As PCI rules and regulations get tougher and tougher desktop applications that accept credit card payments are finding it difficult to comply. Lately we have worked with several clients to bring their desktop application up to PCI DSS standards. There are a couple of options to consider when faced with this problem.
Rewrite the software in accordance with the PCI DSS rules and regulations. This usually entails going through the cost of an audit, and then making the necessary changes to the software. By the way this will have to be repeated every year. Usually the changes are not minor, but are time consuming, invasive changes, that require manpower and know how to complete.
Divorce the credit card payments section of the application and have it use a vendor service. For example gym membership software that has three sections, Payments, Members, and Reports. The Payments tab allows payments to be made for members. This Payments section would actually load an SSL encrypted web page that is already PCI secured. See the screen shot below, the area within the red box is actually a web page embedded into the desktop application.
The best part about this solution is that after the transaction is complete a token is sent back to the desktop application which can be used in place of a credit card number for next time. When the customer needs to make another payment simply send the token (saved in the desktop application) along with the amount.
Since the desktop application no longer stores or transmits credit card data directly PCI scope is greatly reduced, allowing for a easy way to comply. This is a great service that saves software companies large and small a great deal of money and headache.
Accepting credit card and ACH payments can be a pain for any size business. We try to help by keeping you informed on current trends and other industry news. Topics covered include: payment gateways, merchant accounts, e-commerce shopping carts, virtual terminals, and other topics relating to e-commerce.
Friday, January 15, 2010
Desktop Application PCI Compliance
Subscribe to: Post Comments (Atom)
The Benefits of Electronic Payments for B2B Transactions
In the digital age, businesses are increasingly moving away from traditional payment methods such as checks and cash, and adopting electroni...
Recently we added our little blog to a directory to increase traffic and came across one worth mentioning here. The directory is comprised o...
There are few choices when trying to set up international payments for your ecommerce website. PayPal and Stripe are great options for those...
Already by far the biggest online retailer, Amazon.com Inc. is bidding to become a bigger supplier of e-commerce technology to other retaile...
Option 2 seems easy and interesting.. however, there seems to be a disconnect in the data flow for me.. if u could help - Once the secure webpage is opened by the desktop application. The user enters the payment details in that web page . The webpage then contacts the gateway to tokenize the card and get a reference number. How is this token sent by to the desktop application from the browser ? OR Do you mean, that the browser should be loaded from within the desktop app. and then it internally communicates with the desktop app via applet or objects ?
Post a Comment