2 posts / 0 new
Last post
eugenepevzner20379
Does a Direct Post via payeez.js qualify for PCI SAQ A (v 3.2 rev 1.1)

If a merchant provides a form which collects credit card data on their website and posts directly to a PCI DSS validated third-party service provider via direct post (payeez.js) does it qualify under PCI Self-Assessment Questionnaire A?

Since the form allows for the data to be collected and posted to a 3rd party provider, this seems to qualify based on this requirement but its vague enough that I am not 100% sure what's meant by [store] [process] and [transmit] in this requirement:

"Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions;"

However it also says:

"All elements of the payment page(s) delivered to the consumer’s browser originate only and directly
from a PCI DSS validated third-party service provider(s)."


christopherlord730
Re: Does a Direct Post via payeez.js qualify for PCI SAQ A (v...

With Payeezy.JS the customer's full CC#/PAN is not hitting the merchant server since it is executing in the customer's browser through jQuery. How that affects PCI Compliance is a question that should be posed to the merchant account provider's PCI Compliance support team.