How is 'processing credit card data' defined (PCI)?

Posted by Chris on Stack Overflow See other posts from Stack Overflow or by Chris
Published on 2010-02-26T16:26:37Z Indexed on 2010/04/14 7:13 UTC
Read the original article Hit count: 305

Filed under:
|
|

If i have a web application and i receive credit card data transmitted via a POST request by a web browser over HTTPS and instantly open a socket (SSL) to a remote PCI compilant card processor to forward the data and wait for a response, am i allowed to do that? or is this receiving the data with my application and forwarding it already subject of "processing credit card data"?

if i create an iframe that is displayed in a client browser to enter cc data and this iframe posts the data via HTTPS to remote card processor (directly!) is this already a case of processing credit card data? even if my application code 'doesnt touch' the entered data with any event handlers?

i'm interested in the definition "credit card data processing". when does it start to be a cc data processing application? can somebody maybe point me to that section in PCI-DSS standard that clearly defines when you start to 'be a processing application'?

Thanks,

© Stack Overflow or respective owner

Related posts about credit-card

Related posts about processing