摘要 |
A hosted PCI system for isolating a merchant ecommerce system from credit card data within the scope of PCI standards comprises a server responsive to communication from a purchaser's browser, redirected by the merchant system, for providing the purchaser's browser with a check-out page obtained from the merchant system that solicits the purchaser's actual credit card number. The hosted PCI system receives the purchaser's actual credit card number without exposing it to the merchant system, converts it to a mapped credit card which the merchant system can store without PCI compliance. When the hosted PCI system thereafter receives payment amount information with the mapped credit card number, it derives the actual credit card number from the mapped credit card number, sends the actual credit card number and payment amount information to a payment gateway on behalf of the merchant, and communicates the payment gateway's response to the merchant system.
|