Why? That is both inefficient and foolish.
Why not cut out this middle step, like most (if not all) the other payment processors do?
It's much safer/secure to bypass this intermediate step.
I guess I'll never be using (or recommending) BluePay then. I can see it now, if a customers CC gets compromised in any way, you guys can (and probably will) deny accountability. It would be too easy to resist... "No, it wasn't *our* servers that leaked the CC data, therefore it must have been leaked by the merchants store".
There is no need that I'm aware of for the merchant (or their server) to handle the end users CC details at all. I'm always willing to update my knowledge in these matters though.
Regards
Rod Gasson
Adv dip Network Security.



Reply With Quote
