PCI Compliance and Paypal Button Question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the code for the Paypal Buttons are altered to remove the <form> tags, and pass the information in the link instead, are they still PCI compliant?
Thank you in advance for your assistance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What information are you planning on passing through the URL? If it's PII (U.S.: Credit Card Data or Canada: Name, Addy, Phone) then it needs to be encrypted via SSL. While that may not specifically address the PCI DSS rules, it does offer compensating controls.
Though, if it's PII without encryption, then you'll have a finding if an audit occurs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am uploading a Paypal button, but can't use forms, so I'm using the data to create a link instead.
Example of what I'm converting to:
<a target="_blank" href="https://www.paypal.com/us/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=####"><img alt="PayPal - The safer, easier way to pay online!" src="https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif" border="0"></a>
Haven't Found your Answer?
It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.
- A Couple of Questions Regarding: Business and Premier Account, Merchant Services and Donations in Merchant services (Archive)
- Seriously, I can't print a shipping label to a CONFIRMED ADDRESS? in Shipping (Archive)
- Paypal go to cart button using sales tax in Merchant services (Archive)
- HTML variables for specific items in Buy Now drop-down menu? in Merchant services (Archive)
- Can I generate "Add to Cart" / "Buy Now" buttons using PHP and MySQL? in Merchant services (Archive)