[bitsm]

Are you guys PCI compliant?

[gpl1]

Good question. From the FAQ:

Do I need to worry about PCI Compliance?

Nope! By using PintPay, you never store credit card information on your servers. In fact, that information isn't stored on our servers either.

(Edited.)

[dandandan]

You're on Linode and consider yourselves to be PCI compliant? Even though you're not storing the cards yourselves (probably using tokenization on Braintree or Authorize.net) you need to be compliant as the cards pass through your servers.

[dacort]

That didn't answer the question. Just because you don't store credit card information doesn't mean there aren't steps you still have to take to protect cardholder data. PCI compliance applies to both storing and transmitting cc info.

[bitsm]

Yeah, as others have pointed out, that doesn't answer the question. I'm familiar with transparent redirects offered by Braintree and SpreedlyCore.

But Linode (mentioned in the footer) is not PCI compliant by default, so it's worth asking what they are doing since they DO touch the credit cards.

[robflynn]

I was very interested in your product at first, but this answer turned me off pretty quickly.

The site looks good, the service seems nice, but I'm not convinced you are PCI compliant based on the answer here and the Linode tag on your website.

I mean no offense by this comment, but payments are quite important, so I'm just pointing out what is making me feel uncertainty.

[andypants]

He's asking if you guys are PCI compliant.

[chopsueyar]

Seriously?

[bitsm]

Since I don't have to be PCI-compliant, it's doubly important that the company I'm trusting to handle my customers' data is doing their job right.

It'd be irresponsible NOT to ask.

A small, three-guy startup running on Linode with little to no background in payment processing or security doesn't automatically win my business.