Reputation: 2396
Paypal Vault and PCI
I was looking into the Paypal Vault capability and found the following suggested sample code:
And this example contains this:
CreditCard creditCard = new CreditCard();
creditCard.setExpireMonth(11);
creditCard.setExpireYear(2018);
creditCard.setNumber("4417119669820331");
creditCard.setType("visa");
The servlet creates a credit card object and submits it to Paypal Vault. The example seems simple. However, the fact that my server has to process credit card and send them to Paypal worries me. Doesn't this suggest PCI compliance and so defeats the purpose of the Vault?
Upvotes: 1
Views: 771
Answers (2)
Reputation: 429
I think the Vault API should be changed 'cause it seems there is the possibility to store also the CVV2 even if that field cannot be stored anywhere due to PCI Compliance (and the fact that you do not store that value is confirmed in a Github issue).
Changing the API will be great, I think.
Cheers
Upvotes: 0
Reputation: 6463
If you use the REST APIs for direct card processing, you need to validate your own site against PCI-DSS. Since VAULT deals with direct card payments, you will need to be PCI compliant if you are using VAULT.
https://developer.paypal.com/docs/faq/
Upvotes: 2
Related Questions
- PayPal Website Payments Standard API
- Magento + PayPal Sandbox
- PayPal Here sandbox
- PayPal API credentials for sandbox
- Paypal Sandbox and Live API
- PayPal vault storage - sending credit card info securely
- Paypal Vault and IOS mobile SDK
- PayPal Sandbox - Multiple Issues
- Paypal create sandbox transaction
- Paypal Sandbox integration