Question

Photo of Trey Hendon III

1

PCI Question for Payflow Pro

I'm working through PCI Compliance for Rock using Payflow Pro's prefrerred provider (Panoptic Security). One of the questions asks for technical details related to how my company's website communicates with the gateway. The two options are:

  1. My company's website software/shopping cart application communicates directly with my gateway or processor using a silent order post, direct post or javascript method to authorize the transaction.
  2. My company's website software/shopping cart application passes the transaction data via an Application Programming Interface (API) or to a separate payment application which in turn communicates with my gateway or processor to authorize the transaction.

I'd assume Rock is using the second option (API based), but was hoping to get an official answer here (for me and others searching in the future).

Giving
  • Ken Roach

    Hi Trey. Would you be willing to share how you responded to the PCI questions? I'm looking at how to implement a payment provider in New Zealand.

  • Trey Hendon III

    Hey Key, it's been a while since I've "thought" about the Panoptic scan, but I think the correct answer for PFP is API (sorry, just can't get my brain to remember). If you could use the NMI gateway, my understanding is that it would use the direct post method.

  • Photo of David Leigh

    0

    Trey,

    Option 2 is correct.
    Rock uses the PayPal Payment Services Payflow SDK (implemented in "Payflow_dotNET.dll") to communicate with the gateway.

    The PayFlowPro provider is implemented in the "Rock.PayFlowPro.dll" component of Rock.