudo

SunnyT
Contributor
Contributor
‎Jun-02-2010 07:03 AM

I am uploading a Paypal button, but can't use forms, so I'm using the data to create a link instead.

 

Example of what I'm converting to:

<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=####"><img alt="PayPal - The safer, easier way to pay online!" src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif" border="0"></a>

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.