|
|
|
|
|
|
by sachinag
5677 days ago
|
|
|
I'm saying every startup that hosts their checkout pages in the cloud is - by definition - in violation. If you know a startup that accepts credit cards and doesn't have the secure server that accepts the credit card input on a rack somewhere - whether in their office, in their apartment, in a colo, or whatever - then that startup is, by definition, not PCI compliant. There is a simple and easy way to get into compliance without moving your host - use hosted payment pages. PayPal, Recurly, Braintree, and the other top-tier providers all have hosted payment pages. Every startup I have been employed by or consulted for w/r/t payments either has a physical box or uses hosted payment pages. |
|
|
I know of a bunch of startups that use a hosted page (e.g. Paypal, Google Checkout, authorize.net SIM, whatever), and a bunch of startups that host their main site in the cloud but have a physical server for accepting CCs, but I don't know of any that accept CCs directly on a VM. I'd be pretty surprised to hear about it.