Does any API interface offer a pci compliance path where the ecommerce HTTPS request posts directly to vantiv servers thus taking the ecommerce server out of PCI Scope? (Right down to SAQ-D survey)
Here is an example gateway's interace documentation to help better convey the idea:
What does Vantiv offer that mimics this behavior?
Yes, Vantiv offers a few different eCommerce solutions that can meet your needs, but with PCI 3.0 none of the solutions on the market will remove an eCommerce developer entirely from PCI scope instead your PCI scope is reduced. Under the PCI DSS V3 effective January 1, 2015, systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or may impact the security of the card data environment (for example, name resolution or web redirection servers) are in scope for PCI DSS and those hosting/managing such systems are considered service providers in the eyes of the PCI SSC.
For a quick reference to the documentation you can view these two resources. They are on two separate platforms to the features will not cross solutions.
Vantiv eProtect Integration Guide v5.2
HostedCheckout eCom Integration Guide
The key aspect here is that I would like to acquire a token before showing a payment page to the user and then
POST the results to Vantiv which will redirect back to me. No IFRAME or JAVA APIs to deal with, simple background token acquisition with direct post.
I am trying to find this behavior exactly since I only want to duplicate the integration that I have already done, but I always want more vendors than just 1 vendor.
This will pass minimimum SAQ-D surveys and server scanning for my compliance and avoid completely Level 1 & Level 2 PCI compliance requirements.
I pinged a couple of our implementation consultants who are much more equipped to help guide you to the right solution. I'd like to make sure that we support your app correctly within the POS and eComm level.
eplumb0501 ecorn jeff.gross
Again we have a couple options we can explore and after speaking with jeff.gross it seems we won't be able to meet you exact needs, but as you have seen from previous content we do offer something similar that will also reduce you scope and not require L1 or L2 PCI SSC validation.
It's probably best that you consult with Jeff directly so we can scope out your integration needs from both an EMV and eCommerce perspective. While I understand you appreciate the current architecture of your solution there may be areas that we can complement your application/s even more.
In additional to our HostedCheckout solution, you might find this option helpful as well because it does support a redirect, but not in the exact manner you highlighted above.
Hosted Payments Overview
Let's work together to reach your goals. Contact us
at the links below and a representative will be in touch.
We are here to help you and your business. Contact us
using the button below.
©2020 FIS. Advancing the way the world pays,
banks and invests™