Twobit Posted September 9, 2011 Share Posted September 9, 2011 Good Day All, There seems to be a number of sites explaining the PCI requirements. If WHMCS stores the clients credit card for recurring payments, does this force us into Level 1? if so, would this apply for the offline payment module? We are looking at using WHMCS for licensing software and will require recurring payments. Our software will be under $20 pm and average at 10 clients. Is this a level 4 PCI? We are based in Australia and have limited options, even the PayPal Website Payments Pro is not available. Of all the gateway options we have explored, most require a merchant account and the gateway. And they dont provide a token api so we still store credit card details. Does anyone have some suggestions for a low cost gateway with a token api for WHMCS that works for Australian companies? Also, what PCI level are you on if you store credit cards? Regards Twobit 0 Quote Link to comment Share on other sites More sharing options...
laszlof Posted September 9, 2011 Share Posted September 9, 2011 We use Authorize.net. Not sure if thats available in Australia or not, but it's worked well for us. 0 Quote Link to comment Share on other sites More sharing options...
Twobit Posted September 9, 2011 Author Share Posted September 9, 2011 We use Authorize.net. Not sure if thats available in Australia or not, but it's worked well for us. Hi Frank, Thank you for your reply. We have spoken to authorize.net, but they only accept US based customers. Most of the AU gateways are over priced for our needs. We are happy to do manual payments for our small customer base, but that requires PCI Certification. We have never undertaken this task before. If storing data in whmcs for offline processing only requires level 4 with SAQ D, we will go that route using a virtual POS. Does anyone have some tips for PCI requirements? Regards Twobit 0 Quote Link to comment Share on other sites More sharing options...
ninak Posted September 9, 2011 Share Posted September 9, 2011 Go to https://www.pcisecuritystandards.org/ It will answer many or your questions. 0 Quote Link to comment Share on other sites More sharing options...
Twobit Posted September 10, 2011 Author Share Posted September 10, 2011 Good Day ninak, Thamk you for the link. We are using that site for the documentation etc. Based on their guidelines, we should be a level 4 SAQ D - under 20k but store data. However when we run the self evaluation wizards on PCI scan vendors websites - as soon as we save save details its a level 1. Is that correct? Regards Twobit 0 Quote Link to comment Share on other sites More sharing options...
ninak Posted September 10, 2011 Share Posted September 10, 2011 Your best solution is to contact the security council with your specific questions. They would be the ones to give you any real information. 0 Quote Link to comment Share on other sites More sharing options...
Twobit Posted September 11, 2011 Author Share Posted September 11, 2011 Good Day ninak, Thanks we are working with a few PCI Compliance vendors here in Australia. As we touch CC data (stored in WHMCS), we will have to be SAQ D. Regards Twobit 0 Quote Link to comment Share on other sites More sharing options...
lukewd Posted August 14, 2012 Share Posted August 14, 2012 Hi Twobit, We are in the exact same situation as yourself. Small business with low processing requirements. However we also want to store the CC details so we can automate the billing. Figuring out which PCI level we fall into is very confusing. Did you ever get to the bottom of it? Are you guys Level 4, and just needed to do SAQ D? Or like you mentioned previously, because you store the CC details, does that push you straight into Level 1? 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.