I am no expert on this, but from what I gathered of previous discussions of this... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		IgorPartola on April 14, 2011 \| parent \| context \| favorite \| on: Ask HN: How are lean startups easily accepting CC ... I am no expert on this, but from what I gathered of previous discussions of this topic, is that if you are serving the form HTML, you need some form of PCI compliance, even though the CC never hits your server. This makes sense as any XSS attack would allow an attacker to lift the CC straight from the page.

pyre on April 14, 2011 [–]

Some processors ofter an option that allows you to redirect to a page that they host for the cc information, and then back to your page for checkout.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact