[Eyes2design]

I wonder myself, I'm trying to find information about PCI-DSS.

I Program the integrations from online stores to payment gateways. None of my programs saves any credit card info, yet I'm not sure if I can state that their PCI compliance?

"Merchant / Services" I can understand, but what about a "piece" of software?

[rpug]

Does cardholder data ever pass through your infrastructure in any form?

[Eyes2design]

In magento, yes... but the full information is held for a small amount time. The module is self hold no card info its a run once and then destroy.

[rpug]

Not that I am an auditor, but if the data ever hits your environment then you have a level of compliance to maintain.