Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a kiosk application which uses a built in web server on the machine. I am posting the users credit card information to the paypal API and I’m wondering if it’s secure without having a SSL Cert on my end and only posting to the secure paypal site?
Any help would be greatly appreciated. Thank you!
As far as SSL goes: Yes, if you’re posting directly to the PayPal API endpoint then this is fine.
However, PCI DSS is tricky, and if you’re running a webserver on the kiosk itself then you’re effectively accepting card data on every single kiosk.
Thus requiring you to be PCI compliant on all of them.
You sure it wouldn’t be easier to go with something like PayPal Website Payments Pro Hosted Solution?