[ic] Transparent Redirect for IC

Paul Jordan paul at gishnetwork.com
Fri Mar 15 14:49:15 UTC 2013

> Is anyone interested in helping put together a generic or Braintree
> Transparent Redirect payment module for IC?  The basic idea with
> Transparent Redirect is to post your credit card form directly to the
> processor who then transparently redirects the user back to your site.
> means you don't have to deal with PCI Compliance at all.  I don't know of
> downside to this.

If the customer is typing their sensitive info on your page that is on your
server and under your control, you still need to be PCI compliant. Imagine
if a hacker gets into your system and tinkers with your "credit card form"
to sleuth the info for themselves *and also* post it to your processor so
that no one is the wiser.

If anything, it makes PCI compliance simpler - because you need to worry
about fewer critical code points.

Even forwarding to a payment page on a gateway does not eliminate PCI
compliance - the assumption being that your users are in fact being
forwarded in the way you originally prepared things, and is not being
molested inbetweenst.

If you are a merchant, you need to attest to PCI compliance and scan your
kit - period.


More information about the interchange-users mailing list