WHMCS and PCI compliance

[VAS]

Being new to this, I've only recently become aware of the PCI compliance issue and have been trying to make sense of it. I've also looked for answers before posting, so please bear with me.

 

If I understand correctly, using Paypal keeps your business PCI compliant because customer's credit card data is stored there, not in WHMCS. Good. But I've just added Quantum gateway for direct credit card processing and realize that WHMCS stores client's credit card information in a manner that's not PCI compliant. I read somewhere about a way to work around this, to keep WHMCS from storing credit card info, about disabling it somewhere, but can't quite wrap my head around how to do it.

 

I suppose it's also possible to go into the client's account and delete their credit card info manually after a transaction so it's only stored in Quantum's system. But then automatic recurring billing through WHMCS isn't possible, is it?

 

In a nutshell, is there any way to use WHMCS for recurring credit card billing in a manner that keeps everything security-compliant? Is there something obvious I'm just not getting?

 

Thanks so much to anyone who can help me understand this...

[othellotech]

>If I understand correctly, using Paypal keeps your business PCI compliant because customer's credit card data is stored there

 

if you're not handling the card numbers then you're not required to pass basic PCI compliance for the handling of card numbers

 

>realize that WHMCS stores client's credit card information in a manner that's not PCI compliant

 

no idea where you heard that, but its wrong

[VAS]

Othellotech, thanks, I thought I read that after scouring these forums. I guess I read incorrectly.... must be information overload from trying to make sure all bases are covered before I really launch my business

[lostinspace]

Maybe you ran across it in this thread: http://forum.whmcs.com/showthread.php?t=16269

Edited May 20, 2009 by lostinspace
Link correction