Hey folks,
My company provides income verification services for tenant applicants for rental properties. We have a mid-sized property management company that wants our software integrated into their website. We are building a custom solution for them and they want something that is not PCI compliant. They want us to capture an applicant's credit card information and send it to them to manually process later.
I'm a developer, and currently use Stripe, so I understand how card tokenization and the api works. However, seems like I need full details of the card for our customer to process later (including saving the CVV, big no no!). I can delete data as soon as the the information is sent over to our customer, but I believe that still is non-compliant.
It's really unfortunate, this is our first big customer and the less friction we have, the better. But I don't want to get fined out my asshole by the credit card companies. What do you guys think? Should we explain to the customer honestly about how their workflow would break PCI compliance and try to work with them? Anybody been in this situation before? Maybe even be non-PCI compliant in order to close the deal, then make changes to be PCI compliant? I would really hate to lose this customer.
[link] [comments]
from Entrepreneur https://ift.tt/2Frjer8
via IFTTT
$$$http://howmakemoneywithblogging.blogspot.com/$$$
how to make money out of blogging & become a successful blogger
No hay comentarios.:
Publicar un comentario