From Worldpay solutions to FIS banking capabilities, find answers, ask questions, and connect with our community of developers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Welcome to the FIS Developer Community.

Direct Gateway Post

Direct Gateway Post

Does any API interface offer a pci compliance path where the ecommerce HTTPS request posts directly to vantiv servers thus taking the ecommerce server out of PCI Scope?  (Right down to SAQ-D survey)

Here is an example gateway's interace documentation to help better convey the idea:

https://secure.networkmerchants.com/gw/merchants/resources/integration/integration_portal.php#3step_...

What does Vantiv offer that mimics this behavior?

Thanks,

Mark

Comments

Hi Mark,

Yes, Vantiv offers a few different eCommerce solutions that can meet your needs, but with PCI 3.0 none of the solutions on the market will remove an eCommerce developer entirely from PCI scope instead your PCI scope is reduced. Under the PCI DSS V3 effective January 1, 2015, systems that provide security services (for example, authentication servers), facilitate segmentation (for example, internal firewalls), or may impact the security of the card data environment (for example, name resolution or web redirection servers) are in scope for PCI DSS and those hosting/managing such systems are considered service providers in the eyes of the PCI SSC.

For a quick reference to the documentation you can view these two resources. They are on two separate platforms to the features will not cross solutions.

Vantiv eProtect Integration Guide v5.2

HostedCheckout eCom Integration Guide

Chris:

The key aspect here is that I would like to acquire a token before showing a payment page to the user and then

POST the results to Vantiv which will redirect back to me.  No IFRAME or JAVA APIs to deal with, simple background token acquisition with direct post.

I am trying to find this behavior exactly since I only want to duplicate the integration that I have already done, but I always want more vendors than just 1 vendor.

This will pass minimimum SAQ-D surveys and server scanning for my compliance and avoid completely Level 1 & Level 2 PCI compliance requirements.

Cheers,

Mark

Hi Mark,

I pinged a couple of our implementation consultants who are much more equipped to help guide you to the right solution. I'd like to make sure that we support your app correctly within the POS and eComm level.

eplumb0501ecornjeff.gross

Hi Mark,

Again we  have a couple options we can explore and after speaking with jeff.gross​ it seems we won't be able to meet you exact needs, but as you have seen from previous content we do offer something similar that will also reduce you scope and not require L1 or L2 PCI SSC validation.

It's probably best that you consult with Jeff directly so we can scope out your integration needs from both an EMV and eCommerce perspective. While I understand you appreciate the current architecture of your solution there may be areas that we can complement your application/s even more.

In additional to our HostedCheckout solution, you might find this option helpful as well because it does support a redirect, but not in the exact manner you highlighted above.

Hosted Payments Overview

Regards,

Chris

Version history
Revision #:
1 of 1
Last update:
‎08-01-2016 12:09 PM
Updated by:
 
Contributors